Author Topic: Unremovable Rootkit False Posiotive  (Read 4162 times)

0 Members and 1 Guest are viewing this topic.

December 06, 2015, 12:06:46 PM

Canoccour

  • Newbie

  • Offline
  • *

  • 2
  • Reputation:
    0
    • View Profile
Unremovable Rootkit False Posiotive
« on: December 06, 2015, 12:06:46 PM »
In the rootkit scan tab it shows many "possible malware" items. It wont remove them and it does not show a dir so I clicked report and exported it, Here's what it says.

RogueKiller V11.0.0.0 (x64) [Nov 27 2015] (Free) by Adlice Software

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Shiapra [Administrator]
Started from : D:\Program Files\PC\Downloads\RogueKillerX64.exe
Mode : Delete -- Date : 12/06/2015 05:55:30

¤¤¤ Antirootkit : 9 (Driver: Loaded) ¤¤¤
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x6403fc (jmp 0x892df32c|jmp 0x6450d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x6e03fc (jmp 0x8937f32c|jmp 0x6446d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x5303fc (jmp 0x891cf32c|jmp 0x6461d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x5f03fc (jmp 0x8928f32c|jmp 0x6455d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xec03fc (jmp 0x89b5f32c|jmp 0x63c8d334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xe903fc (jmp 0x89b2f32c|jmp 0x63cbd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x8603fc (jmp 0x894ff32c|jmp 0x642ed334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0x5903fc (jmp 0x8922f32c|jmp 0x645bd334)
[IAT:Inl(Hook.IEAT)] (chrome.exe @ kernel32.dll) ntdll!LdrUnloadDll : Unknown @ 0xa603fc (jmp 0x896ff32c|jmp 0x640ed334)

Reply #1December 07, 2015, 02:26:35 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Unremovable Rootkit False Posiotive
« Reply #1 on: December 07, 2015, 02:26:35 PM »
Hi Canoccour,

These hooks are legit, they are used for Chrome Sandboxing feature.
You don't have to worry about them.

Regards.