Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Request to look at R.Kill log


  • Please log in to reply
5 replies to this topic

#1 alwaysclueless

alwaysclueless

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 09 June 2013 - 08:40 PM

Hello, i decided to run Rogue Killer and then R.Kill but i might have run R.Kill before Rogue Killer was done and i received the results below.  The thing i'm most concerned with though is the (UP Heur) listing under processes because i had the Heur Trojan quite a few months back but i was sure i got rid of it.

 

 

The vast majority of my scans come out clean but i would appreciate someone letting me know about the below results.  Computer runs well so i'm probably paranoid.

 

 

Rkill 2.5.3 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/09/2013 08:52:14 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Users\al\Downloads\RogueKiller.exe (PID: 3540) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]
 
Backup Registry file created at:
 C:\Users\al\Desktop\rkill\rkill-06-09-2013-08-52-19.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/09/2013 08:53:33 PM
Execution time: 0 hours(s), 1 minute(s), and 19 seconds(s)
 

 

 

 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 PM

Posted 09 June 2013 - 08:52 PM

Looks like you ran RKILL 2nd and it see and stops RogueKiller.

Nothing quoted,

Why are you running Rogue Killer. It pretty strong and you need to be careful with the results.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 alwaysclueless

alwaysclueless
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 10 June 2013 - 12:21 AM

Well i tend to re install a lot when i do get malware that i can't seem to get rid of and since it's so easy to do i  just re install instead of doing a system restore. Most of the time i am a OK but sometimes not so i make it a habit of running a few tools (Rogue killer being one) to make sure i'm clean.

 

I like to make sure the re install went the way it should and that i have no malware before i start using the computer heavily.  It gives me the confidence to make  backups right away that i know will more likely be clean since it's a brand new re install.  

 

I have had Hijackers in the past and sometimes catch them before they get a strong foothold of my system. That's the reasons i run these tools, and the fact that many sites that assist with malware removal tend to get the computer functioning again but in my experience , don't have the time or drive to really go over it like it should be gone over.

 

You can clearly see that in many threads by people who have come to help sites and have dealt with a malware removal assistant  only for the malware removal assistant to give a thumbs up prematurely as long as the computers functioning.  Many of these people i notice  come back because the problem has not been fully taken care of.

 

Now , don't get me wrong because all help is very much appreciated but so many people are having computer issues and you need to move on. 

 

Oh, by the way , i turned off IE 8 before i ran Rogue Killer and R.Kill,  i don't use IE.  So do my results indicate anything and is that (UP HEUR) trouble?

 

Thanks Boop Me


Edited by alwaysclueless, 10 June 2013 - 12:23 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 PM

Posted 10 June 2013 - 08:20 PM

Thanks for the reply and no offense taken.

RKill main purpose is to stop a whole bunch of malware. While it is stopped the other tools have an easier time removing. Once you reboot Kill releases and you would need to run it again if you have not scanned.

Post the Rogue killer log, as I believe that was your interest..
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 alwaysclueless

alwaysclueless
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 11 June 2013 - 12:56 AM

I accidentally deleted the original Rogue killer log, sorry , but it showed nothing which was surprising, usually it always shows something.   Is Rogue killer a program that comes up clean a lot or does it usually find something ?    I ran it again and got these which i believe are false positives .

 

Thanks much

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : al [Admin rights]
Mode : Scan -- Date : 06/11/2013 01:48:22
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD6400BPVT-80HXZT3 +++++
--- User ---
[MBR] 5c31cffcbb27d64cf77b5756aba58b8c
[BSP] ff90daffb03d5326fb223213163796b1 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[1]_S_06112013_02d0148.txt >>
RKreport[1]_S_06112013_02d0148.txt


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,565 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:29 PM

Posted 11 June 2013 - 08:41 PM

They are not false positiveness but they are not issues either. I asked....If they get fixed it will put two folders on there desktop

one is like a user documents folder which will show music - pictures and other shortcuts


I think the other is a shortcut to" my computer."

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users