Author Topic: False positive? (Read 5540 times)

XiRw · « **on:** October 16, 2014, 07:14:53 AM »

Hello, Today I ran RK 3 times and the results varied.

The one thing I am 100 percent sure thats a fp is the MEGA for desktop.

The other thing I am not so sure with and I included it in the log. Supposedly its a Keylogger.
The weird part is during the 3 scans I did, the driver showed up malicious twice only and was clean once. Could this be a rootkit hiding the malicious code when it the driver is being scanned? Or something to do with Rogue Killer itself?

Any help is appreciated : D

Tigzy · « **Reply #1 on:** October 16, 2014, 08:19:51 AM »

Thanks, that will be added.

XiRw · « **Reply #2 on:** October 16, 2014, 06:20:54 PM »

Wait what about the keylogger. Is it legit?

Tigzy · « **Reply #3 on:** October 16, 2014, 06:49:00 PM »

It's what I've added

hidclass is a driver that filters mouse/keyboard IRPs, this is why it's tagged (falsely) as possible keylogger.

XiRw · « **Reply #4 on:** October 16, 2014, 07:13:47 PM »

Oh ok thanks for letting me know and the quick replies

Tigzy · « **Reply #5 on:** October 16, 2014, 08:22:54 PM »

BTW HID means "Human Interface Device", a keyboard/mouse/joystick/whatever.

XiRw · « **Reply #6 on:** October 16, 2014, 10:03:29 PM »

Yeah I read everything when RK opened the website for kernel mode rootkit but I thought it was just something else intercepting my keystrokes but good to know its nothing.

Author Topic: False positive? (Read 5540 times)

XiRw

False positive?

Tigzy

Re: False positive?

XiRw

Re: False positive?

Tigzy

Re: False positive?

XiRw

Re: False positive?

Tigzy

Re: False positive?

XiRw

Re: False positive?