Messages

1

RogueKiller / Re: ===> False Positives <===

« on: February 23, 2015, 06:48:21 PM »

Hello

Thanks for the feedback.
Any chance to get the full path for this?

C:\Users\Danielm\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe

Especially the part: LOGMEI~1

Sorry about that, the full path is:

C:\Users\username\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_src.exe
C:\Users\username\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe

Thanks.

2

RogueKiller / Re: ===> False Positives <===

« on: February 21, 2015, 01:32:12 AM »

Now that RK has been updated to 10.4, it is falsely closing out LogMeIn Rescue during the pre-scan. Would like this to be whitelisted please. Here's a picture of what was found in the pre-scan.

http://i.imgur.com/O0r9Ann.png

I will get the log from the report here in a little bit and edit this post. Just figured I'd make a preemptive strike.

I've noticed the same, here are the lines from the log report I captured, it would be awesome if LogMeIn could be whitelisted.

¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] LMI_Rescue_srv.exe(1200) -- C:\Users\Danielm\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe[7] -> Killed [TermProc]
[Suspicious.Path] LMI_Rescue_srv.exe(1608) -- C:\Users\Danielm\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe[7] -> Killed [TermThr]
[Suspicious.Path] lmi_rescue.exe(744) -- C:\Users\Danielm\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 15 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LMIRescue_6c263ea2-6835-4ed5-ac51-dac642e23d70 ("C:\Users\Danielm\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe" -service -sid 6c263ea2-6835-4ed5-ac51-dac642e23d70) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LMIRescue_6c263ea2-6835-4ed5-ac51-dac642e23d70 ("C:\Users\Danielm\AppData\Local\LOGMEI~1\LMIR0001.tmp\LMI_Rescue_srv.exe" -service -sid 6c263ea2-6835-4ed5-ac51-dac642e23d70) -> Found