Software feedback > RogueKiller

==> Proc.Injected <==

(1/14) > >>

Tigzy:
Hello,
If you encounter this detection, this can mean several things:

- A real infection (like Zeus, Carberp, Poweliks, they are all using that thing)
- Your antivirus injecting your processes to protect you (in theory).

To know what's going on, and possibly whitelist the cases where it's a legit injection, please do the following:
Let's say you have [Proc.Injected] some_process.exe -- C:/path_to_parent_some_process.exe

- Download Process Hacker: http://processhacker.sourceforge.net/downloads.php
- Install it, launch it
- Find the process above
- Right click on it => Create dump (on the desktop)
- Zip the file (winzip, winrar, 7zip)
- Host it anywhere you want (Google Drive, Dropbox, ...) Make sure it's public.
- Put the link here.

We will analyse what is really injected, and whitelist if needed.


schmidtrg:
And you might try booting into safe mode and try running it.

Ourko:
Hi,

We have an infection with Proc.injected in svchost.exe and explorer.exe.
Roguekiller only found something, but processus came back at each logon.

https://drive.google.com/file/d/0B43o-k4ki3t4cVlUaUhrb0xraG8/view?usp=sharing

https://drive.google.com/file/d/0B43o-k4ki3t4ZFItYi13WE5LMlE/view?usp=sharing

I have the rapport too, if you need it : to see the hook.IEAT in explorer.exe.

Best regards.

Tigzy:
Hello
I'd like the report as well please :)

@Ourko, I don't have access to some memory segments, are you sure you took a full dump?

Ourko:
I redo the "Create dump file" from the exe but with the administrator, and not a user with admin rights.

I join 2 reports too.
Thanks.

https://drive.google.com/file/d/0B43o-k4ki3t4YjU1UGZOaXJkRW8/view?usp=sharing
https://drive.google.com/file/d/0B43o-k4ki3t4UUJSMkRvTmRzcjg/view?usp=sharing
https://drive.google.com/file/d/0B43o-k4ki3t4QkpFempNSW5BY1E/view?usp=sharing
https://drive.google.com/file/d/0B43o-k4ki3t4bmNfU3VZbkgyYnM/view?usp=sharing

PS: je viens de voir qu'on pouvait parler en franšais :-)
Est ce que je dois ouvrir un post pour de l'aide au "nettoyage" ?

Navigation

[0] Message Index

[#] Next page

Go to full version