Author Topic: RuntimeBroker.exe marked as proc inject malware  (Read 6853 times)

0 Members and 1 Guest are viewing this topic.

January 26, 2018, 04:18:58 PM

tokyojef

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
RuntimeBroker.exe marked as proc inject malware
« on: January 26, 2018, 04:18:58 PM »
Hi!
Hoping someone might have a moment to look thru the attached dumps.
Running Roguekiller Premium has noted RuntimeBroker.exe as proc inject malware.
I want to include 3 instances of it that appeared in process hacker,
they are in the google drive link here ==>
https://drive.google.com/drive/folders/1DBUf5N_oJsY87M-hKQOu9w6rBe5E1YE4?usp=sharing

RuntimeBroker is in the usual folder that it is suppose to reside in.
Hoping to find out if it is a false positive or not.

Thanks for any help!

Jeff :)

Reply #1January 26, 2018, 05:21:36 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: RuntimeBroker.exe marked as proc inject malware
« Reply #1 on: January 26, 2018, 05:21:36 PM »
Hi Jeff,

Welcome to Adlice.com Forum.

The injection is made by AVAST Antivirus.
You don't need to worry about it.

Regards.

Reply #2January 26, 2018, 06:36:17 PM

tokyojef

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Re: RuntimeBroker.exe marked as proc inject malware
« Reply #2 on: January 26, 2018, 06:36:17 PM »
Thanks so much Curson :)

for taking the time to look
and reply so quickly.
My first encounter with looking at a dump file
and i couldn't recognize much on my own.
thanks for your skills and time, Very much appreciated!

Jeff

Reply #3January 26, 2018, 06:41:37 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: RuntimeBroker.exe marked as proc inject malware
« Reply #3 on: January 26, 2018, 06:41:37 PM »
Hi Jeff,

You are very welcome. That's why we are here for.
Thanks for the kind words, this is appreciated.  :)

Regards.