Show Posts
1
RogueKiller / RK_Software_ON_E_95FC\Microsoft\Windows\CurrentVersion\
« on: July 28, 2015, 03:29:59 PM »
Hello,
Dell Inspiron 1545 notebook, running Windows 7 Home Premium SP1.
Suspecting malware or spyware, ran many scans. Nothing of concern found, until I used RogueKiller.
Found 2 of these items in the Registry. No other detections, neither by Rogue Killer nor Vipre, ESET or Kaspersky tools.
RK_Software_ON_E_95FC, so went into registry to look:
Classes
Microsoft
ODBC
Policies
and right below it, another key that was not detected as malware by anyone, yet it looks similar...
RK_Software_ON_E_D1AC
ControlSet001
RNG
Select
Setup
Here are the details of this one:
RK_Software_ON_E_95FC
Microsoft
Windows
CurrentVersion
Winlogon
Userinit Userinit.exe
Shell cmd.exe /k start cmd.exe
Questions:
Is this a false positive?
Should this be cause for alarm? Is this a targeted attack?
Who is the author of this rare code?
Can I safely delete it?
Thanks, M
Dell Inspiron 1545 notebook, running Windows 7 Home Premium SP1.
Suspecting malware or spyware, ran many scans. Nothing of concern found, until I used RogueKiller.
Found 2 of these items in the Registry. No other detections, neither by Rogue Killer nor Vipre, ESET or Kaspersky tools.
RK_Software_ON_E_95FC, so went into registry to look:
Classes
Microsoft
ODBC
Policies
and right below it, another key that was not detected as malware by anyone, yet it looks similar...
RK_Software_ON_E_D1AC
ControlSet001
RNG
Select
Setup
Here are the details of this one:
RK_Software_ON_E_95FC
Microsoft
Windows
CurrentVersion
Winlogon
Userinit Userinit.exe
Shell cmd.exe /k start cmd.exe
Questions:
Is this a false positive?
Should this be cause for alarm? Is this a targeted attack?
Who is the author of this rare code?
Can I safely delete it?
Thanks, M
