Author Topic: Possible Rootkit detected  (Read 6757 times)

0 Members and 1 Guest are viewing this topic.

December 14, 2014, 07:00:26 PM

Shug Ninx

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Possible Rootkit detected
« on: December 14, 2014, 07:00:26 PM »
Hello there,

First thanks a lot for providing Roguekiller for free, that nice piece of software was recommended through a malware removal help forum (forum.malekal.org) for PUM.DNS removal.

In a recent case of malware removal, Roguekiller reported possible rootkit. As I'm new to Roguekiller, I'm having difficulties to tell if I'm facing a real rootkit infection or a false positive. I've read that some antivirus components can produce false positive, and indeed Avast is installed on this computer, but I'm still unable to decide based on the FAQ, tutorial, and known issues (reading and knowing is one thing, knowing how to... is another ;-).

The Roguekiller report is accessible here, as well as an FRST report.

Thanks a lot for your help and expertise.

Reply #1December 16, 2014, 06:20:20 PM

Shug Ninx

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Possible Rootkit detected
« Reply #1 on: December 16, 2014, 06:20:20 PM »
Hello again !

No one to help analyzing the RogueKiller report ?   :'(

Reply #2December 19, 2014, 03:57:09 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Possible Rootkit detected
« Reply #2 on: December 19, 2014, 03:57:09 PM »
Hello
This is hard to say, most of the time it's an antivirus that does this.
We'll soon working on this issue (once the uploader website is ready to accept the process dumps), so I'd skip it for now. Doesn't look malware, just a false alarm.

Reply #3January 05, 2015, 02:28:16 PM

Shug Ninx

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Possible Rootkit detected
« Reply #3 on: January 05, 2015, 02:28:16 PM »
Thanks for your input. I'll perform another RogueKiller scan after removing the antivirus and give you the report.

My best wishes for this new year  :)

Reply #4January 13, 2015, 06:58:55 PM

Shug Ninx

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Possible Rootkit detected
« Reply #4 on: January 13, 2015, 06:58:55 PM »
Hello !

No more suspected rootkit after removing Avast 2015 (free edition). I guess you made some change to RogueKiller since the current version didn't report this false positive after antivirus reinstallation.

Thanks anyway !