Author Topic: Please help, False positive ? infected ? can't find these anywhere. Worried  (Read 2370 times)

0 Members and 1 Guest are viewing this topic.

May 29, 2015, 06:19:10 am

TheMuffinman

  • Newbie

  • Offline
  • *

  • 7
  • Reputation:
    0
    • View Profile
ok, I have ran a scan and it detected 1 thing in anti rootkit it was a file called "mfewfpk.sys" and I looked it up and it is something to do with McAfee anti virus witch I have installed so I think that is a false positive or harmless then I get another thing in anti rootkit called (under name tab) "msvcrt.dll : free " under "Detection" it says it is a "Hook.IEAT"  under  "Address" witch says "0x770cf00" please help I am a bit worried. Report : RogueKiller V10.7.0.0 (x64) [May 25 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : RemoveName [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 05/29/2015  05:08:42

Processes : 0

Registry : 8
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2632152693-1255202836-1047204-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 2 (Driver: Loaded)
[Filter(Kernel.Filter)] \Driver\disk @ Unknown : \Driver\mfedisk @ Unknown (\SystemRoot\system32\drivers\mfewfpk.sys)
[IAT:Inl(Hook.IEAT)] (explorer.exe) msvcrt.dll - free : Unknown @ 0x39ee127b (jmp 0x327d4379)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: ST2000DM 001-1CH164 SATA Disk Device +++++
--- User ---
[MBR] 3e99d018e8be4f8cb57f623e22c6e299
[BSP] b0d71a947d6636fb01c39676b7efba73 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 1907377 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05152015_001904.log - RKreport_DEL_05152015_002250.log - RKreport_DEL_05152015_002639.log - RKreport_SCN_05152015_003119.log
RKreport_SCN_05152015_084441.log - RKreport_DEL_05152015_084852.log - RKreport_DEL_05152015_084858.log - RKreport_SCN_05152015_085232.log
RKreport_SCN_05162015_040749.log - RKreport_DEL_05162015_041530.log - RKreport_SCN_05162015_042059.log - RKreport_DEL_05162015_045206.log
RKreport_SCN_05162015_045645.log - RKreport_SCN_05162015_071019.log - RKreport_DEL_05162015_071755.log - RKreport_SCN_05162015_072238.log
RKreport_SCN_05162015_075353.log - RKreport_DEL_05162015_075423.log - RKreport_SCN_05162015_083139.log - RKreport_SCN_05162015_093446.log
RKreport_DEL_05162015_093507.log - RKreport_SCN_05162015_102258.log - RKreport_SCN_05162015_105801.log - RKreport_SCN_05162015_110904.log
RKreport_DEL_05162015_111700.log - RKreport_SCN_05162015_162110.log - RKreport_SCN_05162015_171314.log - RKreport_SCN_05162015_203208.log
RKreport_SCN_05172015_125803.log - RKreport_SCN_05172015_130537.log - RKreport_DEL_05172015_131136.log - RKreport_SCN_05172015_192014.log
RKreport_SCN_05172015_193236.log - RKreport_SCN_05172015_195454.log - RKreport_SCN_05242015_091544.log - RKreport_DEL_05242015_092829.log
RKreport_SCN_05242015_093226.log - RKreport_SCN_05242015_094758.log - RKreport_SCN_05242015_170541.log - RKreport_SCN_05252015_134533.log
RKreport_SCN_05252015_184025.log - RKreport_SCN_05262015_153232.log - RKreport_SCN_05272015_193708.log - RKreport_DEL_05272015_194550.log
RKreport_SCN_05272015_194954.log - RKreport_SCN_05282015_045538.log - RKreport_SCN_05282015_182358.log - RKreport_SCN_05292015_022613.log

Reply #1May 30, 2015, 12:31:54 am

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Hi TheMuffinman,

Theses detections are indeed false positives and will be fixed as soon as possible.
Thanks for bringing this to your attention.

Regards.