Found Proc.RunPE, [PUP.Gen0], [PUM.StartMenu] and more! Help me?

[dieselpots]

hello. what should i do about this ? i will attach files. (json and txt)
also i think my network is strange i am using TCPView if anyone is experienced with networking and wants to help with that.

thanks for great software and support!   

[Curson]

Hi Haned,

Welcome to Adlice.com Forum.
What do you mean by strange ? Did you install netcut on your own ?

Please select the following entry for deletion :

[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation.

We need to retrieve more information, for the [Run.PE] detection.
Please follow the following process :

• Download Process Explorer (x64) and save it to your desktop.
  
• Click on the setup file (procexp64.exe) and select Run as Administrator to start the tool.
  
• Locate the process named RtkNGUI64.exe, do a right click on it and select Create Dump > Create Full Dump...
  
• Save the dump on your desktop and compress it.
• Upload it to Dropbox, Google Drive or similar services and share the link in your next reply.

Regards.

[dieselpots]

Hi Haned,

Welcome to Adlice.com Forum.
What do you mean by strange ? Did you install netcut on your own ?

Please select the following entry for deletion :

[PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

PUM stands for Potentially Unwanted Modification. In your case, thoses entries are perfectly legit and necessary to access Internet.
For more information, please read RogueKiller Documentation.

We need to retrieve more information, for the [Run.PE] detection.
Please follow the following process :

• Download Process Explorer (x64) and save it to your desktop.
  
• Click on the setup file (procexp64.exe) and select Run as Administrator to start the tool.
  
• Locate the process named RtkNGUI64.exe, do a right click on it and select Create Dump > Create Full Dump...
  
• Save the dump on your desktop and compress it.
• Upload it to Dropbox, Google Drive or similar services and share the link in your next reply.

Regards.

Thank you for your quick reply and help I really appreciate it. I installed (then uninstalled) netcut yes.
I deleted what you told me to delete, and here is the dump: https://ufile.io/dq5ej

Thank you again! 

I guess I suspect that I have something infected.. I am not that experienced when it comes to these things.. I'll say it again lol I appreciate all the help!

[Curson]

Hi Haned,

The analysis of the dump concluded to a false positive.
Could you please attach the file RtkNGUI64.exe itself in your next message to help us fix this ?

Could you please also attach the log of the tool that detected malware in the "steam" folder ? It may be a false positive, since no malware should be able to survive a fresh install of Windows 10.

Regards.

[dieselpots]

Hi Haned,

The analysis of the dump concluded to a false positive.
Could you please attach the file RtkNGUI64.exe itself in your next message to help us fix this ?

Could you please also attach the log of the tool that detected malware in the "steam" folder ? It may be a false positive, since no malware should be able to survive a fresh install of Windows 10.

Regards.

Hi okay that sounds good but I am still almost certain something is wrong.. I don't have any logs left for the detected malware on my previous OS. Sorry!
Here is the RtkNGUI64.exe and related files in the same folder: https://ufile.io/ejrah

Thank you!!

[Curson]

Hi dieselpots,

Thanks.
We will do an analysis and get back to you as soon as possible.

Regards.