Show Posts
1
RogueKiller / Re: ===> False Positives <===
« on: February 03, 2017, 09:13:16 AM »
Hello, i recently do a scan with roguekiller and it shows MBAMService.exe as a Adw.Elex|PUP.Divcom so i was wondering if this is a false positive?
Here i add the report :
RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Junito [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/03/2017 01:22:55 (Duration : 00:14:14)
¤¤¤ Processes : 2 ¤¤¤
[Adw.Elex|PUP.Divcom] MBAMService.exe(2696) -- Q:\Pgramas\Anti-Malware\mbamservice.exe[7] -> Found
[Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\JUNITO~1\AppData\Local\Temp\ALSysIO64.sys
¤¤¤ Registry : 3 ¤¤¤
[PUP.HackTool] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetCut_is1 -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\JUNITO~1\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\JUNITO~1\AppData\Local\Temp\ALSysIO64.sys) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Junito\AppData\Roaming\Easeware -> Found
[PUP.Gen1][File] C:\Users\Junito\AppData\Roaming\Microsoft\Windows\Recent\client-stats.log.lnk [LNK@] C:\Users\JUNITO~1\AppData\Roaming\Easeware\DRIVER~1\CLIENT~1.LOG -> Found
[PUP.Gen1][File] C:\Users\Junito\AppData\Roaming\Microsoft\Windows\Recent\DriverEasy.lnk [LNK@] C:\Users\JUNITO~1\AppData\Roaming\Easeware\DRIVER~1 -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E380 ATA Device +++++
--- User ---
[MBR] d8c3edb4bed2a3984bc767cd235ebc5e
[BSP] 403de67ba0e2f219f2b79355739651fe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Maxtor 6L120M0 ATA Device +++++
--- User ---
[MBR] aa7415b7c5c1f25a0031f6eb43396297
[BSP] 8f89bcf184ff96be07bf6cdb6134749f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 117244 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: KINGSTON SV300S37A240G ATA Device +++++
--- User ---
[MBR] c664ba19eded6725426e299ee13da4d1
[BSP] a27144b8b980601f0ab2ec1d08dde42b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Here i add the report :
RogueKiller V12.9.6.0 (x64) [Jan 30 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Junito [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/03/2017 01:22:55 (Duration : 00:14:14)
¤¤¤ Processes : 2 ¤¤¤
[Adw.Elex|PUP.Divcom] MBAMService.exe(2696) -- Q:\Pgramas\Anti-Malware\mbamservice.exe[7] -> Found
[Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\JUNITO~1\AppData\Local\Temp\ALSysIO64.sys
- -> Found
¤¤¤ Registry : 3 ¤¤¤
[PUP.HackTool] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetCut_is1 -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\JUNITO~1\AppData\Local\Temp\ALSysIO64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\JUNITO~1\AppData\Local\Temp\ALSysIO64.sys) -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Junito\AppData\Roaming\Easeware -> Found
[PUP.Gen1][File] C:\Users\Junito\AppData\Roaming\Microsoft\Windows\Recent\client-stats.log.lnk [LNK@] C:\Users\JUNITO~1\AppData\Roaming\Easeware\DRIVER~1\CLIENT~1.LOG -> Found
[PUP.Gen1][File] C:\Users\Junito\AppData\Roaming\Microsoft\Windows\Recent\DriverEasy.lnk [LNK@] C:\Users\JUNITO~1\AppData\Roaming\Easeware\DRIVER~1 -> Found
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E380 ATA Device +++++
--- User ---
[MBR] d8c3edb4bed2a3984bc767cd235ebc5e
[BSP] 403de67ba0e2f219f2b79355739651fe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Maxtor 6L120M0 ATA Device +++++
--- User ---
[MBR] aa7415b7c5c1f25a0031f6eb43396297
[BSP] 8f89bcf184ff96be07bf6cdb6134749f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 117244 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: KINGSTON SV300S37A240G ATA Device +++++
--- User ---
[MBR] c664ba19eded6725426e299ee13da4d1
[BSP] a27144b8b980601f0ab2ec1d08dde42b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
