Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 : RKill windows service integrity issues


  • Please log in to reply
7 replies to this topic

#1 BNDAZ

BNDAZ

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 08 July 2017 - 02:29 PM

I wasnt quite sure where to post this:

 

Ran RKill during some checks for Malware and found some windows service integrity issue:
 

Can anyone tell me what is wrong and how to repair what is going on in windows services?
 

Program started at: 07/08/2017 03:19:49 PM in x64 mode.
Windows Version: Windows 10 Home

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * agp440 [Missing Service]
 * DcpSvc [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]

 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * RetailDemo => %SystemRoot%\System32\svchost.exe -k rdxgroup [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]

 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]


Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/08/2017 03:27:21 PM
Execution time: 0 hours(s), 7 minute(s), and 32 seconds(s)


Edited by BNDAZ, 08 July 2017 - 04:49 PM.


BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 08 July 2017 - 05:06 PM

I have read that RKill is undergoing some tweaks for Windows 10.

 

Open a Command prompt and enter perfmon /report followed by pressing Enter.



#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,795 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:10:32 AM

Posted 09 July 2017 - 06:00 AM

BNDAZ:

 

That is a normal RKill report for Windows 10.  There is no reason to be concerned.  Grinler has not yet updated RKill to be fully Windows 10-compatible.  That is on his lengthy "To Do" list.   :busy:

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 AM

Posted 09 July 2017 - 06:38 AM

As garioch7 notes...[Missing Service], [Incorrect ImagePath] and [Incorrect ServiceDLL] notations in the Checking Windows Service Integrity section when RKill is run on Windows 10 is normal and a known glitch that has been previously reported.

You can report or read about that issue in the last few pages of this topic...RKill - What it does and What it Doesn't - A brief introduction to the program.

If you have any further questions, comments or issues to report, you should post them in the above topic.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JacobIdris

JacobIdris

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 PM

Posted 10 July 2017 - 09:24 AM

I never saw this before. :P



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 AM

Posted 10 July 2017 - 12:41 PM

There was a similar issue going back to Windows 8 but that has since been fixed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 BNDAZ

BNDAZ
  • Topic Starter

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:32 AM

Posted 11 July 2017 - 03:04 PM

Thank you all for the information:

I am less concerned now, i am checking this machine remotely for an elderly aunt, i will run the perfmon /report when i get her back online.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 AM

Posted 11 July 2017 - 03:06 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users