1
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Malware removal help / Re: False detection?
« on: August 15, 2016, 07:03:41 AM »
Hello,
thank you for your answer. I cannot create dump for hasplms - I createted it but size is 0B.
- About notaped.exe - I preventive deleted it. But It was not in memory as process, it was only as file on the disk. I controled it by virustotal.comm and result was 0.
thank you for your answer. I cannot create dump for hasplms - I createted it but size is 0B.
- About notaped.exe - I preventive deleted it. But It was not in memory as process, it was only as file on the disk. I controled it by virustotal.comm and result was 0.
3
Malware removal help / False detection?
« on: August 13, 2016, 10:36:49 AM »
Hello,
the RogueKiller find following, but another antivirus not detected problem.
In addition to I cannot find file C:\Windows\System32\hasplms.exe in direktory.
I found it c:\Windows\System32\DriverStore\FileRepository\akshhl.inf_amd64_75ae74b7b50926d5\hasplms.exe
Is PC infected?
Thanks
RogueKiller V12.4.3.0 (x64) [Aug 8 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : simonik_2 [Práva správce]
Started from : C:\utility\Utility z VIR\RogueKillerX64 z domu.exe
Mód : Prohledat -- Datum : 08/13/2016 10:21:54
¤¤¤ Procesy : 5 ¤¤¤
[Proc.RunPE] hasplms.exe(2268) -- C:\Windows\System32\hasplms.exe[7] -> Nalezeno
[Proc.Injected] WmiPrvSE.exe(5144) -- C:\Windows\System32\wbem\WmiPrvSE.exe[-] -> Nalezeno
[Proc.Injected] AdobeARM.exe(7904) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[7] -> Nalezeno
[Proc.Injected] taskhostw.exe(8636) -- C:\Windows\System32\taskhostw.exe[7] -> Nalezeno
[Proc.Injected] notepad.exe(5988) -- C:\Windows\SysWOW64\notepad.exe[-] -> Nalezeno
¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3757079080-4266798695-932415464-1011\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3757079080-4266798695-932415464-1011\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 6400366593af68616017f5dd5e0ff0cd
[BSP] 1044049367a9c4e23ea1c3a20fe826e7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
the RogueKiller find following, but another antivirus not detected problem.
In addition to I cannot find file C:\Windows\System32\hasplms.exe in direktory.
I found it c:\Windows\System32\DriverStore\FileRepository\akshhl.inf_amd64_75ae74b7b50926d5\hasplms.exe
Is PC infected?
Thanks
RogueKiller V12.4.3.0 (x64) [Aug 8 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows 10 (10.0.10586) 64 bits version
Spuštěno : Normální režim
Uživatel : simonik_2 [Práva správce]
Started from : C:\utility\Utility z VIR\RogueKillerX64 z domu.exe
Mód : Prohledat -- Datum : 08/13/2016 10:21:54
¤¤¤ Procesy : 5 ¤¤¤
[Proc.RunPE] hasplms.exe(2268) -- C:\Windows\System32\hasplms.exe[7] -> Nalezeno
[Proc.Injected] WmiPrvSE.exe(5144) -- C:\Windows\System32\wbem\WmiPrvSE.exe[-] -> Nalezeno
[Proc.Injected] AdobeARM.exe(7904) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[7] -> Nalezeno
[Proc.Injected] taskhostw.exe(8636) -- C:\Windows\System32\taskhostw.exe[7] -> Nalezeno
[Proc.Injected] notepad.exe(5988) -- C:\Windows\SysWOW64\notepad.exe[-] -> Nalezeno
¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3757079080-4266798695-932415464-1011\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3757079080-4266798695-932415464-1011\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/ -> Nalezeno
¤¤¤ Úlohy : 0 ¤¤¤
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000DM003-1CH162 +++++
--- User ---
[MBR] 6400366593af68616017f5dd5e0ff0cd
[BSP] 1044049367a9c4e23ea1c3a20fe826e7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1952600064 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
Pages: [1]
