Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman pro detected trojan, rkill.exe?


  • This topic is locked This topic is locked
5 replies to this topic

#1 Aprw01

Aprw01

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 13 August 2017 - 06:15 PM

Rkill has never been detected as trojan before, also what is that forensic cluster? Long list of weird stuff, does it mean its actual trojan?

 

HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : DESKTOP-FFI85B2
   Windows . . . . . . . : 10.0.0.15063.X64/8
   User name . . . . . . : DESKTOP-FFI85B2\Tca
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-08-11 12:14:02
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 2

   Objects scanned . . . : 1,509,465
   Files scanned . . . . : 14,562
   Remnants scanned  . . : 320,926 files / 1,173,977 keys

Malware _____________________________________________________________________

   C:\Users\Tca\Downloads\rkill.exe
      Size . . . . . . . : 1,792,640 bytes
      Age  . . . . . . . : 0.0 days (2017-08-11 11:52:10)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 04E56A99957EB3328946A8C601F190BB6534E34E926C0D72B2B9C69ACD6F61BD
      Product  . . . . . : Rkill
      Publisher  . . . . : Bleeping Computer, LLC
      Description  . . . : Terminates malware processes so that you can run your normal security programs.
      Version  . . . . . : 2.9.1
      Copyright  . . . . : © BleepingComputer.com. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Trojan.Generic.22155793
      Fuzzy  . . . . . . : 95.0
      Forensic Cluster
         -24.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Storage-Storport%4Operational.evtx
         -21.7s C:\Windows\Prefetch\FIREFOX.EXE-25FC0A66.pf
         -21.0s C:\Users\Tca\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\741d3217ec9d247770869c16f9c3a2e7_fce8395c8fd8a99b_15f74c7777689be5_0_0.toc
         -21.0s C:\Users\Tca\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\741d3217ec9d247770869c16f9c3a2e7_fce8395c8fd8a99b_15f74c7777689be5_0_0.bin
         -19.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\AF3BE85FA12DE50F98D20DCDD7EE42E4DB14EE51
         -19.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E325B486B777C14C29762600D998974140F8FD34
         -19.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A4668F6D564C08AA0B14BE105FE31A73C929F3E9
         -17.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\425498810DC76ADD2FD08C6BC53F4C373D5EF24D
         -14.5s C:\Windows\Prefetch\SVCHOST.EXE-86296E90.pf
         -14.4s C:\Windows\Prefetch\WMIPRVSE.EXE-BB49B536.pf
         -12.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\552C981C7493149930C38E7F87084781D5C090DA
         -12.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\92C5FC7707A95166405EAAFD5B02E0536F36ADBC
         -12.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\4E6112DF1D15C5F0CEA01EDC1E678499DD6BC2DF
         -11.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\50B64B907778999A1BD1815E9BD2ED74DFD9F2E6
         -11.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\5D2AF9337CF81BFD6B20D16A99B75D43265B2E1D
         -11.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\835C6051BBB34BC900C337A4CC17A6209D395BC1
         -11.4s C:\Windows\Prefetch\AUDIODG.EXE-9848A323.pf
         -10.9s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\45B576942B73B3ABD5D502D3D243C6595DD89DE7
         -10.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A8FDA23620DD1654BB79B248094121AADFD374CE
         -10.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\53B55BBE78468C5E5E5E0C6672352504C5686CB9
         -10.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\89070E8B3BD2B55A3B0004A8CB6BD972E9FB6997
         -9.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E5C2F0D1012152E56027702AF6A07F354C51BBA3
         -9.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\20C67DCD2D7F02DCB1BB14DE756A55BF89F0A381
         -8.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\985FEC0385447A8C8A69576A2487E9829550A4C7
         -5.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A95E92D78CC58D063198B9EE4F2F3C6076E1FA01
         -5.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\77752B1E10940471BF32FF815B9C156643EE7A52
         -5.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\BF1819A30F9A8F94A03C8B88ED60250802196D44
         -5.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\356082225F0E3CF2AD7C40100CCFCE39E901D51B
         -5.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\EDC04A41C2E411DCA7F6875BA9ADD949F80C90B3
         -5.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\977C5945121F7F7365F5C2F19F99339A8CEC4244
         -5.6s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\32437AED897CE6A626B017AD8B895BE6B9D2380C
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\10B5B5240562052D16173813A70FB19A2CC7821E
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A7B3F2FBDA9C993B47660BA3A1A72FF0A08EBB26
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\BECFC79C51E94CCD71535200DABE572D3CAE22ED
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\8B77967486D2D0A55D29AF1CF71400E4B6747F2D
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\8A6DD61A5DF5AF29279C17E187B1A3D9E2C165A5
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\663D2D76DE6F0C4D142F07CA450C14FA7ED1D14E
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\56E820B08ECCA1073A8F12A5FBB415566565CCB5
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\6A24D459A3925A899572FC31B740A0053F1777C6
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\5FBC909A613CBB5F773FB5543291398963C0C318
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\1405CBAF3435DDA20AB476774F06CA2C0A81C9F2
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\4828651E11846069ACA91D91D15D6E4172A0B4C1
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E2104DB0802895BF4E06F15AB5F149DEA45A806C
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\D9768FF926D651CBAC7018435CAA4356DD2CF640
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A21EF69F01CAC97C619702E9A49A9F712EF43FDF
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\33CB658A790C06C210370CE944EAB35C0D1E038A
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\16263C5780AD5A63D2DDF0678366AD1916A2C171
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\7CA4A2D644924122AF20170B90BC84AC628B7999
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\405F16DBA1A7D042C22D2B1E34A4D11D4D500509
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E54ABFF5CC7914CBB9551097A54045888606FEC5
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\B54A1F2F893DFE93C5A6A349C254239A20D0CEA2
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\D992409979CFCA05FBFCB0D1D01CF82A3EA95DD4
         -5.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\18AFDB2CE39C5ED1ABC107E181D6F5A643555164
         -5.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\66C88F4C280F70264AC6DA54ACBD56F1902B432B
         -5.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\9B7910D0E30AF87213C06884DB047D5CC66C7863
         -5.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\BA0056CA0BBD5F58FD106833D683F4DB530E207B
         -5.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\97D063239BC8D1F0F3A8692565FA19897EFC01B0
         -5.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\7A928A98D481E34ED08534BE30CD18B6A873E556
         -5.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\4A3D1FA7592677E131F285F6A3B63917068E861F
         -5.3s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E6EFF21757892E7713D7F9C8A4F5C41A318E74D9
         -5.3s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\CC5C11165A4A0A579EC36A84FE6D2A876940DDAB
         -5.2s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E1A1C78FA483E878BE4F143A88C1FF39E2E1DDEF
         -5.2s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A44DD292AE057BEE92809ECA7AFEC34C521EC98F
         -5.2s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\355D1EDA10FF4778889229A87A21AA1B4D78E7C4
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\FBAB7C3F0BEEF480C88B4EE11D2DCAE261B85758
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\7EA94307857B9D2541F20A5A3D351FDE3E5E3982
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\C30E11F5800816552AF7BB12C9D3BB31FBDDB9CB
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\491F7FB485C30BAA342486F1F8ABB0E0FB9B6935
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\AC753828F772FB59273346BAE76F608841FA0B26
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\4E9D6BA1667AEB62EB5B20AD5AF422ECA931E408
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E2E0095DB90E27C0E0C9DF79FB73BD4F2C3939BA
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\341ADAF354E8E24B0B7D60A622D0A87DD91B6DAF
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\D12C6701563C65D178526DEB1654D1C72D51A20B
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\6A4A5925F000CE5E34B671BFA80D3BA0A348AF1D
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\CF3792F70BA315C794B8232E79D984E214A5D9ED
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\DD31B2021EA650223BD6311C9C4718AC2C5825BF
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\F557EDCDE3BBF556DCFFF11F1D550B5050727CC5
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\AA756E204030B59773B8DE9CD9012B2E12C48F6F
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\3DBD832C9C3FA5AF3821B9998C6CCEFCAF7A2053
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\F9251E5AA9A08366E1D3BC020D35CA576BDFFA38
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\931712470368028E2EF33D1734B7F05D2214CBC5
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\B139346BF862AB9CA1A04E00ECCA639FC75FF435
         -5.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\581DA0E6A720B5115A5820EA966E099F6AD3DB76
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\254F5F894C29301753AFFBACE49A5429F042E248
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\05BB2CD94E9F21987FC952530A95B75C58CDC317
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\6CA3411B14275389B9B79382987FA6CFB77A0D94
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A74D0E967A06D50E5A641546DF8D89D4CDD68178
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\9E681B296136C0FDFF295C7CC824588509FDC9DD
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\6BBCC3809C8813DD06C4A787C5BEEDB2363EBC22
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\2C261BC62144D91C0D64BF72DE9BE2DB0F5A89C5
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\F264555D40CBB8EFBD4FA03E62FB0610D887D8E4
         -5.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\DC98977D1E096753F027D1CE708695EA9A0AC14C
         -4.9s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\CC7ABA0871AF9D45CF5E811644AF0273F1EF5102
         -4.9s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\922AC81C01F5FEB78B83614808F579505A94206C
         -4.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\CBC671759CD58906CFF638DC443049A180F9E7CF
         -4.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\0AE9A67038A3EB25F9958EE781A26DAC068194F6
         -4.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\50B04E66382CC3EBA1184C03BF914AB75D3A11BC
         -4.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\81B05C3B68C1D74A7F30F7FD306A84DA26119B0F
         -4.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A404DA93F5B4ECA0538EBB739F439DDE8A670970
         -4.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\23CC667A56309619CF4F2702CF9EBA423600077B
         -4.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\5CC32C877F0EDC9B927DDB52AFBC7C48710BB155
         -4.8s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\A3AB9E23329D7FCDA9D119325ED5B17B078F7EDC
         -2.3s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E297B77ACE40F02C7A6C9D1334565CD05CC1D211
         -2.2s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\19A376977C43B49BD71B5CBC0F4718A633DBD054
         -2.2s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\3B6400F3A48CDA62588FBAF085A050B6B9D3756B
         -2.2s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\E68544FD43EDA6D00415962609D3697C32575FC0
         -2.2s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\FD909E2066BC51E8213D5F9CCD8ACBDF6D2F9172
         -2.1s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\869D722841F38D7748ADA7A4A1D99580948E159B
         -1.9s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\F598A1AB5E3C802D779D79BB38D71EF8BFD7869A
          0.0s C:\Users\Tca\Downloads\rkill.exe
          0.4s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\4B9C50AA83E4CA43556778DF0E62B6751943C0F7
          2.0s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\B7A2F73FC8CF81E098845091DC3518B3F1B3B7B7
          4.5s C:\Users\Tca\AppData\Local\Mozilla\Firefox\Profiles\pinm5rbw.default\cache2\entries\EB5E7F0BEAC96961290E389C0A1ABFBF9F8EE9D0
          5.9s C:\Windows\Prefetch\RUNDLL32.EXE-A3EE2396.pf
          7.7s C:\Users\Tca\AppData\Roaming\Mozilla\Firefox\Profiles\pinm5rbw.default\datareporting\archived\2017-08\1502448738605.97f8821b-0a0a-4a3c-83d6-cb38b14926fb.main.jsonlz4
          8.9s C:\Windows\Prefetch\PINGSENDER.EXE-29949552.pf
         10.2s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\37570AF16029C559A6224EE4AF54691D
         10.2s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\37570AF16029C559A6224EE4AF54691D
         10.4s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9F08575E2099C04869F34A6342C1C728_9D4ED46EFF16B433460A0EDAE10DDBAD
         10.4s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9F08575E2099C04869F34A6342C1C728_9D4ED46EFF16B433460A0EDAE10DDBAD
         12.2s C:\Users\Tca\AppData\Local\Microsoft\Windows\INetCache\IE\2FZG0VZL\2[1]
         12.2s C:\Users\Tca\AppData\Local\Microsoft\Windows\Safety\apprep\remote\
         12.2s C:\Users\Tca\AppData\Local\Microsoft\Windows\Safety\apprep\remote\script-2_178702193696078267857220424933556458545
         12.2s C:\Users\Tca\AppData\Local\Microsoft\Windows\Safety\apprep\remote\script-2
         13.7s C:\Windows\Prefetch\CONSENT.EXE-2D674CE4.pf
         13.9s C:\Users\Tca\Desktop\Rkill.txt
         14.7s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE
         14.7s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE
         14.9s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\201DA8C72BE195AF55036D85719C6480
         14.9s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\201DA8C72BE195AF55036D85719C6480
         15.1s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3FCCCB6A442CB09DDFD737C8C3D03E6_44F37C67533FA945AC2F76B77D49D986
         15.1s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3FCCCB6A442CB09DDFD737C8C3D03E6_44F37C67533FA945AC2F76B77D49D986
         15.3s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0F7456FD78DEB390E51DB22FDEB14606
         15.3s C:\Users\Tca\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0F7456FD78DEB390E51DB22FDEB14606
         16.9s C:\Users\Tca\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000004.db
         17.5s C:\Windows\Prefetch\RKILL64.EXE-8C0A7C2E.pf
         17.5s C:\Users\Tca\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache131469223479162680.txt
         20.6s C:\Windows\Prefetch\SVCHOST.EXE-C740870D.pf
         21.1s C:\Windows\Prefetch\RKILL.EXE-1345A00C.pf
         24.6s C:\Windows\System32\CodeIntegrity\bootcat.cache
         25.8s C:\Users\Tca\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279978\1502448756
         26.4s C:\Users\Tca\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\c506319bcdb46322a8555fa912b6a231c8881f41a14f3c088f3d4280730056c9
         26.4s C:\Users\Tca\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\0eb07b198aed5fa10eac0413b26d7c3bdd2b2f065863634e9a638a4373c8b684
         26.6s C:\Users\Tca\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\c110c4fc282b6c6773073775fb95ef8ec446426902965426dce4fe1a7652e3d2
         26.6s C:\Users\Tca\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\d0ca50b8a1872178bb26ae56dc814755c5dfafddf35e8b4cbd16f4b5df9028d7
         26.6s C:\Users\Tca\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\8daef21a940dcda413bc0d72381584e6f3cfed9d8661f296cd60bbd49d0c5ddd
         26.6s C:\Users\Tca\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\13a408f3590b4eca3d1693ed852529af514f5cd5400cc45b5345c8f18bbea80b
         31.1s C:\Windows\Prefetch\NOTEPAD.EXE-B28CC291.pf
         61.7s C:\Users\Tca\AppData\Local\Temp\mbam\
         61.7s C:\Users\Tca\AppData\Local\Temp\mbam\qt-jl-icons\
         61.8s C:\Users\Tca\AppData\Local\Temp\mbam\qt-jl-icons\3abc558.ico
         61.8s C:\Users\Tca\AppData\Local\Temp\mbam\qt-jl-icons\3abc4a8.ico
         61.8s C:\Users\Tca\AppData\Local\Temp\mbam\qt-jl-icons\3abc4e8.ico
         61.9s C:\Users\Tca\AppData\Local\Temp\mbam\qt-jl-icons\3abc4c8.ico
         62.0s C:\Windows\Prefetch\ASSISTANT.EXE-7F373F50.pf
         70.7s C:\Windows\Prefetch\MBAM.EXE-2EBE646F.pf


Cookies _____________________________________________________________________

   C:\Users\Tca\AppData\Roaming\Mozilla\Firefox\Profiles\pinm5rbw.default\cookies.sqlite:246059135.log.optimizely.com
 

BC AdBot (Login to Remove)

 


#2 Aprw01

Aprw01
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 13 August 2017 - 06:21 PM

Here was the virustotal link the hitman pro gave about the detection: https://www.virustotal.com/en/file/04e56a99957eb3328946a8c601f190bb6534e34e926c0d72b2b9c69acd6f61bd/analysis/1502416035/



#3 Aprw01

Aprw01
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 13 August 2017 - 06:24 PM

Is it possible that this is not actually rkill, but some malware that disguises itself as rkill.exe?



#4 JoshRoss

JoshRoss

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:04:55 PM

Posted 14 August 2017 - 07:03 AM

It is more than likely, as RKill is just a .exe, people have reported downloading RKill and it actually not doing anything. Just checked and my Hitman Pro does not detect is an issue. Where did you download your .exe from? Can you remove it and do an additional scan not just with Hitman Pro but also with Malwarebytes?



#5 Aprw01

Aprw01
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 14 August 2017 - 08:20 AM

Downloaded it from bleepingcomputers https://www.bleepingcomputer.com/download/rkill/, and when i downloaded another one (duplicate) it also showed up in hitman pro scan. Today when i scanned with hitman pro, it doesnt detect it anymore. Malwarebytes, emsisoft, fsecure online scanner, sophos, adware, roguekiller didnt find anything while hitman pro detected this rkill.exe as trojan.


Edited by Aprw01, 14 August 2017 - 08:25 AM.


#6 hamluis

hamluis

    Moderator


  • Moderator
  • 56,435 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:05:55 PM

Posted 14 August 2017 - 07:51 PM

OP reposted in MRL, https://www.bleepingcomputer.com/forums/t/654351/checking-for-computer/ .

 

Now that you have posted a topic in the Malware Removal Logs forum, that topic is the one which will attempt to address your issues.

 

To avoid unnecessary confusion. this AII topic is now closed.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users