Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
IEAT HooK ? (Not sure if legit or not)
« previous
next »
Print
Pages: [
1
]
Author
Topic: IEAT HooK ? (Not sure if legit or not) (Read 8888 times)
0 Members and 1 Guest are viewing this topic.
October 11, 2015, 05:19:26 PM
hayasa
Newbie
Offline
5
Reputation:
0
IEAT HooK ? (Not sure if legit or not)
«
on:
October 11, 2015, 05:19:26 PM »
Hey, With the last version when running the program my wifi stops working and i had to disconnect and reconnect. Which made me worry.
Then I did a scan and something came out as hook. I've passed Malwarebytes, hitman pro, avast, junkware removal tool and minitoolbox. But everything came out negative and I'm kind of worried.
I attach the log of the RK scan. Should I be worried?
Edit: The previous version also let the wifi without connection, but doesn't show those hooks.
Thanks!
«
Last Edit: October 12, 2015, 10:51:50 AM by hayasa
»
Logged
Reply #1
October 12, 2015, 02:15:09 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #1 on:
October 12, 2015, 02:15:09 PM »
Hi hayasa,
Welcome to Adlice.com Forum.
RogueKiller version 10.11 is out.
Could you please give it a try ?
Regards.
Logged
Reply #2
October 12, 2015, 02:48:20 PM
hayasa
Newbie
Offline
5
Reputation:
0
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #2 on:
October 12, 2015, 02:48:20 PM »
Thanks, Curson.
I passed the 10.11 version and looks like the wifi is not disconnecting anymore.
But the Hooks are still there.
Are they legit or should I be worry?
Thanks again!
Logged
Reply #3
October 12, 2015, 03:07:06 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #3 on:
October 12, 2015, 03:07:06 PM »
Hi hayasa,
Please follow the following process.
Download
Process Explorer
and save it to your desktop.
Click on the setup file (procexp.exe) and select
Run as Administrator
to start the tool.
Locate the process named
explorer.exe
, right click select
Create Dump > Create Full Dump...
Save the dump on your desktop and compress it.
Locate the process named
chrome.exe
, right click select
Create Dump > Create Full Dump...
Save the dump on your desktop and compress it.
Go to
Adlice Software upload form
, select the dumps as files to be uploaded and copy/paste a link to this thread in the "Comment" section.
We will analyse what is behind those hooks.
Regards.
Logged
Reply #4
October 12, 2015, 03:38:23 PM
hayasa
Newbie
Offline
5
Reputation:
0
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #4 on:
October 12, 2015, 03:38:23 PM »
Hi Curson,
Thanks for taking time with me.
I have uploaded the files with the link to this post in the comment.
I was kind of hoping you answered me with a "nah, it's fine", now I'm really worried :S.
Thanks again for your time.
Logged
Reply #5
October 12, 2015, 04:05:23 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #5 on:
October 12, 2015, 04:05:23 PM »
Hi hayasa,
Thanks for uploading the dumps.
These hooks are certainly harmless but we hope the dumps will help use to improve RogueKiller IAT/IEAT detection
capabilities.
Regards.
Logged
Reply #6
October 12, 2015, 04:37:06 PM
Tigzy
Administrator
Hero Member
Offline
957
Reputation:
91
Personal Text
Owner, Adlice Software
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #6 on:
October 12, 2015, 04:37:06 PM »
Hi hayasa, I'm looking at your dumps right now
Could you navigate to %Programdata%/RogueKiller/Logs and attach the json logs as well?
They contain much more information about those hooks.
Thanks!
Logged
Reply #7
October 12, 2015, 05:23:31 PM
hayasa
Newbie
Offline
5
Reputation:
0
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #7 on:
October 12, 2015, 05:23:31 PM »
Sure thing!
I attach the .json log here.
Thanks a lot!!
Edit: I just passed Rkill and MBAM with no issues. RogueKiller keeps showing those hooks :S.
«
Last Edit: October 12, 2015, 09:04:14 PM by hayasa
»
Logged
Reply #8
October 13, 2015, 10:55:09 AM
Tigzy
Administrator
Hero Member
Offline
957
Reputation:
91
Personal Text
Owner, Adlice Software
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #8 on:
October 13, 2015, 10:55:09 AM »
RKill and MBAM don't detect hooks
Looking at your file
EDIT: For explorer, it seems legit. The hooks are going back into the initial place after some filtering.
It's all dynamic so hard to trace, I think it's Avast. We'll whitelist the hook signature
For Chrome, it really looks like sandbox hooks. We are currently building a new beta with fixes for chrome sandbox, I'll tell you when it's ready for testing.
«
Last Edit: October 14, 2015, 08:33:33 AM by Tigzy
»
Logged
Reply #9
October 13, 2015, 12:02:11 PM
hayasa
Newbie
Offline
5
Reputation:
0
Re: IEAT HooK ? (Not sure if legit or not)
«
Reply #9 on:
October 13, 2015, 12:02:11 PM »
Thank you so much for taking your time with my issue.
Then I guess I can put my paranoid thoughts at rest xDD. I thought that using the rootkit scan on MBAM would check for hook. Thanks for the info
You guys are doing an amazing job.
Logged
Print
Pages: [
1
]
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
IEAT HooK ? (Not sure if legit or not)