0 Members and 2 Guests are viewing this topic.
So, first off that F-Secure -related Zeus detection is false and happens with all computers that have F-secure, you should whitelist it.
But that isn't what I'm worrying about, I'm worried about that IAT hook that was detected:[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateUserProcess : Unknown @ 0x7ffb99622018 (jmp 0xffffffff8000bb88)
Quote from: JukkaBut that isn't what I'm worrying about, I'm worried about that IAT hook that was detected:[IAT:Inl(Hook.IEAT)] (explorer.exe @ KERNELBASE.dll) ntdll!NtCreateUserProcess : Unknown @ 0x7ffb99622018 (jmp 0xffffffff8000bb88)Do you use anti-exploit softwares on your computer ?
Hi Jukka,The hook is mostly related to your antivirus.However, we are going to verify it.Please follow the following process.Download Process Explorer and save it to your desktop.Click on the setup file (procexp.exe) and select Run as Administrator to start the tool.Locate the process named explorer.exe, right click select Create Dump > Create Full Dump...Save the dump on your desktop and compress it.Go to Adlice Software upload form, select the dumps as files to be uploaded and copy/paste a link to this thread in the "Comment" section.Regards.
Hi, I posted the dump to you. Actually I posted it multiple times like an idiot because I thought that it was supposed to give me a confirmation about the completed upload and I thought that it didn't work at first, but then I realized that it just doesn't give a confirmation. So don't wonder if you have received that file something like 5 times...
Also, I found a possible explanation for anti-exploit like behavior: I just remembered F-Secure has a so-called Deepguard module that interjects processes and monitors them if it can't verify them as safe through the cloud. It sort of sounds like a thing that would create a hook like that.
In fact, I haven't received anything.Could you please host the dump on DropBox/Onedrive and share the link here ?
Million thanks to you, now I can keep on using my computer without paranoia
And at least you can now eliminate some false positives that nobody else has to get spooked by the same thingy again!