Topics

1

Malware removal help / False Positive on BakkesMod for RocketLeague?

« on: April 29, 2023, 03:00:52 AM »

Hi, my son wants to put this on the PC for his RocketLeague, it gives him access to extra features in the game. None of my other AV triggers (Bitdefender, Malwarebytes) - just RogueKiller and upon launch of the program only (not doing a passive scan on the file). I believe this is due to the exe exhibiting malware-like behaviour as it injects into the RL executable upon launch. It comes up as adw.dealply. Please let me know what you need from me for analysis.

Here is a link to the installation zip file: https://github.com/bakkesmodorg/BakkesModInjectorCpp/releases/latest/download/BakkesModSetup.zip

Plenty of support on why this happens, but doesn't mean I want to blindly add a rule for it:

https://docs.google.com/spreadsheets/d/1a-VUXfPUPS9S_OIOzdCC_tA6yyZ2ouj3OzTJnVkfD8I/edit#gid=0

As it doesn't trigger any of my other AV I presume those have it whitelisted, so wanting to verify with RK support.

Let me know if anything else is needed. Thank you.

2

RogueKiller PREMIUM / Issue Updating

« on: June 13, 2018, 02:59:17 AM »

Hi,

This is only happening on one of my PCs but I am still hoping you might know why.

This has only started for the last update and now this one. Get the error during update:

Hopefully this image link works:

Well I can't get it to embed but here's the link: https://www.dropbox.com/s/410zt0dq1xwzy2y/RK%20Error.JPG??raw=1

It's annoying to reinstall as I have to do the license and everything again.

Thanks.

3

RogueKiller PREMIUM / CCTV software being flagged as having detections

« on: March 26, 2018, 02:07:51 AM »

Please see the pasted in log file. False positive?

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : xx [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/26/2018 09:11:25 (Duration : 01:07:41)

¤¤¤ Processes : 2 ¤¤¤
[VT.Unknown] ABUS CMS.exe(18492) -- C:\Program Files\ABUS Security-Center\ABUS CMS\ABUS CMS Client\ABUS CMS.exe[7] -> Found
[VT.Unknown] DecodeProcess.exe(10308) -- C:\Program Files\ABUS Security-Center\ABUS CMS\ABUS CMS Client\DecodeProcess\DecodeProcess.exe[-] -> Found

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: INTEL SSDSC2KW480H6 +++++
--- User ---
[MBR] 8893ca9c61524a4bc2bac3ece04f0122
[BSP] c34e36e8797d75f760775409ebea4115 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 456888 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 936734720 | Size: 470 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD4003FZEX-00Z4SA0 +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 3815318 MB
User = LL1 ... OK
User = LL2 ... OK

____

Any help appreciated, thank you.

4

RogueKiller PREMIUM / Proc.Run.PE - false positive?

« on: January 28, 2018, 03:29:14 AM »

Hi team,

Could you please let me know if this is a false positive? I am getting '[6692] svchost.exe; C:\Windows\System32\scvhost.exe'

I read another thread where you addressed this and I downloaded Process Explorer and I found process 6692, however it was listed as Google Chrome. There were many instances of svchost.exe so I did not know which to create the dump file.

Any help please?

Thanks.