===> False Positives <===

[welbot]

Hi,

Not sure if these have been reported yet, but I keep getting these 3 entries when I scan.

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3591490448-2704826680-4139795447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3591490448-2704826680-4139795447-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUP.Gen1][Folder] C:\Program Files\Windows Security -> Found

The first 2 I'm not 100% certain of their function, but at a guess, I think they're for placing recently used programs at the top of the start menu.
The 3rd entry has been confirmed as a new addition to version 1703 of Windows 10 by Microsoft. (The folder contains another folder called BrowserCore, and inside that is a BrowserCore.exe, a manifest.json file, and a folder named en-US.

Virus total scan of BrowserCore.exe found 0 reports of infection. (https://www.virustotal.com/en/file/9435f2f1d87523c13439887d0a76259cbb44dd6a37760fc353b7f1f023567160/analysis/1493256689/)

[Curson]

Hi welbot,

Welcome to Adlice.com Forum.

PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and are, indeed, linked to recent entries in Windows Start Menu.
For more information, please read RogueKiller Documentation.

The Windows Security folder is a well known false positive.
This will be fixed on RogueKiller next release.

Regards.

[JeffF73]

Hello.
I did a scan and it came up with a false positive of:
[Adw.Elex|Tr.Zusy|PUP.Divcom] MBAMService.exe(4736) -- D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe[7] -> Found

[Curson]

Hi Jeff,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

[JeffF73]

Hello Curson Thank you.
Surely here it is.

[Curson]

Hi Jeff,

Thanks for supporting our product.
RogueKiller is detecting MalwareBytes malware database.

This issue has been fixed when MBAM is installed on standard location but since you run it from the D: drive, the detection is still present.
As a Premium user, you can exclude it using RogueKiller External Scanner.

Regards.

[JeffF73]

You're welcome.

I kind of thought it maybe the Drive I have it installed on right after I attached the log.
I use an SSD for a Boot Drive/O.S Installation then my D: drive is for everything else lol. Glad to hear this.
Thank you

[Curson]

Hi Jeff,

You are welcome.
Don't hesitate to open a new thread if you need help with RogueKiller External Scanner.

Regards.

[GCRaistlin]

False positives:

• nncron.exe - an executable of nnCron
• netfilter.sys - from Kerio Control

[Curson]

Hi GCRaistlin,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

[GCRaistlin]

Should I perform a rescan?

[Curson]

Hi GCRaistlin,

No need.
To export a report, go to the "History" tab, then to the "Scan Reports" section.
There, do a right click on the first line, the click on the "Export txt" button.

Regards.

[GCRaistlin]

I used RogueKillerCMD so there's nothing on this tab.

[Curson]

Hi GCRaistlin,

Could you please check C:\ProgramData\RogueKiller\Logs directory ?
If no log is there, please redo a scan.

Regards.

[GCRaistlin]

Logs (one for nncron.exe, one for netfilter.exe)