Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - offchopx

Pages: [1]
1
RogueKiller / Re: svchost.exe process and a bunch of PUM
« on: July 14, 2015, 10:35:26 PM »
hey man, im not able to help but I have the exact same records (except that svhost.exe one, might be an issue there) that come up in my scan as well. Double check are these IP address your ISP set ones? go to your rotuer and check, open cmd and run ping -a 62.81.16.164 etc. Mine was all from my ISP, so I think maybe its false positive. I made post in that topic for FP. So i'll let you know if any update :D

2
RogueKiller / Re: ===> False Positives <===
« on: July 14, 2015, 10:29:40 PM »
Hi everyone, I'm new member please mistake me if i'm wrong on this:


¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : [IP of DNS 1] [IP of DNS 2] [IP of DNS 3] 192.168.1.1 ([AUSTRALIA (AU)][AUSTRALIA (AU)][AUSTRALIA (AU)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : [IP of DNS 1] [IP of DNS 2] [IP of DNS 3] 192.168.1.1 ([AUSTRALIA (AU)][AUSTRALIA (AU)][AUSTRALIA (AU)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : [IP of DNS 1] [IP of DNS 2] [IP of DNS 3] 192.168.1.1 ([AUSTRALIA (AU)][AUSTRALIA (AU)][AUSTRALIA (AU)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E673EA29-A1AA-4851-8940-0922B5D15F24} | DhcpNameServer : [IP of DNS 1] [IP of DNS 2] [IP of DNS 3] 192.168.1.1 ([AUSTRALIA (AU)][AUSTRALIA (AU)][AUSTRALIA (AU)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E673EA29-A1AA-4851-8940-0922B5D15F24} | DhcpNameServer : [IP of DNS 1] [IP of DNS 2] [IP of DNS 3] 192.168.1.1 ([AUSTRALIA (AU)][AUSTRALIA (AU)][AUSTRALIA (AU)][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E673EA29-A1AA-4851-8940-0922B5D15F24} | DhcpNameServer : [IP of DNS 1] [IP of DNS 2] [IP of DNS 3] 192.168.1.1 ([AUSTRALIA (AU)][X][AUSTRALIA (AU)][-])  -> Found


I replace actual IP Address with square bracket [IP of DNS 1, 2, 3].

I think this is a false positive, as these are the IP addresses assigned by my ISP (Optus Cable, double checked router status settings and with a ping -a on all the IP's). I've never had this before, but now with a cable modem, which im not sure why exactly, it must reconfigure my dhcpnameservers.

Can anyone else confirm? Or do I have malware lol. Also I love this product, must have in a suite of tools.

Pages: [1]