Author Topic: What should I do, these are my only detections...2 are red (Read 8271 times)

ihateregisteringforsites · « **on:** December 12, 2014, 07:53:31 AM »

¤¤¤ Registry : 18 ¤¤¤
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8 -> Found
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8 -> Found
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8 -> Found
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8 -> Found
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C43F3C6A-DA46-49DA-B028-7E1702F155BA} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C43F3C6A-DA46-49DA-B028-7E1702F155BA} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

Tigzy · « **Reply #1 on:** December 12, 2014, 08:32:30 AM »

Hello <== That's free, you know.

ASUS entry looks like a false positive. We'll take a look.
PS: You hate register for website, but it's necessary to avoid SPAM. If you don't, and if we let guest posting available, it's about hundreds of SPAM to remove every. single. day. Now you know why you don't hate that anymore

ihateregisteringforsites · « **Reply #2 on:** December 12, 2014, 08:34:11 AM »

Hello

Thank you, these are the two lines that it shows as red malware alert.

[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found

What is your advice for these?

Tigzy · « **Reply #3 on:** December 12, 2014, 02:42:14 PM »

That's unusual.

It actually says to start itself... Anyway that's not malware, but still curious.

EDIT: What is the E: drive?

ihateregisteringforsites · « **Reply #4 on:** December 13, 2014, 03:42:18 AM »

E drive is recovery

Tigzy · « **Reply #5 on:** December 13, 2014, 07:33:49 AM »

then ignore it.

Author Topic: What should I do, these are my only detections...2 are red (Read 8271 times)

ihateregisteringforsites

What should I do, these are my only detections...2 are red

Tigzy

Re: What should I do, these are my only detections...2 are red

ihateregisteringforsites

Re: What should I do, these are my only detections...2 are red

Tigzy

Re: What should I do, these are my only detections...2 are red

ihateregisteringforsites

Re: What should I do, these are my only detections...2 are red

Tigzy

Re: What should I do, these are my only detections...2 are red