Messages

2446

RogueKiller / Re: multitude de rootkits

« on: January 16, 2015, 03:14:06 pm »

Bonjour iletet,

Nous aurions besoin du dump mémoire pour avancer.
Obtiens-tu un message d'erreur ? As-tu bien utilisé l'option "Create dump file..." sur le processus chrome.exe ?

Merci de scanner le fichier ci-dessous sur VirusTotal :

C:\Windows\system32\DRIVERS\gzflt.sys

Copie/colle le rapport de scan dans ton prochain message.

Meilleures salutations.

2447

Malware removal help / Re: Account Hacked (Possible Rootkit); need help understanding report

« on: January 14, 2015, 11:54:44 pm »

Hi Vediovis,

Welcome to Adlice.com Forum.

The first report was generated with the 32 bits version of RogueKiller, the second by the 64 bits version (the one you should be using).
Anyway, the tool wasn't able to load its driver.

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

Were any security programs running in the background when you launched RogueKiller ?

Regards.

2448

Malware removal help / Re: I don't know what to do??

« on: January 14, 2015, 11:43:04 pm »

Hi Gina,

Welcome to Adlice.com Forum.

Are you using a WEB Proxy ?
Can you download TCPView, then open it.
Please locate the column "Local Port" and copy/paste the line that has the value 49697 (you can sort the column) in your next reply.

Regards.

2449

RogueKiller / Re: My Report

« on: January 14, 2015, 11:31:51 pm »

Hi kerdman,

The report is clean.
The IAT hooks are performed by AVG Antivirus 2015 (avghookx.dll). They are absolutely legit, there is no need to be worried about.

Regards.

2450

RogueKiller / Re: Translations!

« on: January 13, 2015, 06:19:15 pm »

Hi Obiobi,

Welcome to Adlice.com Forum.
Thank you for your contribution. It will be added in the next release.

Regards.

2451

RogueKiller / Re: My Report

« on: January 13, 2015, 04:51:59 pm »

Hi kerdman,

Welcome to Adlice.com Forum.

The rapport is clean, none of the items detected are malware.
Something puzzles me though. RogueKiller wasn't able to load its driver.

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

Did you use the 64 bits version of the tool ? Were any security programs running in the background when you launched RogueKiller ?

Regards.

2452

Malware removal help / Re: My PC is blocked after some minutes

« on: January 13, 2015, 04:26:36 pm »

Hi lupi,

Does the computer operates normally now ?
Do you still need help ?

Regards.

2453

RogueKiller / Re: Is this malware? " \Winlogon | Shell : cmd.exe /k start cmd.exe "

« on: January 13, 2015, 04:24:01 pm »

Hi jayh,

Welcome to Adlice.com Forum.
Please remove the following entries :

[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_CF06\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_CF06\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe

The following entry is legit :

[Filter(Kernel.Filter)] \Driver\atapi @ \Device\CdRom0 : \Driver\GEARAspiWDM @ Unknown (\SystemRoot\system32\DRIVERS\rimmpx64.sys)

It will be whitelisted in the next release of RogueKiller.

The entries about SingleClick Systems are legits aswell. These process are located in a subfolder within the C:\ProgramData folder, hence the reason for the detection.

If you need help with the tool, please refer to the official tutorial.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

2454

RogueKiller / Re: multitude de rootkits

« on: January 12, 2015, 03:59:20 pm »

Bonjour iletet,

Bienvenue sur le forum Adlice.
Ton rapport est incomplet. Peux-tu en poster la dernière partie (à partir de "¤¤¤ Vérification MBR : ¤¤¤") ?
Peux-tu préciser exactement ce que tu veux dire par "pour que windows accroche" ?

Meilleures salutations.

2455

RogueKiller / Re: Please can someone check rouge killer report.

« on: January 12, 2015, 03:50:06 pm »

Hi HallunX,

All the entries are legit.

Regards.

2456

RogueKiller / Re: Please can someone check rouge killer report.

« on: January 11, 2015, 10:47:49 pm »

Hi HallunX,

Welcome to Adlice.com Forum.

Could you please confirm your ISP is "UPC Broadband GmbH" ?
The report is incomplete. Please copy/paste the results of the scan once again.

If you need help with the tool, please refer to the official tutorial.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

2457

Malware removal help / Re: My PC is blocked after some minutes

« on: January 11, 2015, 10:35:17 pm »

Hi lupi,

Welcome to Adlice.com Forum.
Please follow the following process as close as possible :

1. Please start your system in Safe mode with Networking.
2. Download and execute RogueKiller (32 bits version) or RogueKiller (64 bits version), depending of your system architecture.

Please post back the results of the scan in your next post.
If you need help with the tool, please refer to the official tutorial.

Regards.

2458

RogueKiller / Re: Translations!

« on: January 11, 2015, 01:08:43 am »

Good evening greysmouth,

Thank you for your contribution. It will be updated on next release.

Regards.

2459

RogueKiller / Re: I have no skills please read these for me

« on: January 08, 2015, 04:49:06 pm »

Hi,

Did you install PAExec on purpose ? If that's not the case, you should uninstall it.
Please delete the following entry :

[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

The MBR on your computer seems nonstandard.
Unknown MBRs are dumped into %programdata%/RogueKiller/debug/.

Please locate the file and attach it on your next post (you need to zip it first).

Regards.

2460

Malware removal help / Re: What should I do ?

« on: January 08, 2015, 04:39:19 pm »

Hello flemanour,

[Suspicious.Path] explorer.exe(4668) -- C:\Users\FLM.DOMMCA\AppData\Local\StartIsBack\StartIsBack64.dll[-] -> Déchargé(e)

This module is legit. It is related to StartIsBack software.

Are the problems you described on your first post still present ?

Regards.