Kevin Hill
Posts: 126 +0
Virus? found on rogue killer older versions.
Hi, 127.0.01 local host?
- Thread starter Kevin Hill
- Start date
Cycloid Torus
Posts: 4,892 +1,711
Loopback? https://en.wikipedia.org/wiki/Loopback
D
DelJo63
This is possible! The loopback is frequently used to install a proxy like this:
Code:
application --> proxy --> web resource
also
application --- localhost --- service --- web resourceCycloid Torus
Posts: 4,892 +1,711
Is that something which would appear in Hosts file?
D
DelJo63
NO. Most typically, an AV product installs its proxy on 127.0.0.1:xxx and then alters the browser to access that ip:\port
D
DelJo63
Use NETSTAT -AN to see active ports
NETSTAT -ANO | find /I "listening" reports the PID of each program
NETSTAT -ANO | find /I "listening" reports the PID of each program
Last edited by a moderator:
Kevin Hill
Posts: 126 +0
RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Kevin [Administrator]
Started from : C:\Users\Kevin\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/21/2017 14:48:41
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 38 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - SetProcessDEPPolicy : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNELBASE.dll - CreateProcessInternalA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNELBASE.dll - CreateProcessInternalW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrGetDllHandle : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrResolveDelayLoadedAPI : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CopyFileW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - MoveFileW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - WinExec : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) SHELL32.dll - ShellExecuteExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) SHELL32.dll - ShellExecuteW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CopyFileA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFileExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenUrlW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - SetProcessDEPPolicy : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNELBASE.dll - CreateProcessInternalA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNELBASE.dll - CreateProcessInternalW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrGetDllHandle : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrResolveDelayLoadedAPI : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CopyFileW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - MoveFileW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - WinExec : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) SHELL32.dll - ShellExecuteExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) SHELL32.dll - ShellExecuteW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CopyFileA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFileExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenUrlW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestA : @ 0x0 ()
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA1 SCSI Disk Device +++++
--- User ---
[MBR] 30751e73d65b1ca55d1510e67cca1f09
[BSP] d4257016dbf36a82a7c407ce2b817ac9 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_SCN_03212017_010439.log - RKreport_SCN_03212017_104419.log - RKreport_DEL_03212017_105910.log - RKreport_SCN_03212017_110506.log
RKreport_SCN_03212017_125350.log - RKreport_DEL_03212017_125648.log - RKreport_SCN_03212017_130120.log
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Kevin [Administrator]
Started from : C:\Users\Kevin\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/21/2017 14:48:41
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\Drivers\etc\hosts] 127.0.0.1 localhost
¤¤¤ Antirootkit : 38 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - SetProcessDEPPolicy : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNELBASE.dll - CreateProcessInternalA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNELBASE.dll - CreateProcessInternalW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrGetDllHandle : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrResolveDelayLoadedAPI : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CopyFileW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - MoveFileW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - WinExec : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) SHELL32.dll - ShellExecuteExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) SHELL32.dll - ShellExecuteW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CopyFileA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFileExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenUrlW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - SetProcessDEPPolicy : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNELBASE.dll - CreateProcessInternalA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNELBASE.dll - CreateProcessInternalW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrGetDllHandle : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) ntdll.dll - LdrResolveDelayLoadedAPI : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CopyFileW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - MoveFileW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - WinExec : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) SHELL32.dll - ShellExecuteExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) SHELL32.dll - ShellExecuteW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) KERNEL32.DLL - CopyFileA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFile : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetReadFileExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestExW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - InternetOpenUrlW : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpSendRequestA : @ 0x0 ()
[IAT:Inl(Hook.IEAT)] (iexplore.exe) WININET.dll - HttpOpenRequestA : @ 0x0 ()
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA1 SCSI Disk Device +++++
--- User ---
[MBR] 30751e73d65b1ca55d1510e67cca1f09
[BSP] d4257016dbf36a82a7c407ce2b817ac9 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
============================================
RKreport_SCN_03212017_010439.log - RKreport_SCN_03212017_104419.log - RKreport_DEL_03212017_105910.log - RKreport_SCN_03212017_110506.log
RKreport_SCN_03212017_125350.log - RKreport_DEL_03212017_125648.log - RKreport_SCN_03212017_130120.log
Kevin Hill
Posts: 126 +0
And how do I get rid of the rootkit?
D
DelJo63
@Cycloid Torus if you go here http://www.nirsoft.net/utils/cports.html
you can DL & install CurrPorts for a nice display
you can DL & install CurrPorts for a nice display
D
DelJo63
post that to the Virus Remove topic please
Kevin Hill
Posts: 126 +0
Can I get some help with this rootkit removal?
Cycloid Torus
Posts: 4,892 +1,711
"post that to the Virus Remove topic please"
https://www.techspot.com/community/forums/virus-and-malware-removal.28/
https://www.techspot.com/community/forums/virus-and-malware-removal.28/
Similar threads
Latest posts
-
Tesla is laying off 10% of global workforce amid declining sales and production cuts- captaincranky replied
-
Samsung's 2024 TV lineup receives a new 98-inch model for $3,999- Squid Surprise replied
-
How to play PS1 Doom on PC (and why you might want to)- Daniel Sims replied
-
Boston Dynamics unveils impressive all-electric Atlas robot- RudyBob replied
