Author Topic: RogueKiller Premium detections  (Read 3104 times)

0 Members and 1 Guest are viewing this topic.

April 02, 2017, 05:40:33 am

mheer100

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
RogueKiller Premium detections
« on: April 02, 2017, 05:40:33 am »
I have had three persistent (three times detected on three separate scan) detections in McAfee executables.  RogueKiller cannot delete them - reports "Error(0)"; therefore they are detected again on subsequent scans.  here is the txt report of the last scan:
RogueKiller V12.3.0.0 (x64) [May 22 2016] (Premium) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Mike [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 04/01/2017 20:41:43

Processes : 3
[Proc.RunPE] McClientAnalytics.exe(10312) -- C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe[7] -> ERROR
[Proc.RunPE] McAMTaskAgent.exe(18360) -- C:\Program Files\Common Files\McAfee\platform\McAMTaskAgent.exe[7] -> ERROR
[Proc.RunPE] McVulCtr.exe(5960) -- C:\Program Files\mcafee\vul\McVulCtr.exe[7] -> ERROR


Registry : 0

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 0 (Driver: Not loaded [0x20])

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: HGST HTS725050A7E6300 SCSI Disk Device +++++
--- User ---
[MBR] 9ad8effcb0c1c8cf08d954d4a2e6c8f7
[BSP] 55142c597ac2ce6ced9fa871ca50aebe : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 455123 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 932501504 | Size: 21513 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB
User = LL1 ... OK
User = LL2 ... OK

So are these false positives?  On another note, the report indicates the antirootkit driver was not loaded.  I've have always checked that "load driver" box before scanning, and it doesn't load.. ??

Reply #1April 03, 2017, 07:17:15 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2315
  • Reputation:
    82
    • View Profile
Re: RogueKiller Premium detections
« Reply #1 on: April 03, 2017, 07:17:15 pm »
Hi Mike,

Welcome to Adlice.com Forum.
You are using an outdated version of RogueKiller (May 2016). Could you please update it then redo a scan ?

Regards.

Note : This thread has been moved to the "RogueKiller PREMIUM" section for clarity.

Reply #2April 04, 2017, 06:21:23 am

mheer100

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: RogueKiller Premium detections
« Reply #2 on: April 04, 2017, 06:21:23 am »
I will do that.  Thought it updated automatically.. thanks :)

Reply #3April 04, 2017, 09:36:51 am

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2315
  • Reputation:
    82
    • View Profile
Re: RogueKiller Premium detections
« Reply #3 on: April 04, 2017, 09:36:51 am »
Hi Mike,

You are very welcome.
Don't hesitate to post the result of the new scan if anything is weird.

Regards.

Reply #4April 05, 2017, 12:02:40 am

mheer100

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: RogueKiller Premium detections
« Reply #4 on: April 05, 2017, 12:02:40 am »
The new SW ran fine, found many things and fixed/deleted all... great product, thanks for the help! :)

Reply #5April 05, 2017, 05:24:41 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2315
  • Reputation:
    82
    • View Profile
Re: RogueKiller Premium detections
« Reply #5 on: April 05, 2017, 05:24:41 pm »
Hi Mike,

You are very welcome. :)
Thanks for the kind words.

Regards.