Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - burneyboy

Pages: [1]
1
RogueKiller / Re: Root,Wajam removal
« on: May 20, 2018, 07:51:17 PM »
ok mate thanks that`s good to know as my credit card details were obtained from somewhere last week
i was 99% sure it wasn't from my pc directly with the amount it gets cleaned,scanned and updated i was just curious about this one find.


thanks again for your help.

2
RogueKiller / Re: Root,Wajam removal
« on: May 20, 2018, 06:46:34 PM »
and..

3
RogueKiller / Re: Root,Wajam removal
« on: May 20, 2018, 06:45:57 PM »
wow what a major ball ache just trying to login here,it put me on an endless loop saying session timed out please go back and try again.
i tried re registering and still the same then eventually found that changing my password got me back here .crikey,

ok heres the files ,thanks for the help

4
RogueKiller / Re: Root,Wajam removal
« on: May 20, 2018, 05:03:06 PM »
Hi

this is it:

RogueKiller V12.9.2.0 (x64) [Jan  9 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : R [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 05/20/2018 12:25:02 (Duration : 00:13:12)

¤¤¤ Processes : 1 ¤¤¤
[Root.Wajam] svchost.exe(3560) -- C:\Windows\System32\svchost.exe[7] -> [NoKill]

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 8df121645bd3464ed2d060bf914f8c5a
[BSP] 5677b0371b6367ad3c6a3a62f82d3bcf : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 219776 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG SSD 830 Series ATA Device +++++
--- User ---
[MBR] 58a675b0b8e1798fc855994f458cef7c
[BSP] 77cb289577ba0844231bd87e0af80a15 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 244196 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Samsung SSD 840 PRO Series ATA Device +++++
--- User ---
[MBR] 9128758dae42cc7f521c0a393b9de029
[BSP] 64d01f4eb4d3707fccac81bf32decce3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 219676 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: SanDisk Cruzer Blade USB Device +++++
--- User ---
[MBR] 937130cc663ab3635ad62495e9c199c1
[BSP] 79fdcb6f5787863c0e9a758566d1ae79 : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 2048 | Size: 7631 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

thanks for the reply

5
RogueKiller / Root,Wajam removal
« on: May 20, 2018, 01:44:28 PM »
Hi all.
So scanning using the free version of RK on my main PC it finds
`Root.Wajam` Process  {3560} svchost.exe, C:Windows\system32\svchost.exe

after the scan has finish RK does not remove it even tho i ask it to,it just says `not killed`.
so i attached the C drive to a laptop off line as an external drive and run the scan there but RK finds nothing,see results:

RogueKiller V12.12.17.0 (x64) [May 14 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mymymy [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 05/20/2018 10:54:26 (Duration : 00:23:40)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG SSD 830 Series +++++
--- User ---
[MBR] 20cc2867d6ad27fc1bbcd6a6f3071511
[BSP] e2026deed788ef6974619d346073f586 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 219776 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 840 PRO Seri USB Device +++++
--- User ---
[MBR] 9128758dae42cc7f521c0a393b9de029
[BSP] 64d01f4eb4d3707fccac81bf32decce3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 219676 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

i was a bit concerned about this:

Error reading LL2 MBR! ([32] The request is not supported. )



so i put the drive back into my main pc and started it up,i ran RK again and it finds Wajam again straight away.

no other tools are finding this Wajam


thanks in advance for any help peope.

burneyboty

Pages: [1]