Login
▼
Register
Home
Help
Search
Login
Register
Adlice.com
Adlice forum
»
Software feedback
»
RogueKiller
»
Hook IEAT need help
« previous
next »
Print
Pages: [
1
]
Author
Topic: Hook IEAT need help (Read 12014 times)
0 Members and 1 Guest are viewing this topic.
November 28, 2015, 02:11:44 PM
Temium
Newbie
Offline
7
Reputation:
0
Hook IEAT need help
«
on:
November 28, 2015, 02:11:44 PM »
Hi, just installed RK and got a report which I don't know how to read... specialy this :
¤¤¤ Antirootkit : 1 (Driver: Chargé) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe @ kernel32.dll) ntdll!LdrLoadDll : Unknown @ 0x7ff90cab0430 (jmp 0xffffffffff895540|call rbx|jmp 0x102)
is it a false positive ? Can someone help.
full report attached.
Logged
Reply #1
November 29, 2015, 11:06:49 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Hook IEAT need help
«
Reply #1 on:
November 29, 2015, 11:06:49 PM »
Hi Temium,
Welcome to Adlice.com Forum.
Could you please attach RogueKiller JSON report in your next reply ?
Regards.
Logged
Reply #2
November 30, 2015, 03:55:24 PM
Temium
Newbie
Offline
7
Reputation:
0
Re: Hook IEAT need help
«
Reply #2 on:
November 30, 2015, 03:55:24 PM »
Hi Curson,
Thanks for your replying.
I Had to run RK again (and to redownload it ) to get the report in .JSON format.
And a lot of new IEAT HOOK came up !
see attached file...
Logged
Reply #3
November 30, 2015, 04:22:33 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Hook IEAT need help
«
Reply #3 on:
November 30, 2015, 04:22:33 PM »
Hi Temium,
We are going to perform an extended analysis on the hooks.
Please follow the following process :
Download
Process Explorer
and save it to your desktop.
Click on the setup file (procexp.exe) and select
Run as Administrator
to start the tool.
Locate the process named
explorer.exe
, do a right click on it and select
Create Dump > Create Full Dump...
Save the dump on your desktop and compress it.
Go to
Adlice Software upload form
, select the dumps as files to be uploaded and copy/paste a link to this thread in the "Comment" section.
Regards.
Logged
Reply #4
December 02, 2015, 06:47:04 PM
Temium
Newbie
Offline
7
Reputation:
0
Re: Hook IEAT need help
«
Reply #4 on:
December 02, 2015, 06:47:04 PM »
Hi Curson,
I uploaded the dump file (zipped)
and put the link to your message as a comment of my upload, that is :
http://forum.adlice.com/index.php?topic=609.msg3424#msg3424
I hope everything went all right... I'm not very familiar with forum uses.
Logged
Reply #5
December 03, 2015, 03:19:54 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Hook IEAT need help
«
Reply #5 on:
December 03, 2015, 03:19:54 PM »
Hi Temium,
I haven't received anything.
Could you please host the dump on DropBox/Onedrive and share the link here ?
Regards.
Logged
Reply #6
December 03, 2015, 05:18:35 PM
Temium
Newbie
Offline
7
Reputation:
0
Re: Hook IEAT need help
«
Reply #6 on:
December 03, 2015, 05:18:35 PM »
Hi Curson,
Here's a link to my Dropbox :
https://www.dropbox.com/sh/e0wrzybrywjqa1z/AADSSDNwnHRX74t4fKws-qUMa?dl=0
You can upload either .dum ou .zip file.
Logged
Reply #7
December 04, 2015, 02:10:32 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Hook IEAT need help
«
Reply #7 on:
December 04, 2015, 02:10:32 PM »
Hi Temium,
The dump your provided will be analysed as soon as possible.
Thanks for your patience.
Regards.
Logged
Reply #8
December 04, 2015, 03:07:28 PM
Temium
Newbie
Offline
7
Reputation:
0
Re: Hook IEAT need help
«
Reply #8 on:
December 04, 2015, 03:07:28 PM »
Thanks for your message, Curson.
Logged
Reply #9
December 04, 2015, 03:24:45 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Hook IEAT need help
«
Reply #9 on:
December 04, 2015, 03:24:45 PM »
Hi Temium,
You are welcome.
Regards.
Logged
Reply #10
December 22, 2015, 02:11:54 PM
Temium
Newbie
Offline
7
Reputation:
0
Re: Hook IEAT need help
«
Reply #10 on:
December 22, 2015, 02:11:54 PM »
Hi Curson,
I haven't heard from you for a while now...
Could it be that you have forgotten to send me my analysis ?
Or is it Christmas rush ?
season's greatings
Temium
Logged
Reply #11
December 22, 2015, 09:08:10 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Hook IEAT need help
«
Reply #11 on:
December 22, 2015, 09:08:10 PM »
Hi Temium,
I'm really sorry but we have not yet had time to process your dump.
Regards.
Logged
Reply #12
December 28, 2015, 12:15:31 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Hook IEAT need help
«
Reply #12 on:
December 28, 2015, 12:15:31 PM »
Hi Temium,
The hooks are legit.
We will whitelist them as soon as possible.
Regards.
Logged
Reply #13
January 27, 2016, 12:46:55 AM
Temium
Newbie
Offline
7
Reputation:
0
Re: Hook IEAT need help
«
Reply #13 on:
January 27, 2016, 12:46:55 AM »
Thanks a lot.
And pardon me for not thanking you before... I think I missed the notification of your post.
Logged
Reply #14
January 27, 2016, 02:13:43 PM
Curson
Global Moderator
Hero Member
Offline
2809
Reputation:
100
Re: Hook IEAT need help
«
Reply #14 on:
January 27, 2016, 02:13:43 PM »
Hi Temium,
You are very welcome.
Regards.
Logged
Print
Pages: [
1
]
« previous
next »
Adlice forum
»
Software feedback
»
RogueKiller
»
Hook IEAT need help