A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #3032  by CloneRanger
 Thu Oct 14, 2010 5:55 am
Hi Libertad.

Good to see you back, and with a nice new dedicated www :)

Thanks for the update which still looks Fantastic, works extremely smoothly, and is very fast :)

When i scanned my comp it was accurate in highlighting several items as suspicious, which could have been malware but wern't, just some of my security apps ;)

On closing the app Zemana popped up with this alert
z.gif
z.gif (19.05 KiB) Viewed 621 times
Is that due to my saving the log, or ?
 #3055  by CloneRanger
 Thu Oct 14, 2010 10:30 pm
@ Libertad

Hi,

I also get the kernel alert, but that's to be expected so i obviously allow it ;)

I retried it several times and found that i only get the the clipboard alert on close if i save the log. It doesn't happen if i just generate a log. My version of Zemana is 1.9.2.210. I note what you say about user interaction with the Command tab.

Another wierd thing is this
tz.gif
tz.gif (7.48 KiB) Viewed 599 times
Why does it try to call out ?

By the way, the reverse DNS of where it trys to call out to is DOD :P

TIA
 #3068  by Libertad
 Fri Oct 15, 2010 6:31 am
Oh my God! How much do you have antivirus software and utils??? :)
One thing I can say for sure, I do not work directly with the clipboard. And do not try to steal your personal information. :)
All that concerns the clipboard, buried deep in the bowels of the QT Lib. Where? Sorry, but I do not have time to deal with it. Maybe someday I'll do that.
With regard to the Internet, it happens when Tuluka checks the digital signature of drivers.

Libertad.
 #3118  by CloneRanger
 Sun Oct 17, 2010 6:08 pm
@ Libertad
How much do you have antivirus software and utils???
Just enough :P
And do not try to steal your personal information.
I wasn't suggesting you were, just thought you'ld like to know what i found, as others might too ;)
With regard to the Internet, it happens when Tuluka checks the digital signature of drivers.
OK, now we know :)

Regards
 #3278  by liangtong
 Sun Oct 31, 2010 3:53 pm
Just find that the number of "Worker Threads" Tuluka shows doesn't match with !exqueue and RKU.
And refreshing system thread info frequently may cause deadlock on my machine.

Regards.
 #4853  by Alex
 Wed Feb 02, 2011 10:42 am
unlic3nsed please create a new thread and post there results of scans from RkU, KernelDetective (system threads tab and/or the thread stack) this should allows us to figure out is this thread suspisious...