Show Posts

RogueKiller / Re: ===> False Positives <===

« on: February 20, 2017, 11:52:05 PM »

hello first time posting, my Roguekiller is detecting the dumpfve.sys file as being forged is this a false positice, has been detecting it for some time this way and ive been afraid to touch it.

log
RogueKiller V12.9.7.0 (x64) [Feb 6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : JR [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 02/19/2017 19:29:44 (Duration : 00:19:26)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicCtrlService (C:\WINDOWS\runservice.exe) -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[File.Forged][File] C:\Windows\System32\drivers\dumpfve.sys -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SK hynix SC210 2.5 7MM 128GB +++++
--- User ---
[MBR] 5b0b88d9030834f364e05f4d548da2a4
[BSP] 7a9f7d067d6e128e5215d64e37548ed4 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB
4 - Basic data partition | Offset (sectors): 2906112 | Size: 111920 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 232118272 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 233039872 | Size: 8314 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TOSHIBA DT01ACA200 +++++
--- User ---
[MBR] 39e68f425841dc2464a3fec004ee98d5
[BSP] 45e6b52d9dc562e8c2278eddeaa9d81e : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 1907600 MB
User = LL1 ... OK
User = LL2 ... OK

Messages - tiberious35

RogueKiller / Re: ===> False Positives <===

RogueKiller / Re: ===> False Positives <===