Author Topic: ==> Proc.Injected <==  (Read 101812 times)

0 Members and 2 Guests are viewing this topic.

Reply #45November 13, 2017, 01:20:15 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #45 on: November 13, 2017, 01:20:15 PM »
Hi BoxDirty,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller report ? Are you doing active developement on your computer (VB or C#, especially) ?

Regards.

Reply #46November 13, 2017, 08:23:16 PM

BoxDirty

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #46 on: November 13, 2017, 08:23:16 PM »
Hey Curson,

Thanks alot and I uploaded the rogue killer report into the same google drive link. https://drive.google.com/drive/folders/1xg5bB5N04wjLh7kL2QVZJeDmUbSrnWd_
I wasnt sure what you wanted exactly so i added anything i could :D  and no no develpment is being done on that computer.

Reply #47November 13, 2017, 11:53:28 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #47 on: November 13, 2017, 11:53:28 PM »
Hi BoxDirty,

These are not legit injections. Your computer is infected.
Please open a new theard in the Malware removal section of the forum. I will then help you to get rid of it.

Regards.

Reply #48January 10, 2018, 01:12:51 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #48 on: January 10, 2018, 01:12:51 PM »
Hi tienchien1,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller report with your next reply ?

Regards.

Reply #49January 10, 2018, 05:16:22 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #49 on: January 10, 2018, 05:16:22 PM »
I tienchien1,

PUMs detections are not not necessary malicious. Here, they match the MSN search engine and so, are legit.
The [Proc.Injected] detection is not present in your report. Could you please restart your computer, redo a scan and post the report with your next reply ?

Regards.

Reply #50January 13, 2018, 02:11:45 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #50 on: January 13, 2018, 02:11:45 PM »
Hi tienchien1,

The injected executable is Battlefield 1 main executable. Since it's a very large file, it will be difficult.
Did you install any mod or hacking software ? If that's not the case, I think it's Origin anticheat feature being detected.

Regards.

Reply #51January 15, 2018, 01:40:48 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #51 on: January 15, 2018, 01:40:48 PM »
Hi tienchien1,

Yes, if it's an infection a full system reformat will get rid of it.
However, since this is the only injected process, I really doubt there is an infection.

Regards.

Reply #52March 05, 2018, 03:12:45 AM

Reply #53March 07, 2018, 02:23:04 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #53 on: March 07, 2018, 02:23:04 PM »
Hi Booky Banton,

Welcome to Adlice.com Forum.
These injections are legit, we will whitelist them as soon as possible.

Regards.

Reply #54April 04, 2018, 01:22:39 PM

Siddharth Kumar

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #54 on: April 04, 2018, 01:22:39 PM »
Hi!
Today I ran a scan with Roguekiller and it found explorer.exe as Proc.Infected.
I'm giving link to the rogurkiller log and explorer.exe dmp file. Kindly analyse it asap and let me know
https://www.sendspace.com/file/0lc8zj
https://www.sendspace.com/file/py4l6w

Regards,
Siddharth

Reply #55April 04, 2018, 08:03:00 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #55 on: April 04, 2018, 08:03:00 PM »
Hi Siddharth,

Welcome to Adlice.com Forum.
Could you please relaunch RogueKiller, delete the [Adw.Butler] et [Adw.FastDataX] entries, then reboot your computer and check if explorer.exe is still injected ?

Regards.

Reply #56April 05, 2018, 12:06:32 PM

Siddharth Kumar

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #56 on: April 05, 2018, 12:06:32 PM »
After rebooting, I ran a scan with Roguekiller and it did not detected explorer as Proj.infected. So can you tell that removing the other entries can remove Proj.Infected ?

Reply #57April 05, 2018, 03:35:14 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #57 on: April 05, 2018, 03:35:14 PM »
Hi Siddharth,

In this case, Adw.Butler implemented a driver which was responsible for the injection on explorer.exe.
Since RogueKiller removed the driver, explorer.exe is no longer injected.

Regards.

Reply #58April 17, 2018, 05:12:16 AM

Miklo

  • Newbie

  • Offline
  • *

  • 6
  • Reputation:
    0
    • View Profile
Re: ==> Proc.Injected <==
« Reply #58 on: April 17, 2018, 05:12:16 AM »
NEW UPDATES: Regarding the Warning/Virus: [Proc.Injected] within [svchost.exe] File!



This is a re-edited Topic. I Created a Topic earler and needed help regarding this type of Virus. I was not sure if my Computer was Infected or not....

Hello Everyone.  I was finally able to get rid of the Virus/Warning [Proc.Injected] within [svchost.exe] File by Replacing the Windows System Files with a fresh set of files from My Windows Installations CD. Incase someone else had the same problem, then this is how I fixed mine.

Please know that I DO NOT recommend using this method. Mainly because your Windows might fail to Restart, As mine did. There are probably better ways to replace your Windows System Files. In my case I had no other choice.

1. So based on the main topic, I used "Process Hacker" Software to detect the Process above the Infected filename svchost.exe . Such as:[/b]

- The Process above the infected svchost.exe file was called services.exe
- And Process above the services.exe was called:  winini.exe

I suspected that one of the the following files seen below were causing the Infection:

C:\Windows\System32\wininit.exe
C:\Windows\System32\services.exe
C:\Windows\System32\svchost.exe

2. I basicly replaced all 3 files using a fresh set from my Windows Installation CD, and through the Command Line. But this did not come easy. After Replacing the files. My Windows failed to restart. .

3. I had to use the Windows "Startup Repair" Option from the Installations CD.  After the Repair was Complete my windows started totally fine.

4. I then ran a Final Scan using "RogueKiller". And finally the "Proj.Inected" svchost.exe virus was completely gone. 

I really hope that this could help someone else. But as I mentioned above. Please DO NOT attempt using this method for Replacing your Windows System Files. Please use a different way. Thank you.

Ps, I wanna send a huge thanks to the Adlice Team for their hard work and support within the forums. If it wasn't for this Topic and RogueKiller. I probably had been infected for very long time. So Thank you again!
« Last Edit: April 17, 2018, 10:22:26 PM by Miklo »

Reply #59April 17, 2018, 10:13:00 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: ==> Proc.Injected <==
« Reply #59 on: April 17, 2018, 10:13:00 PM »
Hi Miklo,

Welcome to Adlice.com Forum and thanks for your extented feedback.
There was indeed an odd injection into svchost.exe. The method you used to get rid of it is quite convulsed but thanks to your detailed explanations, I'm sure it can benefict some users.

Using the dumps you gave us, we will be able to analyse the injection in depth.
Also, thanks for the kind words, this is appreciated.

Regards.