Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller PREMIUM
»
"Dangerous" objects in Services detection
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: "Dangerous" objects in Services detection (Read 15816 times)
0 Members and 1 Guest are viewing this topic.
May 31, 2017, 10:30:01 PM
calamityjane
Newbie
Offline
29
Reputation:
0
Personal Text
Not in Kansas
"Dangerous" objects in Services detection
«
on:
May 31, 2017, 10:30:01 PM »
Before I spend a lot of time on this, could you kindly verify that these are not false positives.
This is the first time I have ever seen anything detected under the Services category.
They are in the enclosed attachment, and displayed in red zone saying they are dangerous and must be removed.
Many thanks.
cj
Logged
Reply #1
May 31, 2017, 11:11:28 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: "Dangerous" objects in Services detection
«
Reply #1 on:
May 31, 2017, 11:11:28 PM »
Hi Calamity,
These are false positives.
Could you please tell me if you disabled the "VirusTotal Analysis" option ?
Regards.
Note : This thread has been moved to the "RogueKiller PREMIUM" section for clarity.
Logged
Reply #2
June 01, 2017, 12:58:48 AM
calamityjane
Newbie
Offline
29
Reputation:
0
Personal Text
Not in Kansas
Re: "Dangerous" objects in Services detection
«
Reply #2 on:
June 01, 2017, 12:58:48 AM »
Hi Curson,
I'm grateful for your quick reply.
No, "VirusTotal Analysis" option was not ticked.
I've included a screen shot of the scan settings.
If there is anything different that you recommend I change the settings to, please advise.
I'm breathing easier now.
My regards to you.
cj
Logged
Reply #3
June 01, 2017, 01:10:46 AM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: "Dangerous" objects in Services detection
«
Reply #3 on:
June 01, 2017, 01:10:46 AM »
Hi Calamity,
It's strongly adviced to keep the "VirusTotal Analysis" option enabled when using MalPE detection engine.
Could you please enable it, redo a scan and check if the false positives you reported are still detected ?
Regards.
Logged
Reply #4
June 01, 2017, 01:19:07 AM
calamityjane
Newbie
Offline
29
Reputation:
0
Personal Text
Not in Kansas
Re: "Dangerous" objects in Services detection
«
Reply #4 on:
June 01, 2017, 01:19:07 AM »
I'm doing this right now.
Curiously, I had thought "Virus Total" was included as I have not changed any settings for a long time.
I will report back with updated scan results, asap.
cj
Logged
Reply #5
June 01, 2017, 02:23:31 AM
calamityjane
Newbie
Offline
29
Reputation:
0
Personal Text
Not in Kansas
Re: "Dangerous" objects in Services detection
«
Reply #5 on:
June 01, 2017, 02:23:31 AM »
OK,
If you are still awake, Curson, et al,
I've re-run RK with Virus Total analysis and included the image attachment-
Results: The same 4 "malware objects", as the previous ones listed.
Should I try to scan again and use the beta malPE analysis?
cj
ps- The only variable I can think of is today's scans are the first scans I've performed since your latest update.
Logged
Reply #6
June 01, 2017, 05:52:23 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: "Dangerous" objects in Services detection
«
Reply #6 on:
June 01, 2017, 05:52:23 PM »
Hi Calamity,
Thanks for your feedback.
A bug was spotted that triggers false positives when using MalPE analysis. This will be fixed on RogueKiller next release.
I advice you to disabled it for the time being and wait for the fix before testing it again.
Regards.
Logged
Reply #7
June 01, 2017, 09:07:56 PM
calamityjane
Newbie
Offline
29
Reputation:
0
Personal Text
Not in Kansas
Re: "Dangerous" objects in Services detection
«
Reply #7 on:
June 01, 2017, 09:07:56 PM »
Hi Curson,
You said-
"A bug was detected.....when using MalPE analysis...."
However, I never used the MalPE option when I scanned.
I've included, again in attachment, what my settings were.
I did rescan, but only using "VirusTotal Analysis" option and NOT the MalPE analysis.
cj
Logged
Reply #8
June 02, 2017, 04:18:02 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: "Dangerous" objects in Services detection
«
Reply #8 on:
June 02, 2017, 04:18:02 PM »
Hi Calamity,
RogueKiller next release will be shipped on Monday.
Would you please give it a try and tell me if thoses false positives are still here ?
Regards.
Logged
Reply #9
June 02, 2017, 04:32:44 PM
calamityjane
Newbie
Offline
29
Reputation:
0
Personal Text
Not in Kansas
Re: "Dangerous" objects in Services detection
«
Reply #9 on:
June 02, 2017, 04:32:44 PM »
Absolutely.
I'll report back when I have the results next week.
Regards,
cj
Logged
Reply #10
June 02, 2017, 11:00:04 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: "Dangerous" objects in Services detection
«
Reply #10 on:
June 02, 2017, 11:00:04 PM »
Hi Calamity,
Thanks.
I will wait for your feedback.
Regards.
Logged
Reply #11
June 05, 2017, 07:04:21 PM
calamityjane
Newbie
Offline
29
Reputation:
0
Personal Text
Not in Kansas
Re: "Dangerous" objects in Services detection
«
Reply #11 on:
June 05, 2017, 07:04:21 PM »
Hi Curson,
I re-ran scan w/today's update.
I've included attachments showing:
1. Detections in "orange" zone (no red, this time)
(slightly different mix of detected objects)
2. Scan settings used
3. Notification bar on Windows
-Something odd I've never seen before, left of normal RK icon was "error" RK icon.
-Following RK update, when I put cursor over this yellow triangle error icon, it said "corrupted file .
-However, eventually, the error icon disappeared on it's own.
If you want me to try anything else, just let me know.
Regards,
cj
Logged
Reply #12
June 05, 2017, 08:05:38 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: "Dangerous" objects in Services detection
«
Reply #12 on:
June 05, 2017, 08:05:38 PM »
Hi Calamity,
Thanks for your feedback.
Could you please attach the three executables detected in your next reply ?
Regards.
Logged
Reply #13
June 05, 2017, 09:29:58 PM
calamityjane
Newbie
Offline
29
Reputation:
0
Personal Text
Not in Kansas
Re: "Dangerous" objects in Services detection
«
Reply #13 on:
June 05, 2017, 09:29:58 PM »
Sorry Curson, I should have included more detail.
Please see attachments & let me know what else I can do.
cj
Logged
Reply #14
June 05, 2017, 11:53:35 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: "Dangerous" objects in Services detection
«
Reply #14 on:
June 05, 2017, 11:53:35 PM »
Hi Calamity,
For the time being, we are going to investigate the files detected during the scan and determine why they are not whitelisted by VT database.
I will keep you updated on the results of our investigations.
Regards.
Logged
Print
Pages: [
1
]
2
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller PREMIUM
»
"Dangerous" objects in Services detection