Author Topic: Hidden Processes  (Read 8673 times)

0 Members and 1 Guest are viewing this topic.

July 05, 2014, 01:20:56 AM

derek123456789

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Hidden Processes
« on: July 05, 2014, 01:20:56 AM »
Hi, RK has been finding these hidden processes.  I appreciate any help or advice on this...thanks!

RogueKiller V9.1.0.0 (x64) [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Derek [Admin rights]
Mode : Scan -- Date : 07/04/2014  19:17:52

¤¤¤ Bad processes : 2 ¤¤¤
[Hidden]  --
  • -> KILLED [TermThr]
[Hidden]  --
  • -> KILLED [TermThr]


¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] ab09653465709269358ca86c4345e29e
[BSP] 7ee15af64f1544c7ab9f5888cf56cf4c : Unknown MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_06302014_073846.log - RKreport_DEL_06302014_074303.log - RKreport_DEL_07032014_003308.log - RKreport_SCN_06302014_073823.log
RKreport_SCN_06302014_074210.log - RKreport_SCN_07032014_003016.log

Reply #1July 07, 2014, 08:09:04 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 956
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Hidden Processes
« Reply #1 on: July 07, 2014, 08:09:04 AM »
Hello
That's known problem, we're working on it.

Reply #2July 09, 2014, 07:58:38 AM

lspbflus

  • Guest
Re: Hidden Processes
« Reply #2 on: July 09, 2014, 07:58:38 AM »
Hi Tigzy,
I too have the same question - what do I need to do about this?
¤¤¤ Bad processes : 1 ¤¤¤
[Proc.Hidden]  --
  • -> KILLED [TermThr]

I understand it is killed for now but what happens when I restart PC? Does that 'bad process' start again?
Any clarification will be much appreciated.
-------------------
The complete report:
RogueKiller V9.2.0.0 [Jun 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Lena [Admin rights]
Mode : Scan -- Date : 07/09/2014  01:12:26
¤¤¤ Bad processes : 1 ¤¤¤
[Proc.Hidden]  --
  • -> KILLED [TermThr]

¤¤¤ Registry Entries : 8 ¤¤¤
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2979170670-570028710-1548118563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2979170670-570028710-1548118563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2979170670-570028710-1548118563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2979170670-570028710-1548118563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2979170670-570028710-1548118563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2979170670-570028710-1548118563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2979170670-570028710-1548118563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> FOUND
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2979170670-570028710-1548118563-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
¤¤¤ Antirootkit : 2 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\PxHelp20 @ Unknown (\SystemRoot\system32\DRIVERS\MpFilter.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\system32\drivers\fileinfo.sys)
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3160815AS ATA Device +++++
--- User ---
[MBR] c392f8353a1a3c3ccd339d4c77ad8e1b
[BSP] e7a4d88e39462edee4d9ce59ade9badd : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 286720 | Size: 152446 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: Dell USB Mass Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_DEL_07092014_005010.log - RKreport_SCN_07092014_004341.log

Reply #3July 09, 2014, 10:46:58 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 956
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Hidden Processes
« Reply #3 on: July 09, 2014, 10:46:58 AM »
This is a bug, a ghost process that should not be detected.
The process no longer exists, so killing it has no effect