Author Topic: What should I do, these are my only detections...2 are red  (Read 8276 times)

0 Members and 2 Guests are viewing this topic.

December 12, 2014, 07:53:31 AM

ihateregisteringforsites

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
What should I do, these are my only detections...2 are red
« on: December 12, 2014, 07:53:31 AM »
¤¤¤ Registry : 18 ¤¤¤
[PUP] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8  -> Found
[PUP] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8  -> Found
[PUP] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8  -> Found
[PUP] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce | Application Restart #0 : C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe min /RestartByRestartManager:E3DB46E5-A4FC-40f9-B2A6-25BF3BD32FB8  -> Found
[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{C43F3C6A-DA46-49DA-B028-7E1702F155BA} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C43F3C6A-DA46-49DA-B028-7E1702F155BA} | DhcpNameServer : 71.10.216.1 71.10.216.2 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

Reply #1December 12, 2014, 08:32:30 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: What should I do, these are my only detections...2 are red
« Reply #1 on: December 12, 2014, 08:32:30 AM »
Hello <== That's free, you know.

ASUS entry looks like a false positive. We'll take a look.
PS: You hate register for website, but it's necessary to avoid SPAM. If you don't, and if we let guest posting available, it's about hundreds of SPAM to remove every. single. day. Now you know why you don't hate that anymore :)
« Last Edit: December 12, 2014, 02:40:30 PM by Tigzy »

Reply #2December 12, 2014, 08:34:11 AM

ihateregisteringforsites

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: What should I do, these are my only detections...2 are red
« Reply #2 on: December 12, 2014, 08:34:11 AM »
Hello

Thank you, these are the two lines that it shows as red malware alert.

[Hj.RegVal] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found
[Hj.RegVal] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_4C78\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Found

What is your advice for these?

Reply #3December 12, 2014, 02:42:14 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: What should I do, these are my only detections...2 are red
« Reply #3 on: December 12, 2014, 02:42:14 PM »
That's unusual.  ???
It actually says to start itself... Anyway that's not malware, but still curious.

EDIT: What is the E: drive?

Reply #4December 13, 2014, 03:42:18 AM

ihateregisteringforsites

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: What should I do, these are my only detections...2 are red
« Reply #4 on: December 13, 2014, 03:42:18 AM »
E drive is recovery

Reply #5December 13, 2014, 07:33:49 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: What should I do, these are my only detections...2 are red
« Reply #5 on: December 13, 2014, 07:33:49 AM »
then ignore it.