Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
==> Proc.Injected <==
« previous
next »
Print
Pages:
1
2
3
[
4
]
5
Author
Topic: ==> Proc.Injected <== (Read 101783 times)
0 Members and 1 Guest are viewing this topic.
Reply #45
November 13, 2017, 01:20:15 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #45 on:
November 13, 2017, 01:20:15 PM »
Hi BoxDirty,
Welcome to Adlice.com Forum.
Could you please attach RogueKiller report ? Are you doing active developement on your computer (VB or C#, especially) ?
Regards.
Logged
Reply #46
November 13, 2017, 08:23:16 PM
BoxDirty
Newbie
Offline
4
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #46 on:
November 13, 2017, 08:23:16 PM »
Hey Curson,
Thanks alot and I uploaded the rogue killer report into the same google drive link.
https://drive.google.com/drive/folders/1xg5bB5N04wjLh7kL2QVZJeDmUbSrnWd_
I wasnt sure what you wanted exactly so i added anything i could
and no no develpment is being done on that computer.
Logged
Reply #47
November 13, 2017, 11:53:28 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #47 on:
November 13, 2017, 11:53:28 PM »
Hi BoxDirty,
These are not legit injections. Your computer is infected.
Please open a new theard in the
Malware removal
section of the forum. I will then help you to get rid of it.
Regards.
Logged
Reply #48
January 10, 2018, 01:12:51 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #48 on:
January 10, 2018, 01:12:51 PM »
Hi tienchien1,
Welcome to Adlice.com Forum.
Could you please attach RogueKiller report with your next reply ?
Regards.
Logged
Reply #49
January 10, 2018, 05:16:22 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #49 on:
January 10, 2018, 05:16:22 PM »
I tienchien1,
PUMs detections are not not necessary malicious. Here, they match the MSN search engine and so, are legit.
The [Proc.Injected] detection is not present in your report. Could you please restart your computer, redo a scan and post the report with your next reply ?
Regards.
Logged
Reply #50
January 13, 2018, 02:11:45 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #50 on:
January 13, 2018, 02:11:45 PM »
Hi tienchien1,
The injected executable is Battlefield 1 main executable. Since it's a very large file, it will be difficult.
Did you install any mod or hacking software ? If that's not the case, I think it's Origin anticheat feature being detected.
Regards.
Logged
Reply #51
January 15, 2018, 01:40:48 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #51 on:
January 15, 2018, 01:40:48 PM »
Hi tienchien1,
Yes, if it's an infection a full system reformat will get rid of it.
However, since this is the only injected process, I really doubt there is an infection.
Regards.
Logged
Reply #52
March 05, 2018, 03:12:45 AM
Booky Banton
Newbie
Offline
1
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #52 on:
March 05, 2018, 03:12:45 AM »
https://www.dropbox.com/s/xgli7yradirjh2p/rundll32.exe.7z?dl=0
https://www.dropbox.com/s/b4hwub0cn6mtxk4/rundll32.exe1.7z?dl=0
https://www.dropbox.com/s/52txx407m3deq7u/rundll32.exe2.7z?dl=0
Screenshot:
https://www.dropbox.com/s/slzted9yavafryd/Screenshot%202018-03-05%2002.08.24.png?dl=0
Report:
https://www.dropbox.com/s/iwdiptckdcnyovn/report.html?dl=0
«
Last Edit: March 05, 2018, 03:15:39 AM by Booky Banton
»
Logged
Reply #53
March 07, 2018, 02:23:04 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #53 on:
March 07, 2018, 02:23:04 PM »
Hi Booky Banton,
Welcome to Adlice.com Forum.
These injections are legit, we will whitelist them as soon as possible.
Regards.
Logged
Reply #54
April 04, 2018, 01:22:39 PM
Siddharth Kumar
Newbie
Offline
2
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #54 on:
April 04, 2018, 01:22:39 PM »
Hi!
Today I ran a scan with Roguekiller and it found explorer.exe as Proc.Infected.
I'm giving link to the rogurkiller log and explorer.exe dmp file. Kindly analyse it asap and let me know
https://www.sendspace.com/file/0lc8zj
https://www.sendspace.com/file/py4l6w
Regards,
Siddharth
Logged
Reply #55
April 04, 2018, 08:03:00 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #55 on:
April 04, 2018, 08:03:00 PM »
Hi Siddharth,
Welcome to Adlice.com Forum.
Could you please relaunch RogueKiller, delete the [Adw.Butler] et [Adw.FastDataX] entries, then reboot your computer and check if explorer.exe is still injected ?
Regards.
Logged
Reply #56
April 05, 2018, 12:06:32 PM
Siddharth Kumar
Newbie
Offline
2
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #56 on:
April 05, 2018, 12:06:32 PM »
After rebooting, I ran a scan with Roguekiller and it did not detected explorer as Proj.infected. So can you tell that removing the other entries can remove Proj.Infected ?
Logged
Reply #57
April 05, 2018, 03:35:14 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #57 on:
April 05, 2018, 03:35:14 PM »
Hi Siddharth,
In this case, Adw.Butler implemented a driver which was responsible for the injection on explorer.exe.
Since RogueKiller removed the driver, explorer.exe is no longer injected.
Regards.
Logged
Reply #58
April 17, 2018, 05:12:16 AM
Miklo
Newbie
Offline
6
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #58 on:
April 17, 2018, 05:12:16 AM »
NEW UPDATES: Regarding the Warning/Virus:
[Proc.Injected]
within
[svchost.exe]
File!
This is a re-edited Topic. I Created a Topic earler and needed help regarding this type of Virus. I was not sure if my Computer was Infected or not....
Hello Everyone. I was finally able to get rid of the Virus/Warning
[Proc.Injected]
within
[svchost.exe]
File by Replacing the Windows System Files with a fresh set of files from My Windows Installations CD. Incase someone else had the same problem, then this is how I fixed mine.
Please know that I DO NOT recommend using this method. Mainly because your Windows might fail to Restart, As mine did. There are probably better ways to replace your Windows System Files. In my case I had no other choice.
1. So based on the main topic, I used "Process Hacker" Software to detect the Process above the Infected filename
svchost.exe
. Such as:[/b]
- The Process above the infected
svchost.exe
file was called
services.exe
- And Process above the
services.exe
was called:
winini.exe
I suspected that one of the the following files seen below were causing the Infection:
C:\Windows\System32\wininit.exe
C:\Windows\System32\services.exe
C:\Windows\System32\svchost.exe
2. I basicly replaced all 3 files using a fresh set from my Windows Installation CD, and through the Command Line. But this did not come easy. After Replacing the files.
My Windows failed to restart.
.
3. I had to use the Windows
"Startup Repair"
Option from the Installations CD. After the Repair was Complete my windows started totally fine.
4. I then ran a Final Scan using "RogueKiller". And finally the "Proj.Inected" svchost.exe virus was completely gone.
I really hope that this could help someone else. But as I mentioned above. Please DO NOT attempt using this method for Replacing your Windows System Files. Please use a different way. Thank you.
Ps, I wanna send a huge thanks to the Adlice Team for their hard work and support within the forums. If it wasn't for this Topic and RogueKiller. I probably had been infected for very long time. So Thank you again!
«
Last Edit: April 17, 2018, 10:22:26 PM by Miklo
»
Logged
Reply #59
April 17, 2018, 10:13:00 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #59 on:
April 17, 2018, 10:13:00 PM »
Hi Miklo,
Welcome to Adlice.com Forum and thanks for your extented feedback.
There was indeed an odd injection into svchost.exe. The method you used to get rid of it is quite convulsed but thanks to your detailed explanations, I'm sure it can benefict some users.
Using the dumps you gave us, we will be able to analyse the injection in depth.
Also, thanks for the kind words, this is appreciated.
Regards.
Logged
Print
Pages:
1
2
3
[
4
]
5
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
==> Proc.Injected <==