Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill - What it does and What it Doesn't - A brief introduction to the program


  • Please log in to reply
999 replies to this topic

#991 austhome

austhome

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 31 July 2017 - 01:33 PM

Hi all, ran rkill and got the following:

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/01/2017 04:12:56 AM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
 * Windows Firewall Disabled
 
   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000
 
Checking Windows Service Integrity: 
 
 * agp440 [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
 
  20 out of 37 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 08/01/2017 04:15:55 AM
Execution time: 0 hours(s), 2 minute(s), and 58 seconds(s)
 
 
Windows firewall and defender are stopped due to Panda Global Protection. 
 
Checking Windows Service Integrity: 
 
 * agp440 [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
 - other people have the same result, does it mean anything?

 

 

Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1       localhost
  ::1             localhost
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
 
  20 out of 37 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Host file amended by security program, not sure which one.
 
Do I have anything to worry about? Running Windows 10 Professional 64 bit on a custom built computer.


BC AdBot (Login to Remove)

 


m

#992 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,268 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 AM

Posted 31 July 2017 - 02:09 PM

That is an old version. Use 2.9.1 from the site.

#993 SupermanPrime

SupermanPrime

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 11 August 2017 - 11:03 AM

I'm getting this on Rkill:

Checking Windows Service Integrity: 

 * agp440 [Missing Service]
 * Browser [Missing Service]
 * DcpSvc [Missing Service]
 * Fax [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * mrxsmb10 [Missing Service]
 * nv_agp [Missing Service]
 * srv [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * workfolderssvc [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * NetTcpPortSharing => %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]

I ran SFC and it didn't find anything. It's a fresh installation, latest Windows 10 version (1703).

 

Any ideas on how to fix this? Thank you.

 

PS: I ddin't use to get that before. Then I reinstalled, by downloading the .iso again, and I'm getting it now.



#994 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:42 AM

Posted 11 August 2017 - 02:36 PM

SupermanPrime:

 

Are you running the latest version of RKill?  The previous issues with services being incorrectly reported by RKill with Windows 10 installations is supposed to have been repaired.  See this post by Grinler, the author of RKill.

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#995 SupermanPrime

SupermanPrime

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 11 August 2017 - 05:15 PM

SupermanPrime:

 

Are you running the latest version of RKill?  The previous issues with services being incorrectly reported by RKill with Windows 10 installations is supposed to have been repaired.  See this post by Grinler, the author of RKill.

 

Have a great day.

 

Regards,

-Phil

 

Huh how strange. I downloaded the .zip version and it seems to be outdated. My mistake. Thank you. That fixed it.



#996 garioch7

garioch7

    RCMP Veteran


  • Malware Response Team
  • 2,682 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:42 AM

Posted 12 August 2017 - 11:02 AM

SupermanPrime:

 

Thank you for reporting back that the problem was an older version of RKill.

 

Glad to be able to help you out.  Have a great weekend.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#997 fastasfucboiii

fastasfucboiii

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 23 October 2017 - 11:39 AM

Hi I ran rkill and it took 15 seconds to complete, last time I ran the program it detected that some issue with windows update and windows defender that I disabled in the miscellaneous check and this time it didn't show up. But it's still been disabled. I do not have the older log but  here is the current one

 

 

 

Rkill 2.9.1 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2017 BleepingComputer.com More Information about Rkill can be found at this link:http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/23/2017 11:49:40 AM in x64 mode. Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

  • No malware services found to stop.

Checking for processes to terminate:

  • No malware processes found to kill.

Checking Registry for malware related settings:

  • No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

  • No issues found.

Searching for Missing Digital Signatures:

  • No issues found.

Checking HOSTS File:

  • No issues found.

Program finished at: 10/23/2017 11:49:55 AM Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)



#998 fastasfucboiii

fastasfucboiii

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 23 October 2017 - 11:46 AM

Don't know if it mattered but the scan was also done a couple of mins after opening my computer



#999 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,268 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 AM

Posted 25 October 2017 - 04:51 PM

Do you remember what version you used that saw them disabled previously?

#1000 Malik96

Malik96

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 27 October 2017 - 10:32 PM

Hi, guys! A couple of days ago I had a problem with CCleaner when I was trying to launch it, it just didn't open! So I decided to scan my pc with malwarebytes and It also didn't open! A friend of mine told me about this tool RKill and it fixed my malwarebytes problem, Unfortunately the log file was accidentally deleted but I remember well that it didn't find anything except it was saying something about malwarebytes IEFO Debugger!
After I manged to run malwarebytes I've scanned my pc and again it's a Debugging detection about the ccleaner anyway it's got fixed the problem. I'm wondering why did these two important programs get the same issue?

I've scanned my pc with Malwarebytes, SAS, Dr.web and Kaspersky Virus Removal Tool and they didn't find anything, Am I Okay or what?

 


Edited by Malik96, 27 October 2017 - 10:42 PM.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users