Author Topic: Unknown file found in RogueKiller?  (Read 9918 times)

0 Members and 1 Guest are viewing this topic.

November 12, 2018, 10:20:19 AM

somerandom

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Unknown file found in RogueKiller?
« on: November 12, 2018, 10:20:19 AM »

Hello, today I ran Roguekiller, and for the first time it displayed a "Potential Malware" file known as "agldiaod.sys". I have never heard of this name and never found it before on Roguekiller. Google shows nothing.

Reply #1November 12, 2018, 06:15:45 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Unknown file found in RogueKiller?
« Reply #1 on: November 12, 2018, 06:15:45 PM »
Hi somerandom,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

Reply #2November 12, 2018, 08:35:27 PM

somerandom

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Unknown file found in RogueKiller?
« Reply #2 on: November 12, 2018, 08:35:27 PM »
RogueKiller Anti-Malware V13.0.8.0 (x64) [Nov  6 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : Win10Ent [Administrator]
Started from : J:\Users\Asus2\Downloads\New folder\RogueKiller_portable64.exe
Mode : Standard Scan, Delete -- Date : 2018/11/12 20:00:53 (Duration : 00:04:19)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agldiaod -- [%localappdata%\Temp\agldiaod.sys] -> Deleted
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1767181348-1774727636-3438978190-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs --  -> Replaced (1)
[PUM.StartMenu (Potentially Malicious)] HKEY_USERS\S-1-5-21-1767181348-1774727636-3438978190-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_TrackProgs --  -> Replaced (1)

This was the log from the reported incident. I'm still unsure as to what agldiaod.sys is. Other software finds nothing like this.

Reply #3November 12, 2018, 08:53:53 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Unknown file found in RogueKiller?
« Reply #3 on: November 12, 2018, 08:53:53 PM »
Hi somerandom,

This is indeed quite strange.
Could you please attach the corresponding JSON report showing these detections ?

Regards.

Reply #4November 12, 2018, 09:02:38 PM

somerandom

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Unknown file found in RogueKiller?
« Reply #4 on: November 12, 2018, 09:02:38 PM »
Json. attached.
« Last Edit: November 12, 2018, 09:29:51 PM by somerandom »

Reply #5November 12, 2018, 09:42:06 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Unknown file found in RogueKiller?
« Reply #5 on: November 12, 2018, 09:42:06 PM »
Hi somerandom,

Thanks. Your computer is safe.
The file that was detected is GMER kernel-mode driver. Since its name is random-generated, it's normal that Google didn't find anything.

Regards.