Author Topic: another thing that rouge has detected  (Read 4093 times)

0 Members and 2 Guests are viewing this topic.

May 27, 2015, 08:44:23 PM

TheMuffinman

  • Newbie

  • Offline
  • *

  • 7
  • Reputation:
    0
    • View Profile
another thing that rouge has detected
« on: May 27, 2015, 08:44:23 PM »
ok so I ran a scan today and and found something in antirootkit and 2 strange ones in my registry can some one review this and are these safe ? ALSO how do you remove/ delete things found in antirootkit marked as suspicious ? there is no tick box to delete it because when I go and delete it manually I get administration error even though I am an admin.. ? report :

 RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : (removed name) [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/27/2015  19:37:08

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤
« Last Edit: May 28, 2015, 05:57:30 AM by TheMuffinman »

Reply #1May 30, 2015, 12:48:56 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: another thing that rouge has detected
« Reply #1 on: May 30, 2015, 12:48:56 AM »
Hi TheMuffinman,

The following entries are false positives and will be fixed as soon as possible.
Quote
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Found

Quote from: TheMuffinman
ALSO how do you remove/ delete things found in antirootkit marked as suspicious ? there is no tick box to delete it because when I go and delete it manually I get administration error even though I am an admin.. ?
The items showing in the Antirootkit tab of RogueKiller cannot be removed, since they are no files nor processes.
For more information,  please refer to the official tutorial, especially the ANTIROOTKIT TAB section.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.