Messages

1

RogueKiller / Re: ===> False Positives <===

« on: October 29, 2014, 09:14:17 AM »

Oh, sorry, I think I posted in the wrong thread, I thought this was for asking if results were false positives or not, my bad. I really have no clue if these are false positives or not, so I was hoping if you guys could enlighten me.

2

RogueKiller / Re: ===> False Positives <===

« on: October 29, 2014, 08:06:56 AM »

Hi, I recently downloaded AVG and on the first scan it told me I had rootkit, which eventually led me here. Anyways, I don't know much about this kind of stuff, so here my results from the scan:

¤¤¤ Processes : 5 ¤¤¤
[Suspicious.Path] HostAppServiceUpdater.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe[7] -> Killed [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Killed [TermProc]
[Suspicious.Path] HostAppService.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Killed [TermThr]
[Suspicious.Path] StartMenuIndexer.exe -- C:\Users\BC234_000\AppData\Local\Pokki\Engine\StartMenuIndexer.exe[7] -> Killed [TermProc]
[PUP] (SVC) vToolbarUpdater18.1.10 -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe[7] -> Stopped

¤¤¤ Registry : 14 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\Run | Pokki : "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\BC234_000\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-21-2771827557-3564350607-803193336-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #1 : C:\Users\BC234_000\AppData\Local\Pokki\Engine\HostAppService.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-phishing-detection --enable-file-cookies --disable-sync --disable-breakpad --disable-bundled-ppapi-flash --disable-sync-tabs --disable-speech-input --disable-custom-jumplist --process-per-tab --debug-devtools-frontend="C:\Users\BC234_000\AppData\Local\Pokki\Engine\inspector" --no-first-run --lang=en-US --disable-component-update --disable-prompt-on-repost --no-startup-window --disable-translate --disable-logging --disable-desktop-notifications --disable-gpu-process-prelaunch --flag-switches-begin --flag-switches-end --restore-last-session  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.10 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.10 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 3 (Driver: Loaded) ¤¤¤
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\Windows\SYSTEM32\sppc.dll @ 0x7ffa1b59566c
[IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\Windows\SYSTEM32\sppc.dll @ 0x7ffa1b5978e8
[IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ffa0d55bf60

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVX-22JC3T0 +++++
--- User ---
[MBR] 4eb748eb2bad407088f7494c6ed510e9
[BSP] 4602f267e28c59160c125920bff66dfd : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10292014_022328.log - RKreport_SCN_10292014_024954.log



Thanks for the help