Jump to content

Search the Community

Showing results for tags 'hj.name'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 1 result

  1. Hy ,i've scanned yesterday my computer cause i had problems with the internet connection always falling ,scanned with avira and malwarebytes,spybot plus adwcleaner tdss killer and found nothing ,i did a scan with combofix too (didnt knew then i should wait for someone to ask me to use combofix because i found out later ,so i did it ) ,after i did a scan with rougue killer in safe mode and found the pum policies and pum desktop icons ,are they dangerous?To be more precise i found some time ago pum dns too with rougue killer but since they are noted as pums and since my other antivirus and antimalware programs havent found anything i didnt worried about them but i keep getting them all the time Here is the Rk report of the first scan : RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Safe mode with network support User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 01:12:13 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_SCN_07012014_160322.log - RKreport_SCN_07012014_231456.log RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log - RKreport_SCN_07162014_223100.log RKreport_SCN_07162014_230720.log Update 2: then i did another scan after a few hours with Rk in normal startup mode with avira's security settings like autorun block and host protection turned on and came up with this hj.name,userinit.exe marked red so i got scared : RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 04:37:43 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit : userinit.exe, -> FOUND [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3810790722-2108214571-1548943505-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤ [Filter(Kernel.Filter)] \Driver\atapi @ \Device\Ide\IdeDeviceP1T0L0-1 : \Driver\cdrom @ \Device\CdRom0 (\SystemRoot\System32\DRIVERS\cmderd.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_DEL_07212014_011304.log - RKreport_SCN_07012014_160322.log RKreport_SCN_07012014_231456.log - RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log RKreport_SCN_07162014_223100.log - RKreport_SCN_07162014_230720.log - RKreport_SCN_07212014_011213.log - RKreport_SCN_07212014_041927.log - I deleted the pums again but the hj.name couldnt be deleted because avira was protecting the host files so i unchecked the host protection and block autorun security functions in avira ,restarted ,scanned again with Rk and deleted the hj.name too ,but on this second scan the atapi filter wasnt recognize as possible malware .So im thinking the filter could have been the avira block autorun option?and was userinit.exe part of avira too and a false positive or a virus ? it was marked with red Here is the last report without the filter being detected after i disabled avira security protection but with hj.name still there: RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Laptopp [Admin rights] Mode : Scan -- Date : 07/21/2014 05:11:40 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [Hj.Name] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Userinit : userinit.exe, -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS547550A9E384 ATA Device +++++ --- User --- [MBR] 898bd0634d7edf5350965830762252a9 [bSP] 530116f578351fadf0c81087e96517e4 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 66709 MB 2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 136826880 | Size: 410130 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_DEL_07012014_160519.log - RKreport_DEL_07012014_232542.log - RKreport_DEL_07032014_010434.log - RKreport_DEL_07032014_012049.log RKreport_DEL_07162014_223327.log - RKreport_DEL_07162014_230742.log - RKreport_DEL_07212014_011304.log - RKreport_DEL_07212014_044312.log RKreport_DEL_07212014_045018.log - RKreport_DEL_07212014_050007.log - RKreport_SCN_07012014_160322.log - RKreport_SCN_07012014_231456.log RKreport_SCN_07032014_005641.log - RKreport_SCN_07032014_011145.log - RKreport_SCN_07032014_011642.log - RKreport_SCN_07162014_223100.log RKreport_SCN_07162014_230720.log - RKreport_SCN_07212014_011213.log - RKreport_SCN_07212014_041927.log - RKreport_SCN_07212014_043743.log RKreport_SCN_07212014_044348.log - RKreport_SCN_07212014_045004.log - RKreport_SCN_07212014_045952.log
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.