Author Topic: Driver not working?  (Read 24429 times)

0 Members and 5 Guests are viewing this topic.

December 01, 2015, 09:12:27 AM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Driver not working?
« on: December 01, 2015, 09:12:27 AM »
Hello

when I run the new version of Rougekiller I get a windows pop up saying I need a digitally signed driver or something like that, the driver won't run

I'm using the x64 version of the portable Rougekiller

What is going on?

Reply #1December 01, 2015, 12:32:18 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Driver not working?
« Reply #1 on: December 01, 2015, 12:32:18 PM »
Hello, is it version 11?
Do you see a Truesight.sys file in C:/Windows/System32/Drivers ?

Reply #2December 01, 2015, 12:39:19 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Driver not working?
« Reply #2 on: December 01, 2015, 12:39:19 PM »
Yes it is in there and it is version 11

I found this in the event viewer:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          12/1/2015 2:20:14 AM
Event ID:      5038
Task Category: System Integrity
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:     Gamefan-PC
Description:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name:   \Device\HarddiskVolume3\Windows\System32\drivers\TrueSight.sys   
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <EventID>5038</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12290</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2015-12-01T08:20:14.550725900Z" />
    <EventRecordID>120551</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="48" />
    <Channel>Security</Channel>
    <Computer>Gamefan-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">\Device\HarddiskVolume3\Windows\System32\drivers\TrueSight.sys</Data>
  </EventData>
</Event>

either the driver is corrput or not digitally signed

Reply #3December 01, 2015, 12:41:41 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Driver not working?
« Reply #3 on: December 01, 2015, 12:41:41 PM »
is there any way to get a fresh copy of the driver without releasing everything Rougkiller deleted?

Reply #4December 01, 2015, 01:00:40 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Driver not working?
« Reply #4 on: December 01, 2015, 01:00:40 PM »
Sorry for the extra post but I removed the sys file from the drivers folder, upon starting up rouge killer it created a new one but the light still won't turn green.

I don't know what the driver does but I'm afraid it might not detect something important when I do my routine scans then back stuff up to my hard drives
« Last Edit: December 01, 2015, 01:18:12 PM by gamefan »

Reply #5December 01, 2015, 01:55:42 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Driver not working?
« Reply #5 on: December 01, 2015, 01:55:42 PM »
Hi gamefan, Tigzy,

Sorry to intrude, but I'd like gamefan to try something.
Please follow the following process :

Download Sigcheck and save it to your desktop.
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
Code: [Select]
%USERPROFILE%\Desktop\sigcheck.exe -a -h -i -accepteula %WINDIR%\system32\drivers\TrueSight.sys > %USERPROFILE%\Desktop\sigcheck.logA file named sigcheck.log will be created on your desktop. Please attach it with your next reply.

Regards.

Reply #6December 01, 2015, 02:11:58 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Driver not working?
« Reply #6 on: December 01, 2015, 02:11:58 PM »
Hey, also would you like to attach the driver in an archive?
I would like to make sure it's the correct file.

Thanks.

Reply #7December 01, 2015, 02:22:34 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Driver not working?
« Reply #7 on: December 01, 2015, 02:22:34 PM »
This is what you're supposed to have, version 2.0.1 of Truesight
Please verify you have digital signature tab like in my screenshot, with valid signature.

I suspect your antivirus to block it while it's installed.
Could you also retry with it switched off?
« Last Edit: December 01, 2015, 02:25:03 PM by Tigzy »

Reply #8December 01, 2015, 05:31:40 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Driver not working?
« Reply #8 on: December 01, 2015, 05:31:40 PM »
Tigzy and Curson

here's the sig log file and the driver file in an archive, and a screenshot if it helps

I did turn off Avast, same results, it doesn't even alert avast when its on.

Stupid question but: Unity web player has nothing to do with Rougekiller right?

Can Rougekiller detect nearly everything without the rootkit driver? All it found last time were just some reigstry keys lefft over after resetting IE, but not sure what the first one was

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\ASK -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1025616775-32965946-2427245248-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1025616775-32965946-2427245248-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
« Last Edit: December 01, 2015, 06:13:22 PM by gamefan »

Reply #9December 01, 2015, 10:16:23 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Driver not working?
« Reply #9 on: December 01, 2015, 10:16:23 PM »
I was able to get the error message to pop up again if you guys need it

yeah I think the system thinks it's unsigned or something

I have a question though, If I have Adwcleaner free, Avast free, Mbam free, Kaspersky TDSSKiller, Mcaffee antirootkit, Hitmanpro free, JRT, and Rougekiller free and I run the scans one at a time, do I need the driver for Rougkiller fixed if those keys were all it found without them and the others didn't find anything else?
« Last Edit: December 01, 2015, 10:44:26 PM by gamefan »

Reply #10December 01, 2015, 11:36:16 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Driver not working?
« Reply #10 on: December 01, 2015, 11:36:16 PM »
Hi gamefan,

Quote from: gamefan
here's the sig log file and the driver file in an archive, and a screenshot if it helps
Thanks. We were able to confirm that the driver is not corrupt in any way.

Quote from: gamefan
Stupid question but: Unity web player has nothing to do with Rougekiller right?
Right.

Quote from: gamefan
Can Rougekiller detect nearly everything without the rootkit driver?
The driver is needed for the detection of advanced threats.

Quote from: gamefan
I have a question though, If I have Adwcleaner free, Avast free, Mbam free, Kaspersky TDSSKiller, Mcaffee antirootkit, Hitmanpro free, JRT, and Rougekiller free and I run the scans one at a time, do I need the driver for Rougkiller fixed if those keys were all it found without them and the others didn't find anything else?
I think it's better to troubleshoot it.

Could you please do a full scan with RogueKiller (even with the driver unloaded) and attach the JSON report in your next reply ?

Regards.

Reply #11December 02, 2015, 12:08:12 AM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Driver not working?
« Reply #11 on: December 02, 2015, 12:08:12 AM »
Ok I right clicked the program, selected "run as adminstrator and ran a scan and exported as json,

it didn't detect those registry keys above since It got rid of them the first time

anything else? Should I try a quick defragmentation of my hard drive??
« Last Edit: December 02, 2015, 12:11:24 AM by gamefan »

Reply #12December 02, 2015, 01:11:44 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Driver not working?
« Reply #12 on: December 02, 2015, 01:11:44 PM »
Just tried a quick defrag it didnt work

Reply #13December 02, 2015, 01:55:41 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Driver not working?
« Reply #13 on: December 02, 2015, 01:55:41 PM »
Hi gamefan,

Let's try something different :
Launch the command prompt windows (cmd) with admin rights and copy/paste the following command :
Code: [Select]
certutil -store root > %USERPROFILE%\Desktop\CARootList.log && chkdsk C: /V > %USERPROFILE%\Desktop\FSCheck.logTwo files named sigcheck.log and FSCheck.log will be created on your desktop. Please attach them with your next reply.

Regards.

Reply #14December 03, 2015, 12:47:07 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: Driver not working?
« Reply #14 on: December 03, 2015, 12:47:07 PM »
I'm so sorry I'm late, I was busy today

anywho here's what you asked for