Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - signal.vol@gmail.com

Pages: [1]
1
RogueKiller / Re: ===> False Positives <===
« on: March 13, 2015, 07:12:05 PM »

[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[17] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451109c
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[19] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4511c66
[SSDT:Addr(Hook.SSDT)] NtClose[25] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4514b6a
[SSDT:Addr(Hook.SSDT)] NtConnectPort[31] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45133f6
[SSDT:Addr(Hook.SSDT)] unknown[37] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451293a
[SSDT:Addr(Hook.SSDT)] NtCreateKey[41] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4513aee
[SSDT:Addr(Hook.SSDT)] NtCreateProcess[47] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4511ebc
[SSDT:Addr(Hook.SSDT)] NtCreateProcessEx[48] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4511f72
[SSDT:Addr(Hook.SSDT)] NtCreateSection[50] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451225c
[SSDT:Addr(Hook.SSDT)] NtCreateThread[53] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4510a0c
[SSDT:Addr(Hook.SSDT)] NtDeviceIoControlFile[66] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4513c5e
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[68] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45180f8
[SSDT:Addr(Hook.SSDT)] NtFsControlFile[84] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4513f16
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[97] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4511572
[SSDT:Addr(Hook.SSDT)] NtMakeTemporaryObject[105] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4514912
[SSDT:Addr(Hook.SSDT)] NtOpenFile[116] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451272c
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[122] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4517b50
[SSDT:Addr(Hook.SSDT)] NtOpenSection[125] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451202c
[SSDT:Addr(Hook.SSDT)] NtOpenThread[128] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4517e00
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[137] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4510f20
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[180] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4511d8e
[SSDT:Addr(Hook.SSDT)] NtReplaceKey[193] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4514760
[SSDT:Addr(Hook.SSDT)] NtRequestPort[199] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4513564
[SSDT:Addr(Hook.SSDT)] NtRequestWaitReplyPort[200] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4512ef8
[SSDT:Addr(Hook.SSDT)] NtRestoreKey[204] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45147ea
[SSDT:Addr(Hook.SSDT)] NtSecureConnectPort[210] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451397e
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[213] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4510b7c
[SSDT:Addr(Hook.SSDT)] NtSetSecurityObject[237] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45146ba
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[240] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451176c
[SSDT:Addr(Hook.SSDT)] NtShutdownSystem[249] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451487c
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[253] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4510df8
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[254] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4510cd2
[SSDT:Addr(Hook.SSDT)] NtSystemDebugControl[255] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4511b98
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[257] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4517a48
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[258] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45182ea
[SSDT:Addr(Hook.SSDT)] NtUnloadDriver[262] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45149a8
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[277] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4510890
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[307] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4510478
[ShwSSDT:Addr(Hook.Shadow)] NtUserCallNoParam[322] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb4510680
[ShwSSDT:Addr(Hook.Shadow)] NtUserCallOneParam[323] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45105d2
[ShwSSDT:Addr(Hook.Shadow)] NtUserDdeSetQualityOfService[347] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45103de
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[383] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451037a
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[414] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb451020c
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[416] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb45101a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[460] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb450feb2
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[475] : C:\Program Files\Bitdefender\Antivirus Free

The following should not be considered as suspicious as they are marked as part of Bitdefender Antivirus. However, it probably should be verified by Bitdefender.

Edition\bdselfpr.sys @ 0xb450fcb8
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[476] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb450fd38
[ShwSSDT:Addr(Hook.Shadow)] NtUserRegisterRawInputDevices[491] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb450ff3a
[ShwSSDT:Addr(Hook.Shadow)] NtUserSendInput[502] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb450fc66
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb450f2b8
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys @ 0xb450f746

Pages: [1]