==> Proc.Injected <==

[Curson]

Hi BoxDirty,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller report ? Are you doing active developement on your computer (VB or C#, especially) ?

Regards.

[BoxDirty]

Hey Curson,

Thanks alot and I uploaded the rogue killer report into the same google drive link. https://drive.google.com/drive/folders/1xg5bB5N04wjLh7kL2QVZJeDmUbSrnWd_
I wasnt sure what you wanted exactly so i added anything i could   and no no develpment is being done on that computer.

[Curson]

Hi BoxDirty,

These are not legit injections. Your computer is infected.
Please open a new theard in the Malware removal section of the forum. I will then help you to get rid of it.

Regards.

[tienchien1]

When I create dump file. It has 6GB, can you help me?

[Curson]

Hi tienchien1,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller report with your next reply ?

Regards.

[tienchien1]

After deleting a time, it comes back again?

[Curson]

I tienchien1,

PUMs detections are not not necessary malicious. Here, they match the MSN search engine and so, are legit.
The [Proc.Injected] detection is not present in your report. Could you please restart your computer, redo a scan and post the report with your next reply ?

Regards.

[tienchien1]

 I was confused. I'm running a new scan, now. And will give you logs files, in a few minutes.

[tienchien1]

I tienchien1,

PUMs detections are not not necessary malicious. Here, they match the MSN search engine and so, are legit.
The [Proc.Injected] detection is not present in your report. Could you please restart your computer, redo a scan and post the report with your next reply ?

Regards.

My computer starts acting oddly, it's not like what I know. From 2 years ago. I realized myself leaking information, but I still do not understand why, even though I reformatted my hard drive several times. Run multiple anti-virus software, all unable to detect this infection (only RogueKiller good) .

And now I know why. Thanks very much. And can help me remove this infection.

[Curson]

Hi tienchien1,

The injected executable is Battlefield 1 main executable. Since it's a very large file, it will be difficult.
Did you install any mod or hacking software ? If that's not the case, I think it's Origin anticheat feature being detected.

Regards.

[tienchien1]

I do not think this is a false positive.  If this is really an infection, will Format and Settings solve the problem? Thanks so much.

[Curson]

Hi tienchien1,

Yes, if it's an infection a full system reformat will get rid of it.
However, since this is the only injected process, I really doubt there is an infection.

Regards.

[Booky Banton]

https://www.dropbox.com/s/xgli7yradirjh2p/rundll32.exe.7z?dl=0
https://www.dropbox.com/s/b4hwub0cn6mtxk4/rundll32.exe1.7z?dl=0
https://www.dropbox.com/s/52txx407m3deq7u/rundll32.exe2.7z?dl=0

Screenshot: https://www.dropbox.com/s/slzted9yavafryd/Screenshot%202018-03-05%2002.08.24.png?dl=0

Report: https://www.dropbox.com/s/iwdiptckdcnyovn/report.html?dl=0

[Curson]

Hi Booky Banton,

Welcome to Adlice.com Forum.
These injections are legit, we will whitelist them as soon as possible.

Regards.

[Siddharth Kumar]

Hi!
Today I ran a scan with Roguekiller and it found explorer.exe as Proc.Infected.
I'm giving link to the rogurkiller log and explorer.exe dmp file. Kindly analyse it asap and let me know
https://www.sendspace.com/file/0lc8zj
https://www.sendspace.com/file/py4l6w

Regards,
Siddharth