Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
==> Proc.Injected <==
« previous
next »
Print
Pages: [
1
]
2
3
...
5
Author
Topic: ==> Proc.Injected <== (Read 101823 times)
0 Members and 1 Guest are viewing this topic.
November 14, 2014, 09:51:58 AM
Tigzy
Administrator
Hero Member
Offline
957
Reputation:
91
Personal Text
Owner, Adlice Software
==> Proc.Injected <==
«
on:
November 14, 2014, 09:51:58 AM »
Hello,
If you encounter this detection, this can mean several things:
- A real infection (like Zeus, Carberp, Poweliks, they are all using that thing)
- Your antivirus injecting your processes to protect you (in theory).
To know what's going on, and possibly whitelist the cases where it's a legit injection, please do the following:
Let's say you have
[Proc.Injected] some_process.exe -- C:/path_to_parent_some_process.exe
- Download Process Hacker:
http://processhacker.sourceforge.net/downloads.php
- Install it, launch it
- Find the process above
- Right click on it => Create dump (on the desktop)
- Zip the file (winzip, winrar, 7zip)
- Host it anywhere you want (Google Drive, Dropbox, ...) Make sure it's public.
- Put the link here.
We will analyse what is really injected, and whitelist if needed.
«
Last Edit: November 16, 2014, 11:35:19 PM by Tigzy
»
Logged
Reply #1
November 15, 2014, 02:01:30 AM
schmidtrg
Guest
Re: ==> Proc.Injected <==
«
Reply #1 on:
November 15, 2014, 02:01:30 AM »
And you might try booting into safe mode and try running it.
Logged
Reply #2
December 09, 2014, 03:34:34 PM
Ourko
Guest
Re: ==> Proc.Injected <==
«
Reply #2 on:
December 09, 2014, 03:34:34 PM »
Hi,
We have an infection with Proc.injected in svchost.exe and explorer.exe.
Roguekiller only found something, but processus came back at each logon.
https://drive.google.com/file/d/0B43o-k4ki3t4cVlUaUhrb0xraG8/view?usp=sharing
https://drive.google.com/file/d/0B43o-k4ki3t4ZFItYi13WE5LMlE/view?usp=sharing
I have the rapport too, if you need it : to see the hook.IEAT in explorer.exe.
Best regards.
Logged
Reply #3
December 09, 2014, 05:40:30 PM
Tigzy
Administrator
Hero Member
Offline
957
Reputation:
91
Personal Text
Owner, Adlice Software
Re: ==> Proc.Injected <==
«
Reply #3 on:
December 09, 2014, 05:40:30 PM »
Hello
I'd like the report as well please
@Ourko, I don't have access to some memory segments, are you sure you took a full dump?
«
Last Edit: December 09, 2014, 05:52:48 PM by Tigzy
»
Logged
Reply #4
December 09, 2014, 11:25:42 PM
Ourko
Guest
Re: ==> Proc.Injected <==
«
Reply #4 on:
December 09, 2014, 11:25:42 PM »
I redo the "Create dump file" from the exe but with the administrator, and not a user with admin rights.
I join 2 reports too.
Thanks.
https://drive.google.com/file/d/0B43o-k4ki3t4YjU1UGZOaXJkRW8/view?usp=sharing
https://drive.google.com/file/d/0B43o-k4ki3t4UUJSMkRvTmRzcjg/view?usp=sharing
https://drive.google.com/file/d/0B43o-k4ki3t4QkpFempNSW5BY1E/view?usp=sharing
https://drive.google.com/file/d/0B43o-k4ki3t4bmNfU3VZbkgyYnM/view?usp=sharing
PS: je viens de voir qu'on pouvait parler en français :-)
Est ce que je dois ouvrir un post pour de l'aide au "nettoyage" ?
«
Last Edit: December 10, 2014, 09:16:46 AM by Ourko
»
Logged
Reply #5
February 11, 2015, 04:17:00 AM
k9le
Newbie
Offline
1
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #5 on:
February 11, 2015, 04:17:00 AM »
Hi
RogueKiller has detected a Proc.injected infection in DVDFab.exe
I have created dump file and report is below.
Could this be checked if it is a real infection?
Thankyou
https://drive.google.com/file/d/0B9TNFYkJVdqjOFZsdEpSU3hOWTA/view?usp=sharing
https://drive.google.com/file/d/0B9TNFYkJVdqjQXlVQ0ZIVWx5bTg/view?usp=sharing
Logged
Reply #6
February 11, 2015, 09:01:47 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #6 on:
February 11, 2015, 09:01:47 PM »
Hi k9le,
Welcome to Adlice.com Forum.
The injection is not malicious. This will be fixed in the next release of RogueKiller.
Regards.
Logged
Reply #7
March 06, 2015, 09:19:41 PM
zylicyde
Newbie
Offline
1
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #7 on:
March 06, 2015, 09:19:41 PM »
Hello,
Please advise if the injection in ekrn.exe (ESET Endpoint Antivirus) is malicious or not. The dump file is below.
https://dl.dropboxusercontent.com/u/2700674/ekrn.exe.zip
Thanks!
Logged
Reply #8
March 12, 2015, 04:36:10 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #8 on:
March 12, 2015, 04:36:10 PM »
Hi zylicyde,
Welcome to Adlice.com Forum.
The injection is not malicious. This will be fixed in the next release of RogueKiller.
Regards.
Logged
Reply #9
August 07, 2015, 06:59:04 AM
dimitri33
Newbie
Offline
3
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #9 on:
August 07, 2015, 06:59:04 AM »
hello
my computer is infected proc.injected
every time i reboot my computer they come back almost all the frequently used processes
the sharing folder contain the roguekiller report and explorer.exe dump
https://drive.google.com/open?id=0Bx3bbqeWRXLYflVyMklkUzhXZTFrZFFCZmpFQkE4cVFzNFNvd0lRMlNOdnBVdGR0M3Y4TW8
Logged
Reply #10
August 07, 2015, 01:54:12 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #10 on:
August 07, 2015, 01:54:12 PM »
Hi dimitri33,
Welcome to Adlice.com Forum.
The dump you provided will be analyzed as soon as possible. I will keep you informed of the results.
Regards.
Logged
Reply #11
August 07, 2015, 10:07:39 PM
dimitri33
Newbie
Offline
3
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #11 on:
August 07, 2015, 10:07:39 PM »
thanks "curson" iam waiting
can you give me a short explanation about the proc.injected ....is that mean iam under a hacker control? how could do that by a file or open port ?
i want to trace the hacker if its possible
thanks
Logged
Reply #12
August 10, 2015, 02:07:30 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #12 on:
August 10, 2015, 02:07:30 PM »
Hi dimitri33,
The [Proc.Injected] detection means that the specified process running context has been altered in such a way such process could execute external code.
It is frequently used by antivirus softwares for protection purposes.
At first sight, the injection on your computer doesn't seem to be malware related. Please be patient.
Regards.
Logged
Reply #13
August 11, 2015, 06:09:27 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: ==> Proc.Injected <==
«
Reply #13 on:
August 11, 2015, 06:09:27 PM »
Hi dimitri33,
The injection on your system is caused by SpyShelter Anti-Keylogger.
We will withelist it as soon as possible.
Regards.
Logged
Reply #14
August 12, 2015, 07:31:01 PM
dimitri33
Newbie
Offline
3
Reputation:
0
Re: ==> Proc.Injected <==
«
Reply #14 on:
August 12, 2015, 07:31:01 PM »
thanks curson
thats mean iam not hacked by someone ?
is there a way to be sure of that?
what is the best way to detect if someone spy on me or have acces on my computer?
do you propose any training or formation in this forum or by videos?
Logged
Print
Pages: [
1
]
2
3
...
5
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
==> Proc.Injected <==