Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
Initial Scan
« previous
next »
Print
Pages: [
1
]
Author
Topic: Initial Scan (Read 6834 times)
0 Members and 3 Guests are viewing this topic.
January 31, 2015, 02:45:56 AM
edsyl
Newbie
Offline
4
Reputation:
0
Initial Scan
«
on:
January 31, 2015, 02:45:56 AM »
Hello, my first post.
I found your program by accident, very useful.
I have a question or two about the initial scan.
When it first starts up to do the initial scan it lists a lot of tasks/processes in the first tab that are RED.
They seem to me to be just regular Windows processes and the like and then it proceeds to kill a lot of them( do not know why) and eventually I am left with a black screen and the program window only.
Is this normal or just what should occur? It seems odd to me to list these apparent normal win7 processes as RED(malware)?
Can you explain what is going on?
I cannot give you a screen shot as my screen capture program as well as everything else, as I stated above, is killed.
Thanks in advance and for your efforts poured into this program.
Regards
ED
Logged
Reply #1
February 01, 2015, 05:23:39 PM
edsyl
Newbie
Offline
4
Reputation:
0
Re: Initial Scan
«
Reply #1 on:
February 01, 2015, 05:23:39 PM »
I thought I would try running the program on my desktop. In this case the initial scan has a couple of RED, one orange. But in this case my desktop and other programs are accessible and I could take the screen shot. In the laptop case I posted earlier, everything seems to be killed like the first two entries on the attached. I am very puzzled as to the different behavior between the two initial scans and why on the laptop all the 'normal processes' are killed but NOT in the desktop. Both are running win7 x64. I will also attached the report for the desktop as well for comment. I will go back and attach the scan report for the laptop as well, as I can generate that.
Regards
Ed
Logged
Reply #2
February 01, 2015, 06:04:07 PM
edsyl
Newbie
Offline
4
Reputation:
0
Re: Initial Scan
«
Reply #2 on:
February 01, 2015, 06:04:07 PM »
Ok I have attached the laptop initial scan screenshot and the report for comparison.
Any ideas as to why the laptop scan seems to detect all the normal Win7 processes and kills them?
Regards
Ed
Logged
Reply #3
February 02, 2015, 04:48:07 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Initial Scan
«
Reply #3 on:
February 02, 2015, 04:48:07 PM »
Hi edsyl,
Welcome to Adlice.com Forum.
The [Proc.Injected] detection could be triggered by two things :
A real infection (like Zeus, Carberp, Poweliks, they are all using that thing)
Your antivirus injecting your processes to protect you (in theory).
To determine what's going on, and possibly whitelist the cases where it's a legit injection, please do the following :
1. Process Dump
Download
Process Explorer
and save it to your desktop.
Click on the setup file (procexp.exe) and select
Run as Administrator
to start the tool.
Locate the process named
smss.exe
, right click select
Create Dump > Create Full Dump...
Save the dump on your desktop, compress it and upload it on Google Drive/Dropbox.
Share the link in your next reply.
We will analyse what is really injected, and whitelist if needed.
Regards.
Logged
Reply #4
February 03, 2015, 04:08:49 AM
edsyl
Newbie
Offline
4
Reputation:
0
Re: Initial Scan
«
Reply #4 on:
February 03, 2015, 04:08:49 AM »
Here is the link:
https://www.dropbox.com/s/f5mtt4xk8xsfq37/smss.rar?dl=0
I cannot seem to open this file i get an Visual Studio 2010 shell licence invalid message. Any idea why?
regards
Ed
Logged
Reply #5
February 03, 2015, 02:13:12 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Initial Scan
«
Reply #5 on:
February 03, 2015, 02:13:12 PM »
Hi edsyl,
I'm not sure about the error you encountered with Visual Studio. Maybe the license you own is not compatible with memory dump debugging ?
The process dump will be analysed and we will get back to you as soon as possible.
Regards.
Logged
Reply #6
February 11, 2015, 09:00:28 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Initial Scan
«
Reply #6 on:
February 11, 2015, 09:00:28 PM »
Hi edsyl,
The injection was nothing malicious. This will be fixed in the next release of RogueKiller.
Your computer is clean.
Regards.
Logged
Print
Pages: [
1
]
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
Initial Scan