Author Topic: Proc.injected a2start.exe  (Read 4450 times)

0 Members and 1 Guest are viewing this topic.

October 30, 2016, 08:11:31 PM

Salenai

  • Newbie

  • Offline
  • *

  • 11
  • Reputation:
    0
    • View Profile
Proc.injected a2start.exe
« on: October 30, 2016, 08:11:31 PM »
Hello, I freshly reinstalled my windows, just installed antivirus (emsisoft anti malware) and few other basic programs. Then I scanned computer with then, everything was ok, however, in safe mode Roguekiller found Proc.injected virus, it never ever showed before when I used roguekiller.
It found it in a2start.exe which is part of emsisoft anti malware. Is it false positive due to new version of Rogukiller (12.7.4.0) ?
If this update was released within last few days that is. One I had before, couple of days ago, found only false positive in esif_assist_64.exe in DPTF folder, but never in this one.



Started in : Safe mode with network support
User : *me :D*
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 10/30/2016 19:51:57 (Duration : 00:11:02)

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected] a2start.exe(1672) -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2start.exe[7] -> Found

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 478e7c4e91c8d2773f2b9fbd06b39929
[BSP] c8ae359b025d14eada36e181b9a83faa : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299650 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Reply #1October 31, 2016, 12:38:58 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Proc.injected a2start.exe
« Reply #1 on: October 31, 2016, 12:38:58 PM »
Hi Salenai,

Thanks for your feedback. This is likely a false positive.
Please follow the following process :
  • Download Process Explorer and save it to your desktop.
  • Click on the setup file (procexp.exe) and select Run as Administrator to start the tool.
  • When RogueKiller goes in a loop, locate the process named a2start.exe, do a right click on it and select Create Dump > Create Full Dump...
  • Save the dump on your desktop and compress it.
  • Upload it to Dropbox, Google Drive or similar services and share the link in your next reply.

Regards.