Author Topic: RK_Software_ON_E_95FC\Microsoft\Windows\CurrentVersion\  (Read 2086 times)

0 Members and 1 Guest are viewing this topic.

July 28, 2015, 03:29:59 pm

swids@sbcglobal.net

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
RK_Software_ON_E_95FC\Microsoft\Windows\CurrentVersion\
« on: July 28, 2015, 03:29:59 pm »
Hello,

Dell Inspiron 1545 notebook, running Windows 7 Home Premium SP1.
Suspecting malware or spyware, ran many scans.  Nothing of concern found, until I used RogueKiller.

Found 2 of these items in the Registry.  No other detections, neither by Rogue Killer nor Vipre, ESET or Kaspersky tools.
RK_Software_ON_E_95FC, so went into registry to look:
  Classes
  Microsoft
  ODBC
  Policies
and right below it, another key that was not detected as malware by anyone, yet it looks similar...
RK_Software_ON_E_D1AC
  ControlSet001
  RNG
  Select
  Setup


Here are the details of this one:

RK_Software_ON_E_95FC
  Microsoft
   Windows
    CurrentVersion
     Winlogon
        Userinit          Userinit.exe
        Shell              cmd.exe /k start cmd.exe
   


Questions:
Is this a false positive?
Should this be cause for alarm?  Is this a targeted attack?
Who is the author of this rare code?
Can I safely delete it?

Thanks,  M

Reply #1July 30, 2015, 06:33:26 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2126
  • Reputation:
    77
    • View Profile
Re: RK_Software_ON_E_95FC\Microsoft\Windows\CurrentVersion\
« Reply #1 on: July 30, 2015, 06:33:26 pm »
Hi  swidshatsbcglobal.net,

Welcome to Adlice.com Forum.

RK_Software are hives from external disks loaded by RogueKiller during a scan.
They are perfectly legit but you could remove them if you want.

Regards.

Reply #2August 08, 2015, 05:48:30 pm

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 766
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: RK_Software_ON_E_95FC\Microsoft\Windows\CurrentVersion\
« Reply #2 on: August 08, 2015, 05:48:30 pm »
Hello,
@Curson, looks more like a bug to me. I've already seen that.

@swds, could you provide full scan report with that detection please?