Messages

2431

RogueKiller / Re: My Report

« on: January 14, 2015, 11:31:51 pm »

Hi kerdman,

The report is clean.
The IAT hooks are performed by AVG Antivirus 2015 (avghookx.dll). They are absolutely legit, there is no need to be worried about.

Regards.

2432

RogueKiller / Re: Translations!

« on: January 13, 2015, 06:19:15 pm »

Hi Obiobi,

Welcome to Adlice.com Forum.
Thank you for your contribution. It will be added in the next release.

Regards.

2433

RogueKiller / Re: My Report

« on: January 13, 2015, 04:51:59 pm »

Hi kerdman,

Welcome to Adlice.com Forum.

The rapport is clean, none of the items detected are malware.
Something puzzles me though. RogueKiller wasn't able to load its driver.

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

Did you use the 64 bits version of the tool ? Were any security programs running in the background when you launched RogueKiller ?

Regards.

2434

Malware removal help / Re: My PC is blocked after some minutes

« on: January 13, 2015, 04:26:36 pm »

Hi lupi,

Does the computer operates normally now ?
Do you still need help ?

Regards.

2435

RogueKiller / Re: Is this malware? " \Winlogon | Shell : cmd.exe /k start cmd.exe "

« on: January 13, 2015, 04:24:01 pm »

Hi jayh,

Welcome to Adlice.com Forum.
Please remove the following entries :

[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_CF06\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_CF06\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe

The following entry is legit :

[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\rimmpx64.sys)

It will be whitelisted in the next release of RogueKiller.

The entries about SingleClick Systems are legits aswell. These process are located in a subfolder within the C:\ProgramData folder, hence the reason for the detection.

If you need help with the tool, please refer to the official tutorial.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

2436

RogueKiller / Re: multitude de rootkits

« on: January 12, 2015, 03:59:20 pm »

Bonjour iletet,

Bienvenue sur le forum Adlice.
Ton rapport est incomplet. Peux-tu en poster la dernière partie (à partir de "¤¤¤ Vérification MBR : ¤¤¤") ?
Peux-tu préciser exactement ce que tu veux dire par "pour que windows accroche" ?

Meilleures salutations.

2437

RogueKiller / Re: Please can someone check rouge killer report.

« on: January 12, 2015, 03:50:06 pm »

Hi HallunX,

All the entries are legit.

Regards.

2438

RogueKiller / Re: Please can someone check rouge killer report.

« on: January 11, 2015, 10:47:49 pm »

Hi HallunX,

Welcome to Adlice.com Forum.

Could you please confirm your ISP is "UPC Broadband GmbH" ?
The report is incomplete. Please copy/paste the results of the scan once again.

If you need help with the tool, please refer to the official tutorial.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

2439

Malware removal help / Re: My PC is blocked after some minutes

« on: January 11, 2015, 10:35:17 pm »

Hi lupi,

Welcome to Adlice.com Forum.
Please follow the following process as close as possible :

1. Please start your system in Safe mode with Networking.
2. Download and execute RogueKiller (32 bits version) or RogueKiller (64 bits version), depending of your system architecture.

Please post back the results of the scan in your next post.
If you need help with the tool, please refer to the official tutorial.

Regards.

2440

RogueKiller / Re: Translations!

« on: January 11, 2015, 01:08:43 am »

Good evening greysmouth,

Thank you for your contribution. It will be updated on next release.

Regards.

2441

RogueKiller / Re: I have no skills please read these for me

« on: January 08, 2015, 04:49:06 pm »

Hi,

Did you install PAExec on purpose ? If that's not the case, you should uninstall it.
Please delete the following entry :

[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

The MBR on your computer seems nonstandard.
Unknown MBRs are dumped into %programdata%/RogueKiller/debug/.

Please locate the file and attach it on your next post (you need to zip it first).

Regards.

2442

Malware removal help / Re: What should I do ?

« on: January 08, 2015, 04:39:19 pm »

Hello flemanour,

[Suspicious.Path] explorer.exe(4668) -- C:\Users\FLM.DOMMCA\AppData\Local\StartIsBack\StartIsBack64.dll[-] -> Déchargé(e)

This module is legit. It is related to StartIsBack software.

Are the problems you described on your first post still present ?

Regards.

2443

Malware removal help / Re: Strange Rootkit Detections, Help Please

« on: January 07, 2015, 03:07:23 pm »

Hello Firedark142,

Welcome to Adlice.com Forum.
These drivers are indeed legit. They will be whitelisted in the next release of RogueKiller.

Regards.

2444

Malware removal help / Re: getting redirected all the time

« on: January 06, 2015, 04:42:31 pm »

Hi,

RogueKiller has not detected any malware.
We need to investigate this more thoroughly.

1. Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system".
  

• Click on Update Now to download the current database definitions, then click the Scan Now button.
  If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  

The THREAT SCAN will automatically begin.
When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.

To complete any actions taken you will be prompted to restart your computer...click on Yes.
Failure to reboot normally will prevent Malwarebytes from removing all the malware.

After rebooting the computer, copy and past the mbam.log in your next reply.

To retrieve the scan log information (Method 1) :

• Open Malwarebytes Anti-Malware.
• Click the History Tab at the top and select Application Logs.
  
• Select the box next to Scan Log. Choose the most current scan.
  
• Click the Export button and save the log as a .txt file on your Desktop or another location.
  
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the scan log information (Method 2) :

• Open Malwarebytes Anti-Malware.
• Click the Scan Tab at the top.
  
• Click the View detailed log link on the right.
  
• Click the Export button and save the log as a .txt file on your Desktop or another location.
  
• Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Alternatively, logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:

• -- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
• -- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

2. OTL

Please download OTL by OldTimer and save the file to your desktop.

• Double-click on the setup file (OTL.exe)and select Run as Administrator to start the tool.
• Make sure that Scan All Users, LOP check and Purity check are ticked.
• For 64-bit systems only - make sure that Include 64-bit option is also ticked.
• Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
• Section Extra Registry is also set to Use Safelist.

Push Run Scan and wait patiently.
Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.

Regards.

2445

RogueKiller / Re: Blue Screen Error

« on: January 06, 2015, 04:34:41 pm »

Hello Lucas.Berg2000, Tigzy,

There are many reasons why a crash dump could not be produced.
Please read "If crash dumps are not written out" and verifies that none of the points listed in the section does not apply to you.
I hope this will help you.

Regards.