« previous next »
Pages: [1]

Author Topic: False positve  (Read 7053 times)

0 Members and 1 Guest are viewing this topic.

November 16, 2017, 07:46:05 AM

mr5Adlice

  • Newbie
  • Offline
  • *
  • 3
  • Reputation:
    0
    • View Profile
False positve
« on: November 16, 2017, 07:46:05 AM »
It detect svchost as proc.runPe and idk if it was a false positive any help is appreciated


Here is the JSON file download- https://drive.google.com/file/d/1hulFVduEhRWBlnbJ9_ofkXuXPJ7eTN0s/view?usp=sharingFNHTN8
Logged
Reply #1November 16, 2017, 07:51:32 AM

mr5Adlice

  • Newbie
  • Offline
  • *
  • 3
  • Reputation:
    0
    • View Profile
Re: False positve
« Reply #1 on: November 16, 2017, 07:51:32 AM »
Here the .txt file just incase


RogueKiller V12.11.24.0 (x64) [Nov 13 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : matth [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/16/2017 00:59:08 (Duration : 00:23:31)

¤¤¤ Processes : 1 ¤¤¤
[Proc.RunPE] svchost.exe(3028) -- c:\Windows\System32\svchost.exe[7] -> Found

¤¤¤ Registry : 15 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-df066c95  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-df066c95  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3448816122-827311409-3711641623-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3448816122-827311409-3711641623-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3448816122-827311409-3711641623-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3448816122-827311409-3711641623-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp17win10.msn.com/?pc=HCTE  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation -- C:\WINDOWS\TEMP\sp81731.exe -> Found

¤¤¤ Files : 1 ¤¤¤
[PUP.uTorrentAds][File] C:\Users\matth\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] e41bc5ab5d8867337f68978416e26cae
[BSP] 6660c97e02e685edf7c7681da1a25e0d : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 940210 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1926117376 | Size: 980 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1928124416 | Size: 12396 MB
User = LL1 ... OK
User = LL2 ... OK
Logged
Reply #2November 16, 2017, 02:05:17 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: False positve
« Reply #2 on: November 16, 2017, 02:05:17 PM »
Hi mr5Adlice,

Welcome to Adlice.com Forum.
Yes, it's indeed a false positive. Do you use BitLocker on this computer ?

Regards.
Logged
Reply #3November 18, 2017, 08:46:29 PM

mr5Adlice

  • Newbie
  • Offline
  • *
  • 3
  • Reputation:
    0
    • View Profile
Re: False positve
« Reply #3 on: November 18, 2017, 08:46:29 PM »
i cant say i know if i do or not use bitlocker. Sorry for the extremely late reply
Logged
Reply #4November 18, 2017, 11:57:09 PM

Curson

  • Global Moderator
  • Hero Member
  • Offline
  • *****
  • 2809
  • Reputation:
    100
    • View Profile
Re: False positve
« Reply #4 on: November 18, 2017, 11:57:09 PM »
Hi mr5Adlice,

Thanks for the feedback. If you used it, you will have known.
Don't worry about the delay, it's perfectly fine.

Regards.
Logged
Pages: [1]
« previous next »