Author Topic: Brief help to interpret report please  (Read 7057 times)

0 Members and 1 Guest are viewing this topic.

September 19, 2014, 01:46:06 PM

Totally_tropical

  • Guest
Brief help to interpret report please
« on: September 19, 2014, 01:46:06 PM »
I have recently found out about Rogue Killer, as while a trojan was intercepted and blocked the other day by my antivirus software, I wanted to run some pre-emptive scans to make sure nothing sneaked in. I have runs scans with some other tools, which tidied up a few things but nothing significant found. I was not sure re the Rogue Killer report and what it is telling me.

Am I correct in saying that this is a clean scan, with nothing to concern me? I assume the flagged up home page is just my own choice of home page
I assume the flagged up registries keys are either keys that should be changed to make them more secure, or have been changed by security software to make them more secure?

I suppose I am most concerned about the suspicious path entries re ET5drv.sys, as I am not sure what this relates to?

I would appreciate knowing from someone familiar with the Rogue Killer software whether there is anything there in the report that needs to be acted upon. I suspect not, but I would like to understand why for sure these entries have come up, and the risks / benefits of removing them.

Thank you in advance for your comments and recommendations. 

RogueKiller V9.2.11.0 [Sep  9 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Test [Admin rights]
Mode : Scan -- Date : 09/19/2014  11:56:49

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 21 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ET5Drv (\??\C:\Windows\ET5Drv.sys) -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ET5Drv (\??\C:\Windows\ET5Drv.sys) -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ET5Drv (\??\C:\Windows\ET5Drv.sys) -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3508653812-724799434-595400672-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3508653812-724799434-595400672-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | disableregistrytools : 0  -> FOUND
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3508653812-724799434-595400672-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3508653812-724799434-595400672-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 24fvnri6.default : user_pref("browser.startup.homepage", "www.google.co.uk"); -> FOUND

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] 45bd84628e2a5a17471654ec88c09de9
[BSP] 57cde6d0e3d7536424b0cee6ef234535 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 46913 MB
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 300881385 | Size: 5710 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1:  +++++
--- User ---
[MBR] 024142e7e1739db96e06f729e8ea61a6
[BSP] 938aac52648a609395824034283dcc0b : Legit.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )


Reply #1September 19, 2014, 06:11:29 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Brief help to interpret report please
« Reply #1 on: September 19, 2014, 06:11:29 PM »
Hello
Can you look at the file C:\Windows\ET5Drv.sys and scan it on virus total?

Reply #2September 19, 2014, 06:17:38 PM

Totally_tropical

  • Guest
Re: Brief help to interpret report please
« Reply #2 on: September 19, 2014, 06:17:38 PM »
Will do - couldnt find reference to it by googling, but I think I may have worked out what it is related to - motherboard tools from Gigabtye - EasyTune5

Reply #3September 19, 2014, 06:22:53 PM

Totally_tropical

  • Guest
Re: Brief help to interpret report please
« Reply #3 on: September 19, 2014, 06:22:53 PM »
Hello
Can you look at the file C:\Windows\ET5Drv.sys and scan it on virus total?

Hi Tigzy,
Thanks for the help

Virustotal shows 0/55 probably harmless

https://www.virustotal.com/en/file/dc6216402e0cfe9323baa5f656039891f69e90d087da975c44b30d3bd469c64b/analysis/1411143588/

Here is an online refernence to Easy Tune 5

http://www.gigabyte.com/MicroSite/121/tech_20041125_px_et5.htm