Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - ryderjj89

Pages: [1]
1
RogueKiller / Re: ===> False Positives <===
« on: March 14, 2015, 05:19:15 AM »
I dont know if you support Windows XP but here's another for ya with LogMeIn Rescue.

[Suspicious.Path] lmi_rescue.exe(4232) -- C:\Documents and Settings\username\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe[7] -> Killed [TermProc]
[Suspicious.Path] LMI_Rescue_srv.exe(4360) -- C:\Documents and Settings\username\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe[7] -> Killed [TermProc]
[Suspicious.Path] LMI_Rescue_srv.exe(4580) -- C:\Documents and Settings\username\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe[7] -> Killed [TermThr]
[Suspicious.Path] lmi_rescue.exe(4820) -- C:\Documents and Settings\username\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe[7] -> Killed [TermProc]

2
RogueKiller / Re: ===> False Positives <===
« on: March 09, 2015, 07:35:47 PM »
Its the Rescue Applet, not the technician console. I'm not sure how you can't reproduce the issue. Its happened for multiple people as of 10.5.1....

3
RogueKiller / Re: ===> False Positives <===
« on: March 06, 2015, 07:44:19 PM »
Someone posted the full path for you guys last month on page 3. Here they are again.

C:\Users\username\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_src.exe
C:\Users\username\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue.exe

4
RogueKiller / Re: ===> False Positives <===
« on: March 05, 2015, 09:26:05 PM »
Quote from: Curson on March 02, 2015, 06:43:38 PM
Hi ryderjj89,

RogueKiller 10.5.0 is out.
Could you please retry with this version ?

Regards.

Tried with 10.5.1, still killing LogMeIn Rescue during pre-scan.

Here's the log entry:

[Suspicious.Path] (SVC) LMIRescue_9c5cee35-34cc-4e1a-a350-ef13abfc5d98 -- "C:\Users\Violet\AppData\Local\LOGMEI~1\LMIR0002.tmp\LMI_Rescue_srv.exe" -service -sid 9c5cee35-34cc-4e1a-a350-ef13abfc5d98[7] -> Stopped

5
RogueKiller / Re: ===> False Positives <===
« on: March 02, 2015, 03:32:48 AM »
As of the latest version 10.4.3, its still killing logmein rescue during the pre-scan. I will try to get more info if I can.

6
RogueKiller / Re: ===> False Positives <===
« on: February 18, 2015, 09:11:53 PM »
Now that RK has been updated to 10.4, it is falsely closing out LogMeIn Rescue during the pre-scan. Would like this to be whitelisted please. Here's a picture of what was found in the pre-scan.

http://i.imgur.com/O0r9Ann.png

I will get the log from the report here in a little bit and edit this post. Just figured I'd make a preemptive strike.

7
RogueKiller / Re: ===> False Positives <===
« on: December 31, 2014, 09:42:26 PM »
If Chica is already in a scan and then I start a scan with RogueKiller, it will kill Chica. This behavior is also recent. Before version 10, it wouldnt do this. Im guessing because of signature additions, maybe? Either way, be nice if they would play nice together lol.

8
RogueKiller / Re: ===> False Positives <===
« on: December 31, 2014, 02:52:48 AM »
Is this what you're looking for?

[Tr.Zeus] cpcs.exe -- C:\Program Files (x86)\ChicaLogic\ChicaPC-Shield\cpcs.exe[7] -> Killed [DrvNtTerm]

I noticed that RK will only kill ChicaPC if its in the middle of a scan. Tested it without running a scan and it didnt touch it.

9
RogueKiller / Re: ===> False Positives <===
« on: December 29, 2014, 10:18:43 PM »
Hey, found that the latest RK as of 12/23/2014 is marking ChicaPC as TR.Zeus. This is an AV program similar to Malware-bytes. Please whitelist.

http://i.imgur.com/wIarvTx.png Screenshot to show its being killed during pre-scan.

Pages: [1]