Author Topic: Infected with something  (Read 3549 times)

0 Members and 1 Guest are viewing this topic.

July 07, 2016, 12:59:54 am

Dimera

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Infected with something
« on: July 07, 2016, 12:59:54 am »
     

RogueKiller V12.3.2.0 [Jun  6 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Administrator]
Started from : C:\Documents and Settings\HP_Administrator\Desktop\RogueKiller.exe
Mode : Scan -- Date : 01/01/2006 00:28:41

Processes : 0

Registry : 0

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 3 (Driver: Loaded)
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[122] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xffffffffa9e7027a
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[128] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xffffffffa9e70448
[Filter(Kernel.Filter)] \Driver\kbdclass @  : Elkbd.sys @  (\??\C:\WINDOWS\System32\Drivers\Elkbd.sys)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] eac73578d9cd2a18f8ce7d3f3e7227d2
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 229600 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 470238615 | Size: 8863 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 5d8496c3ddfcfdb9f0abf956bf5166a4
[BSP] 5968ddfe53bf008fb694a71a17748eb9 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 63 | Size: 1906 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


Reply #1July 07, 2016, 12:37:47 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: Infected with something
« Reply #1 on: July 07, 2016, 12:37:47 pm »
Hi Dimera,

Your version of RogueKiller is outdated.
Please download RogueKiller latest version, redo a scan and post the report obtained in your next reply.

Regards.

Reply #2July 09, 2016, 12:06:52 am

Dimera

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Infected with something
« Reply #2 on: July 09, 2016, 12:06:52 am »
RogueKiller V12.3.7.0 [Jul  4 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Administrator]
Started from : J:\RogueKiller.exe
Mode : Scan -- Date : 01/01/2006 00:14:48

Processes : 0

Registry : 0

Tasks : 0

Files : 0

Hosts File : 0

Antirootkit : 3 (Driver: Loaded)
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[122] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xffffffffa9e7027a
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[128] : C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xffffffffa9e70448
[Filter(Root.Keylogger|Kernel.Filter)] \Driver\kbdclass @  : Elkbd.sys @  (\??\C:\WINDOWS\System32\Drivers\Elkbd.sys)

Web browsers : 0

MBR Check :
+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] eac73578d9cd2a18f8ce7d3f3e7227d2
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 229600 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 470238615 | Size: 8863 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 5d8496c3ddfcfdb9f0abf956bf5166a4
[BSP] 5968ddfe53bf008fb694a71a17748eb9 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 63 | Size: 1906 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


Reply #3July 11, 2016, 01:31:44 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: Infected with something
« Reply #3 on: July 11, 2016, 01:31:44 pm »
Hi Dimera,

These entries are false positives.
This will be fixed as soon as possible.

Regards.

Reply #4July 13, 2016, 09:29:05 pm

Dimera

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Infected with something
« Reply #4 on: July 13, 2016, 09:29:05 pm »
So every other program i have used has picked up something as well.  Are those "false" as well?  My computer has changed time all by itself.  I can not connect to the internet on it.

Reply #5July 13, 2016, 10:14:04 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2477
  • Reputation:
    84
    • View Profile
Re: Infected with something
« Reply #5 on: July 13, 2016, 10:14:04 pm »
Hi Dimera,

Please attach the detections reports of those tools in your next reply.

Regards.