Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill - What it does and What it Doesn't - A brief introduction to the program


  • Please log in to reply
995 replies to this topic

#991 austhome

austhome

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:14 AM

Posted 31 July 2017 - 01:33 PM

Hi all, ran rkill and got the following:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/01/2017 04:12:56 AM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * agp440 [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
 
  20 out of 37 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 08/01/2017 04:15:55 AM
Execution time: 0 hours(s), 2 minute(s), and 58 seconds(s)
 
 
Windows firewall and defender are stopped due to Panda Global Protection. 
 
Checking Windows Service Integrity: 
 
 * agp440 [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
 - other people have the same result, does it mean anything?

 

 

Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
 
  20 out of 37 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Host file amended by security program, not sure which one.
 
Do I have anything to worry about? Running Windows 10 Professional 64 bit on a custom built computer.


BC AdBot (Login to Remove)

 


m

#992 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,206 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:14 PM

Posted 31 July 2017 - 02:09 PM

That is an old version. Use 2.9.1 from the site.

#993 SupermanPrime

SupermanPrime

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 PM

Posted 11 August 2017 - 11:03 AM

I'm getting this on Rkill:

Checking Windows Service Integrity: 

 * agp440 [Missing Service]
 * Browser [Missing Service]
 * DcpSvc [Missing Service]
 * Fax [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * mrxsmb10 [Missing Service]
 * nv_agp [Missing Service]
 * srv [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * workfolderssvc [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

I ran SFC and it didn't find anything. It's a fresh installation, latest Windows 10 version (1703).

 

Any ideas on how to fix this? Thank you.

 

PS: I ddin't use to get that before. Then I reinstalled, by downloading the .iso again, and I'm getting it now.



#994 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,667 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:14 PM

Posted 11 August 2017 - 02:36 PM

SupermanPrime:

 

Are you running the latest version of RKill?  The previous issues with services being incorrectly reported by RKill with Windows 10 installations is supposed to have been repaired.  See this post by Grinler, the author of RKill.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#995 SupermanPrime

SupermanPrime

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:14 PM

Posted 11 August 2017 - 05:15 PM

SupermanPrime:

 

Are you running the latest version of RKill?  The previous issues with services being incorrectly reported by RKill with Windows 10 installations is supposed to have been repaired.  See this post by Grinler, the author of RKill.

 

Have a great day.

 

Regards,

-Phil

 

Huh how strange. I downloaded the .zip version and it seems to be outdated. My mistake. Thank you. That fixed it.



#996 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,667 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:08:14 PM

Posted 12 August 2017 - 11:02 AM

SupermanPrime:

 

Thank you for reporting back that the problem was an older version of RKill.

 

Glad to be able to help you out.  Have a great weekend.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users