Topics

1

Malware removal help / Please see detected threats...

« on: May 09, 2017, 01:37:03 am »

Hi to all

Can you guys take a look at PUM policies and should I remove them. Before The Rogue Killer scan I ran a scan with AdwCleaner and removed  DRVAgent64 with AdwCleaner. And then scanned with RogueKiller and got what you see.

2

Malware removal help / PUM's and don't know if they are safe or bad.... HELP

« on: July 03, 2016, 11:28:26 pm »

Hi...

Can somebody please verify if these PUM's are safe or should I remove them...


RogueKiller V12.3.6.0 (x64) [Jun 27 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : melen [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 07/03/2016 17:08:19

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll) -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1916841561-3361044600-1070738565-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.toshiba.com/?cid=C001B2Y  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1916841561-3361044600-1070738565-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.toshiba.com/?cid=C001B2Y  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
--- User ---
[MBR] f4ac79b6a1a948e74d7f9b6d0649379a
[BSP] b72eeb4ef45ede7ec6828e66fb2a6a62 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 699978 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1436628992 | Size: 13925 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

3

RogueKiller / Trojan.Siggen6.58323 What is this....

« on: April 28, 2016, 04:26:27 am »

Hi...

Can you guys take a look and see if I have anything suspicious?

¤¤¤ Registry : 13 ¤¤¤
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FontCache3.0.0.0 (%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe) -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1916841561-3361044600-1070738565-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.toshiba.com/?cid=C001B2Y  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1916841561-3361044600-1070738565-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.toshiba.com/?cid=C001B2Y  -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1916841561-3361044600-1070738565-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.toshiba.com/?cid=C001B2Y  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1916841561-3361044600-1070738565-1000\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://start.toshiba.com/?cid=C001B2Y  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 ([])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0C135B63-F0EA-4167-A9A7-38C354B576AF} | DhcpNameServer : 10.0.0.138 ([])  -> Not selected
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Not selected

Thanks

George