Jump to content

System files tagged


Recommended Posts

I got this when I checked the computer this A.M.


Files: 0
(No malicious items detected)
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\gpuenergydrv.sys, , [ba2455d93bd57989a04fe4094aa6f941],
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys, , [c277a49f8a8295840debc9240b75a282],
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\rmcast.sys, , [d05726c00594552000ab5e02a54d061f],
Unknown.Rootkit.Driver, C:\WINDOWS\SYSTEM32\drivers\usb8023.sys, , [d1250271d1502fed928f4133acf96ec1],


I clicked quarantine and it told me that it so successfully.


What am I to believe?


John :wacko:


Link to post
Share on other sites


Yes I have been using Rollback Home for a month or so now.  My everyday Malwarebytes scan never complained until 2 days ago.


Today I did another scan (of course) and all the data is attached here. Database is: v2015.12.11.4


It told me again that 4 files were flagged as rootkit files. I tried to quarantine them but was told that 0 files were successfully quarantined.





MAlWare Bytes found.txt

flagged as rootkit 4 files.zip

Link to post
Share on other sites

  • Staff

Thank you for the updated info.

It is Rollback that is causing MBAM rootkit engine to trigger this alarm.

See here for an explanation:


Solution is to uninstall Rollback> reboot> reinstall Rollback & the next scan should run clean.


Let me know your results.



Link to post
Share on other sites

I was going to report similar issue, but i guess Rollback RX is to blame for 'forging; the drivers - took a long run thru every sandbox online available :D just to be sure.. but no infections were found and no 'malware-like' actions on the behalf of those drivers, so i was going for false positive report when i found the problem with rollback/freeze softwares..

I know this question is not for here, but do i bother to contact RollbackRX with the issue or they have been already contacted and it just the way the software works and that's it. Is there another way of doing the 'recovery' so we can suggest that to them so it won't trigger rootkit detectors.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.