Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue Killer entries


  • Please log in to reply
3 replies to this topic

#1 bob-E

bob-E

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 03 September 2012 - 09:16 AM

I was recently infected w/a trojan and after researching I downloaded mutiple tools to help remove it. I seem to have succeeded as my intenet is back to normal. As a daily routine I run scans each morning with Rogue Killer. Malwarebytes and TDSS plus I am running Norton Internet Security. Rogue Killer keeps reporting the following entries and when I delete them they are listed as REPLACED. A rescan does not show them again until I re-boot then they are back. Are these entries something to worry about or false positives? Also have aproblem with it permanatly clearing my host files. They come back on reboot also.

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:08 PM

Posted 03 September 2012 - 09:21 AM

They are false positives.

It seems you're using SPYBOT.Uninstall spybot and you will never see those hosts entries.

#3 bob-E

bob-E
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 03 September 2012 - 09:32 AM

Yes I am. Now that you mention it, the host thing didn't show up until after I installed Spybot. Thanks!

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:08 PM

Posted 03 September 2012 - 09:37 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users