Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Canoccour

Pages: [1]
1
RogueKiller / Unremovable Rootkit False Posiotive
« on: December 06, 2015, 12:06:46 PM »
In the rootkit scan tab it shows many "possible malware" items. It wont remove them and it does not show a dir so I clicked report and exported it, Here's what it says.

RogueKiller V11.0.0.0 (x64) [Nov 27 2015] (Free) by Adlice Software

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Shiapra [Administrator]
Started from : D:\Program Files\PC\Downloads\RogueKillerX64.exe
Mode : Delete -- Date : 12/06/2015 05:55:30

¤¤¤ Antirootkit : 9 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x6403fc (jmp 0x892df32c|jmp 0x6450d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x6e03fc (jmp 0x8937f32c|jmp 0x6446d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x5303fc (jmp 0x891cf32c|jmp 0x6461d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x5f03fc (jmp 0x8928f32c|jmp 0x6455d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xec03fc (jmp 0x89b5f32c|jmp 0x63c8d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xe903fc (jmp 0x89b2f32c|jmp 0x63cbd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x8603fc (jmp 0x894ff32c|jmp 0x642ed334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x5903fc (jmp 0x8922f32c|jmp 0x645bd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xa603fc (jmp 0x896ff32c|jmp 0x640ed334)

2
RogueKiller / PUM.DNS False Positive?
« on: August 14, 2015, 03:10:52 AM »
I ran rougekiller today [i run anti-malware applications once every 2 or so months] and it found Four PUM.DNS Results in the registry. When i deleted them trough the registry i couldn't connect to the internet, so i changed my ipv4 settings back to normal and they showed up as viruses.

Is this a false positive?


Pages: [1]