Jump to content

Rootkit.Necurs.GO C:\Windows\System32\drivers\HCDisk.sys


Recommended Posts

The above is reported by MalwareBytes Antimalware


On VirusTotal only you report it as malware, every other program used by them reports it as safe.


The file is in fact part of RestoreIT 2014 by FarStone, which as far as I am aware is a reputable program.


I've also added the file to your Malware Exclusions section, however your program completely ignores the exclusion, so I have also reported this as a bug.


This is causing me serious problems because I need to be able to establish a proper backup / restore regime which RestoreIT does.


Thank you.

Link to post
Share on other sites

Unfortunately no, I can't upload it.  Both your standard and advanced file uploaders give this message:


"Error You aren't permitted to upload this kind of file"


I've tried renaming it with no success.



I was just about to post this reply, when I thought I could try zipping the file.  --- Success:


Attached is the file zipped with 7Zip






Link to post
Share on other sites

FYI:  Please reference: Please read before reporting a false positive




Attach the scan log with your post.

Additionally, please also attach the detected file with your post.

Make sure it is in ZIP or RAR format.


The directions does state to place the suspect in a ZIP or RAR archive file as well as to include a "developer scan log" before attaching and posting.

Link to post
Share on other sites



I wasn't aware of that.  I should have looked for instructions before posting.  However I did manage to work out that I had to Zip the offending file.  I hope 7Zip is ok as I don't have any other zipping tools.


I can't provide any log files because I've restored my computer to a time before the files were quarantined and removed, and have MalwareBytes currently disabled, so there will not be a relevant log file.


I suppose because I use programming forums extensively, I just posted. (By the way on these forums I answer considerably more questions than I ask, so obviously I know how these things work and am grateful for all help received here).


Thanks and sorry.



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.