Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - rambie

Pages: [1]
1
RogueKiller / PUM
« on: May 30, 2016, 12:42:57 AM »
Apologies if covered elsewhere - I run RK every so often and keep getting two pum's in the registry hkey local machine\system\current controlsettings001\services\ .....\tcpip....\ dhcpnameserver. These go into quarantine and reappear on the next check.
ZA and Mbam don't come up with anything.
Is there any way to find out if these findings indicate a virus?

thanks

2
RogueKiller PREMIUM / Re: Hooks
« on: November 12, 2015, 09:59:07 PM »
Thank you very much for your time, will try to avoid these mistakes (for awhile)

rambie

3
RogueKiller PREMIUM / Re: Hooks
« on: November 11, 2015, 11:00:28 PM »
Here 'tis......

4
RogueKiller PREMIUM / Hooks
« on: November 11, 2015, 07:51:23 PM »
Not really a problem with RK, but a query.

[IAT:Inl(Hook.IEAT)] (explorer.exe) user32!PeekMessageW : Unknown @ 0x7ffb5c5d0c98 (jmp 0xfffffffffd56e308)
[IAT:Inl(Hook.IEAT)] (explorer.exe) user32!GetMessageW : Unknown @ 0x7ffb5c5d0d14 (jmp 0xfffffffffd56e6a4)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtMapViewOfSection : Unknown @ 0x7ffb5c5d0e96 (jmp 0xfffffffffc7efa46)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtUnmapViewOfSection : Unknown @ 0x7ffb5c5d0e56 (jmp 0xfffffffffc7ef9e6)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtProtectVirtualMemory : Unknown @ 0x7ffb5c5d0ed6 (jmp 0xfffffffffc7ef806)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!LdrLoadDll : Unknown @ 0x7ffb5c5d0e15 (jmp 0xfffffffffc8179c5)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtFreeVirtualMemory : Unknown @ 0x7ffb5c5d0f16 (jmp 0xfffffffffc7efb66)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!NtAllocateVirtualMemory : Unknown @ 0x7ffb5c5d0f56 (jmp 0xfffffffffc7efc06)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ msctf.dll) user32!GetMessageA : Unknown @ 0x7ffb5c5d0d58 (jmp 0xfffffffffd56abc8)
[IAT:Inl(Hook.IEAT)] (explorer.exe @ msctf.dll) user32!PeekMessageA : Unknown @ 0x7ffb5c5d0cd8 (jmp 0xfffffffffd563198)

These hooks have appeared in a report, I believe it was after installing a driver updater (slim) as I was not aware at the time that this was a no  no.
MBAM, ZA, Hitman Pro and SUPERAntispyware have not revealed any malware.
Does anyone recognize these entries or offer advice on whether to leave as is or do a win 8 refresh or reinstall?

rambie

5
Malware removal help / rogue.multiple
« on: January 31, 2015, 08:55:41 PM »
This nasty does not seem to be picked up, neither does pup vosteran.

rambi

Pages: [1]