Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wow64.dll - abnormal HDD usage?


  • This topic is locked This topic is locked
3 replies to this topic

#1 shival

shival

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 19 May 2015 - 06:12 AM

RogueKiller only finds something and can't delete:

 

RogueKiller V10.6.4.0 [May 18 2015] od Adlice Software
e-mail : http://www.adlice.com/contact/
Komentarze : http://forum.adlice.com
Strona domowa : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

System Operacyjny : Windows 8.1 (6.3.9200 ) 64 bits version
Uruchomiono : Tryb Normalny
Użytkownik : Shival [Administrator]
Started from : C:\Users\Shival\Downloads\RogueKiller.exe
Tryb : Usuwanie -- Data : 05/19/2015  13:04:22

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64cpu : Wow64cpu.dll  -> ERROR [5]
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64win : Wow64win.dll  -> ERROR [5]
[Hj.KnownDLL] (X64) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64 : Wow64.dll  -> ERROR [5]
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64cpu : Wow64cpu.dll  -> ERROR [5]
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64win : Wow64win.dll  -> ERROR [5]
[Hj.KnownDLL] (X86) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs | _Wow64 : Wow64.dll  -> ERROR [5]

¤¤¤ Planned Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts : 0 ¤¤¤

¤¤¤ Anti-Rootkit : 0 (Driver: Notloaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ CHECK MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 286e2ca1bd51ff15b99382a3e162c9e3
[BSP] f8ad0168af1438124e3058b858274ca4 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2312192 | Size: 381546 MB
4 - Basic data partition | Offset (sectors): 783718400 | Size: 550704 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1911560192 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05182015_204519.log - RKreport_DEL_05182015_204552.log - RKreport_SCN_05182015_221828.log - RKreport_DEL_05182015_222131.log
RKreport_SCN_05182015_231343.log - RKreport_DEL_05182015_231424.log - RKreport_SCN_05192015_130333.log

 

FRST Log:

http://pastebin.com/nUQ8FCzb

+ attached to the post, because it would be too long otherwise

Attached Files



BC AdBot (Login to Remove)

 


#2 shival

shival
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:18 AM

Posted 19 May 2015 - 04:37 PM

this topic can be deleted, as shown here - http://www.bleepingcomputer.com/forums/t/576608/100-hdd-usage-at-startup-wow64dll-roguekiller-false-alarm/

its a false positve



#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:18 AM

Posted 20 May 2015 - 01:14 AM

Hello,

 

I have reported the issue to the developer. These are definitely false positives. They are reported by Autoruns as well but you shouldn't uncheck or delete them:

 

Wzy5nv0.jpg

 

Check the link below for more info:

 

http://answers.microsoft.com/en-us/windows/forum/windows_8-performance/wow64dll-wow64cpudll-wow64windll-files-not-found/837ba758-ad0a-4bc3-b227-62046f7e198d

 

 

Regards,

Georgi


cXfZ4wS.png


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:18 AM

Posted 20 May 2015 - 01:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users