Author Topic: "Dangerous" objects in Services detection  (Read 6602 times)

0 Members and 1 Guest are viewing this topic.

May 31, 2017, 10:30:01 pm

calamityjane

  • Newbie

  • Offline
  • *

  • 29
  • Reputation:
    0
  • Personal Text
    Not in Kansas
    • View Profile
"Dangerous" objects in Services detection
« on: May 31, 2017, 10:30:01 pm »
Before  I spend a lot of time on this, could you kindly verify that these are not false positives.
This is the first time I have ever seen anything detected under the Services category.

They are in the enclosed attachment, and displayed in red zone saying  they are dangerous and must be removed.

Many thanks.
cj

Reply #1May 31, 2017, 11:11:28 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2314
  • Reputation:
    82
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #1 on: May 31, 2017, 11:11:28 pm »
Hi Calamity,

These are false positives.
Could you please tell me if you disabled the "VirusTotal Analysis" option ?

Regards.

Note : This thread has been moved to the "RogueKiller PREMIUM" section for clarity.

Reply #2June 01, 2017, 12:58:48 am

calamityjane

  • Newbie

  • Offline
  • *

  • 29
  • Reputation:
    0
  • Personal Text
    Not in Kansas
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #2 on: June 01, 2017, 12:58:48 am »
Hi Curson,

I'm grateful for your quick reply.
No, "VirusTotal Analysis" option was not ticked.

I've included a screen shot of the scan settings.
If there is anything different that you recommend I change the settings to, please advise.

I'm breathing easier now.
My regards to you.
cj

Reply #3June 01, 2017, 01:10:46 am

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2314
  • Reputation:
    82
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #3 on: June 01, 2017, 01:10:46 am »
Hi Calamity,

It's strongly adviced to keep the "VirusTotal Analysis" option enabled when using MalPE detection engine.
Could you please enable it, redo a scan and check if the false positives you reported are still detected ?

Regards.

Reply #4June 01, 2017, 01:19:07 am

calamityjane

  • Newbie

  • Offline
  • *

  • 29
  • Reputation:
    0
  • Personal Text
    Not in Kansas
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #4 on: June 01, 2017, 01:19:07 am »
I'm doing this right now.

Curiously, I had thought "Virus Total" was included as I have not changed any settings for a long time.

I will report back with updated scan results, asap.
cj

Reply #5June 01, 2017, 02:23:31 am

calamityjane

  • Newbie

  • Offline
  • *

  • 29
  • Reputation:
    0
  • Personal Text
    Not in Kansas
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #5 on: June 01, 2017, 02:23:31 am »
OK,
If you are still awake, Curson, et al,

I've re-run RK with Virus Total analysis and included the image attachment-

Results: The same 4 "malware objects", as the previous ones listed.

Should I try to scan again and use the beta malPE analysis?
cj

ps- The only variable I can think of is today's scans are the first scans I've performed since your latest update.

Reply #6June 01, 2017, 05:52:23 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2314
  • Reputation:
    82
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #6 on: June 01, 2017, 05:52:23 pm »
Hi Calamity,

Thanks for your feedback.
A bug was spotted that triggers false positives when using MalPE analysis. This will be fixed on RogueKiller next release.
I advice you to disabled it for the time being and wait for the fix before testing it again.

Regards.

Reply #7June 01, 2017, 09:07:56 pm

calamityjane

  • Newbie

  • Offline
  • *

  • 29
  • Reputation:
    0
  • Personal Text
    Not in Kansas
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #7 on: June 01, 2017, 09:07:56 pm »
Hi Curson,

You said-
"A bug was detected.....when using MalPE analysis...."

However, I never used the MalPE option when I scanned.
I've included, again in attachment, what my settings were.

I did rescan, but only using "VirusTotal Analysis" option  and NOT the MalPE analysis.
cj

Reply #8June 02, 2017, 04:18:02 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2314
  • Reputation:
    82
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #8 on: June 02, 2017, 04:18:02 pm »
Hi Calamity,

RogueKiller next release will be shipped on Monday.
Would you please give it a try and tell me if thoses false positives are still here ?

Regards.

Reply #9June 02, 2017, 04:32:44 pm

calamityjane

  • Newbie

  • Offline
  • *

  • 29
  • Reputation:
    0
  • Personal Text
    Not in Kansas
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #9 on: June 02, 2017, 04:32:44 pm »
Absolutely.
I'll report back when I have the results next week.

Regards,
cj

Reply #10June 02, 2017, 11:00:04 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2314
  • Reputation:
    82
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #10 on: June 02, 2017, 11:00:04 pm »
Hi Calamity,

Thanks.
I will wait for your feedback.

Regards.

Reply #11June 05, 2017, 07:04:21 pm

calamityjane

  • Newbie

  • Offline
  • *

  • 29
  • Reputation:
    0
  • Personal Text
    Not in Kansas
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #11 on: June 05, 2017, 07:04:21 pm »
Hi Curson,

I re-ran scan w/today's update.
I've included attachments showing:

1. Detections in "orange" zone (no red, this time)
(slightly different mix of detected objects)

2.  Scan settings used

3.  Notification bar on Windows
-Something odd I've never seen before, left of normal RK icon was "error" RK icon.
 -Following RK update, when I put cursor over this yellow triangle error icon, it said "corrupted file .
 -However, eventually, the error icon disappeared on it's own.


If you want me to try anything else, just let me know.
Regards,
cj

Reply #12June 05, 2017, 08:05:38 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2314
  • Reputation:
    82
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #12 on: June 05, 2017, 08:05:38 pm »
Hi Calamity,

Thanks for your feedback.
Could you please attach the three executables detected in your next reply ?

Regards.

Reply #13June 05, 2017, 09:29:58 pm

calamityjane

  • Newbie

  • Offline
  • *

  • 29
  • Reputation:
    0
  • Personal Text
    Not in Kansas
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #13 on: June 05, 2017, 09:29:58 pm »
Sorry Curson, I should have included more detail.

Please see attachments & let me know what else I can do.
cj

Reply #14June 05, 2017, 11:53:35 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2314
  • Reputation:
    82
    • View Profile
Re: "Dangerous" objects in Services detection
« Reply #14 on: June 05, 2017, 11:53:35 pm »
Hi Calamity,

For the time being, we are going to investigate the files detected during the scan and determine why they are not whitelisted by VT database.
I will keep you updated on the results of our investigations.

Regards.