Text only | Text with Images

LandzDown Forum

Security => Security Software Programs => Topic started by: fletch on November 05, 2015, 01:26:04 AM

Title: WinPatrol malwarebytes
Post by: fletch on November 05, 2015, 01:26:04 AM
Anybody getting hits on the WinPatrol network drivers from Malwarebytes?
Title: Re: WinPatrol malwarebytes
Post by: Digerati on November 05, 2015, 05:08:31 AM
Not here. I cannot find anything to suggest that file and service is related to WinPatrol. While the file's digital signature is by Ruiware, the current developers of WinPatrol, it appears to be associated with a different product, Windows (R) Win 7 DDK (http://systemexplorer.net/file-database/file/ruinetf-sys).
Title: Re: WinPatrol malwarebytes
Post by: Pierre75 on November 05, 2015, 06:01:09 AM
Sorry, nothing here on either PC. Maybe Bret is able to clarify?
Title: Re: WinPatrol malwarebytes
Post by: fletch on November 05, 2015, 03:29:05 PM
I saw the DDK connection.  Looks like netfilter2.sys that they renamed and signed.  Guess it's used to insert into the network layer to allow them control of things.  Perhaps a common method of infecting systems and MWB now flags those as "potentially" unwanted.
Title: Re: WinPatrol malwarebytes
Post by: Digerati on November 05, 2015, 04:51:39 PM
QuoteLooks like netfilter2.sys that they renamed and signed.
Who is "they"?
Title: Re: WinPatrol malwarebytes
Post by: fletch on November 05, 2015, 09:20:22 PM
QuoteWho is "they"?

Ruiware.  Apparently this was left behind from an early install of WinPrivacy.  I've deleted the file.  I'm told it's not used in the current release.
Text only | Text with Images