Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Curson

Pages: [1] 2 3 ... 146
1
RogueKiller / Re: [PUM.StartMenu (Potentially Malicious)]
« on: February 19, 2019, 03:40:39 pm »
Hi Faergor,

Yes, it's perfectly safe.
You are very welcome. :)

Regards.

2
RogueKiller / Re: [PUM.StartMenu (Potentially Malicious)]
« on: February 18, 2019, 07:05:30 pm »
Hi Faergor,

The [PUM.StartMenu] detection means that the value of a Registry key is not the default one, but it's not necessarily malicious.
In your case, App Launch Tracking is disabled (Start_TrackProgs value set to 0), it's legit.

Regards.

3
RogueKiller / Re: ===> False Positives <===
« on: February 18, 2019, 07:02:44 pm »
Hi Mops21,

There is no need for you te report all [Hj.Shortcut] detections.

For the time being, every URL which is not explicitly whitelisted will be reported as such.
We are in the process to change this behaviour, so only malicious websites will be reported as [Hj.Shortcut] in the future.

The issue with the signatures package is now solved.

Regards.

4
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 09:11:30 pm »
Hi Faergor,

Don't worry about that.
Thanks for the kind words, again. :)

Regards.

5
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 07:46:58 pm »
Hi Faergor,

Don't worry, I understand you want to know what exactly happened to feel safe.
Quote
It is a line of code you put in rgk signatures that is used to detect specific viruses, such as the one that showed up on avast and avg
Exactly. So, following your first and second questions : it was not a virus but code used in signatures.

Regarding your third question, I think AVG did check the file for this specific malware pattern and without understanding it was part of a signature, labelled it as the real deal.
And about your fourth question, yes, your computer is safe.

Regards.

6
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 07:19:52 pm »
Hi Faergor,

Yes, we unzipped it before the analysis.
What AVG means is that the file does contains malware code, but it's inactive. Such code is used in signatures to detect the live malware.
I advise you to read this article for better understanding : What Is a Virus Signature?

Regards.

7
RogueKiller / Re: ===> False Positives <===
« on: February 15, 2019, 03:44:45 pm »
Hi Mops21,

You are welcome.
We had an issue with the signatures package. This will be fixed as soon as possible.

Regards.

8
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 03:43:33 pm »
Hi Faergor,

You are very welcome.
Thanks for the kind words.

Regards.

9
Malware removal help / Re: Rapport de roguekiller
« on: February 15, 2019, 03:37:33 pm »
Bonjour,

Bienvenue sur le forum Adlice.

360 Total Security n'est pas un malware, vous pouvez le désinstaller via l'utilitaire Windows.
En revanche, le fichier détecté par RogueKiler est effectivement douteux.

Téléchargez Farbar Recovery Scan Tool (x64) et enregistrez-le sur le Bureau.
  • Faites un clic droit sur le fichier téléchargé (FRST64.exe) et choisissez "Exécuter en tant qu'administrateur". Quand l'outil démarre, cliquez sur Oui pour accepter les termes de la fenêtre Disclaimer (clause de non-responsabilité).
  • Cliquez sur le bouton Scan.
  • L'outil va créer un fichier rapport [log] nommé FRST.txt situé dans le dossier depuis lequel l'outil s'exécute.
  • Copiez/collez ce rapport dans votre prochaine réponse.
  • La première fois où l'outil est exécuté, il crée un autre rapport nommé Addition.txt - situé également dans le même dossier que FRST64.exe. Copiez/collez également ce rapport dans votre réponse.
Meilleures salutations.

10
RogueKiller / Re: ===> False Positives <===
« on: February 15, 2019, 11:56:32 am »
Hi Mops21,

You are very welcome.

Regards.

11
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 11:56:09 am »
Hi Faergor,

No, there is no possibility that the file was infected on your computer.
Yes, we analysed the file and we can confirm it was a false positive. Please don't worry, your computer was never at risk. :)

Regards.

12
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 15, 2019, 10:35:58 am »
Hi Faergor,

Thanks for your feedback.
Does the detection keep occuring ?

Regards.

13
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 14, 2019, 05:59:26 pm »
Hi Faergor,

You are very welcome.

Regards.

14
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 14, 2019, 05:39:53 pm »
Hi Faergor,

No, it's a confirmed false positive. We were not compromised in any way.
If you feel unsafe adding the mbr file in your exclusion list, please download the signatures package once again. We removed the offending signature, so it's not detected anymore.

Regards.

15
RogueKiller / Re: MBR:Yurn-A (RTK) in new RGK signatures
« on: February 14, 2019, 05:05:13 pm »
Hi Faergor,

Thanks for your feedback.

Avast and AVG are detecting RogueKiller's MBR malware signature database file, this is not a malicious file.
Since RogueKiller cannot run without this file being present, please do not delete it and put it in your antivirus exclusion list. In case you already deleted it, please restore it.

Sorry for the inconvenience, we will fix this as soon as possible.

Regards.

Pages: [1] 2 3 ... 146