Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
[Suspicious.Path] NvOAWrapperCache.exe False Positive?
« previous
next »
Print
Pages: [
1
]
Author
Topic: [Suspicious.Path] NvOAWrapperCache.exe False Positive? (Read 9793 times)
0 Members and 2 Guests are viewing this topic.
July 22, 2018, 06:52:36 PM
farnhold
Newbie
Offline
8
Reputation:
0
[Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
on:
July 22, 2018, 06:52:36 PM »
Hi, I updated my graphic card through Nvidia exprience and scanned my computer with roguekiller, and I keep receiving this:
1.
¤¤¤ Processes : 1 ¤¤¤
[Suspicious.Path] NvOAWrapperCache.exe(7192) -- C:\Users\XXXXXXXXX\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[7] -> Found
Is this false positive?
2.
+ previously I received
PUM.Dns in registry ending in DhcpNameServer
Is this too false positive? It appeared only once and never again, but also today.
NvOAWrapper keeps appearing after each restart.
Thanks.
Logged
Reply #1
July 23, 2018, 08:10:31 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #1 on:
July 23, 2018, 08:10:31 PM »
Hi farnhold,
Welcome to Adlice.com Forum and thanks for your feedback.
This is indeed a false positive. We will whitelist this detection as soon as possible.
As for the PUM.DNS detection, this was also likely a false positive. For more information, please refer to
RogueKiller Documentation
.
Regards.
Logged
Reply #2
July 23, 2018, 10:34:38 PM
farnhold
Newbie
Offline
8
Reputation:
0
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #2 on:
July 23, 2018, 10:34:38 PM »
This is the PUM.Dns that I found. I did not know that roguekiller stores logs, found it out now
. So here is the log. This is the log from yesterday when I made the post. Do you think this was definitely false positive?
¤¤¤ Registry : 1 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{af6688e0-e884-44ba-8f59-df73fd60d6fb} | DhcpNameServer : 150.213.1.2 ([X]) -> Found
First appeared this and then never again. Then started appearing Nvidia Suspicious path after each restart in my post above.
Logged
Reply #3
July 24, 2018, 03:01:30 AM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #3 on:
July 24, 2018, 03:01:30 AM »
Hi farnhold,
Thanks.
This IP does not seems to be in use anymore. Is the name "Norasia" familiar to to you ?
Regards.
Logged
Reply #4
July 24, 2018, 07:53:28 PM
farnhold
Newbie
Offline
8
Reputation:
0
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #4 on:
July 24, 2018, 07:53:28 PM »
No, never heard of it. What is it? Btw, google showed timezone of ip coming from country that is not mine.
So, please, do you think it was a false threat or, what was it? What does it all even mean?
I mean, does pum.dns mean that someone elsr was in my computer and I should worry about personal information or it.might have been a modification from, lets say an online game that I played?
Most of all, is it threat or false positive?
Thanks
«
Last Edit: July 25, 2018, 03:34:43 PM by farnhold
»
Logged
Reply #5
July 26, 2018, 02:02:25 PM
farnhold
Newbie
Offline
8
Reputation:
0
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #5 on:
July 26, 2018, 02:02:25 PM »
Dude?
was someone in my computer or was it false positive please?
Logged
Reply #6
July 26, 2018, 10:52:09 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #6 on:
July 26, 2018, 10:52:09 PM »
Hi farnhold,
Sorry, it was a busy week.
This IP address was linked to a company called Norasia in the past. In case you did know this name, it may be that you used their DNS sever at some point. Since, that's not it, I can't really explain why this IP was assigned to your network interface.
The IP now points to nothing, so there is nothing malicious going on.
Please don't hesitate to report back if RogueKiller detects it again.
Regards.
Logged
Reply #7
July 27, 2018, 01:38:26 AM
farnhold
Newbie
Offline
8
Reputation:
0
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #7 on:
July 27, 2018, 01:38:26 AM »
Thanks a lot for your answers
,last 2 questions:
1. I have internet with dynamic IP, is it possible that perhaps I received IP that belonged to them?
2. you say nothing malicious is happening atm, but if 1. question is wrong, then something malicious may have happened in past?
Or, this all is completely harmless anyway?
I will let you know
Logged
Reply #8
July 27, 2018, 02:19:47 AM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #8 on:
July 27, 2018, 02:19:47 AM »
Hi farnhold,
You are welcome. To answer your questions :
1) No, it's really unlikely this IP was assigned to you by your ISP.
2) That's hard to say, but I don't think so since this address is not present in malware analysis databases.
Regard.
Logged
Reply #9
July 27, 2018, 04:39:11 PM
farnhold
Newbie
Offline
8
Reputation:
0
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #9 on:
July 27, 2018, 04:39:11 PM »
Thanks a lot for your answers
I have version 12.12.28.0 of roguekiller and it still keeps finding NvOAWrapperCache.exe as threat - suspicous path. Hopefully it will be whitelisted in next version
This is the current log:
[Suspicious.Path] NvOAWrapperCache.exe(8040) -- C:\Users\XXXXXXX\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe[7] -> Killed [TermThr]
Is this still same problem and it is false positive, right?
«
Last Edit: July 27, 2018, 08:33:04 PM by farnhold
»
Logged
Reply #10
July 28, 2018, 05:18:39 PM
farnhold
Newbie
Offline
8
Reputation:
0
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #10 on:
July 28, 2018, 05:18:39 PM »
Sorry for bothering you. Just want to verify if this was really not fixed yet and is false positive
.
Cause day after I reported this Roguekiller had an update ( 12.12.28.0) and yet I was finding it.
Thanks.
Logged
Reply #11
July 29, 2018, 04:17:57 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #11 on:
July 29, 2018, 04:17:57 PM »
Hi farnhold,
You are very welcome.
RogueKiller V12.12.29 will be released tomorrow and will contain the fix.
Regards.
Logged
Reply #12
July 30, 2018, 12:54:15 AM
farnhold
Newbie
Offline
8
Reputation:
0
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #12 on:
July 30, 2018, 12:54:15 AM »
Thanks a lot for your help and patience
. Appreciate it. I know I had a lot of questions, I apologize for that. Have a nice day
Logged
Reply #13
July 30, 2018, 01:25:03 AM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: [Suspicious.Path] NvOAWrapperCache.exe False Positive?
«
Reply #13 on:
July 30, 2018, 01:25:03 AM »
Hi farnhold,
You are very welcome.
I'm glad I was able to help you.
Have a nice day.
Logged
Print
Pages: [
1
]
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
[Suspicious.Path] NvOAWrapperCache.exe False Positive?