Question about partitions and manmount

March 16, 2018 at 12:38:30
Specs: Windows 8.1
Hi,

I ran downloaded RogueKiller in an attempt to check for malware. I've pasted the results from my first scan below this paragraph. I'm not an expert with computers, so I tried to find more information at "https://www.adlice.com/documentation/roguekiller/documentation/#detections", but I'm still not sure about the physical drive return. The return under "disks, showed I had 6 partitions on my physical drive but I'm not familiar with the technical terms used, such as "manmount". So in other words, I have no idea what I'm looking at. I'm running Windows 8. Thanks in advance.

RogueKiller V12.12.8.0 (x64) [Mar 12 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/rogu...
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : (edited: my last name/username was here) [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/16/2018 03:49:01 (Duration : 00:20:47)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-1001\Software\Microsoft\Internet Explorer\Main |

Start Page : http://dell13.msn.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-1001\Software\Microsoft\Internet Explorer\Main |

Start Page : http://dell13.msn.com/ -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-

03162018030626616\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/ -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-

03162018030626616\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com/ -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-

03162018030626756\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-

03162018030626756\Software\Microsoft\Internet Explorer\Main | Start Page : http://dell13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-1001\Software\Microsoft\Internet Explorer\Main |

Default_Page_URL : http://dell13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-1001\Software\Microsoft\Internet Explorer\Main |

Default_Page_URL : http://dell13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-

03162018030626616\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-

03162018030626616\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-

03162018030626756\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1562777021-3748281410-1831740241-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-

03162018030626756\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.254 0.0.0.0

([-][]) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CF64339-6CA7-4F16-8AC9-

11BA816BB476} | DhcpNameServer : 192.168.1.254 0.0.0.0 ([-][]) -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |

ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System |

ConsentPromptBehaviorAdmin : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM012 HN-M500MBB +++++
--- User ---
[MBR] dc16607103228e340cc5ede0b3676896
[BSP] cbd4ec5af97cef97df609c63ea57c9b2 : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 500 MB
4 - Basic data partition | Offset (sectors): 2394112 | Size: 463175 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 950976512 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 951898112 | Size: 12145 MB
User = LL1 ... OK
User = LL2 ... OK

message edited by cosmo18


See More: Question about partitions and manmount

Report •

#1
March 16, 2018 at 18:15:21
Are you running some version of Linux?

Report •

#2
March 16, 2018 at 20:29:15
RogueKiller is probably running on some version of Linux which is why it identified the partitions as "Mounted", The MAN part is probably related to the version of Linux.
The other part "EFI System Partition" and "Microsoft System Reserve" are clearly partitions created for Windows Requirements, "Microsoft Recovery Partition" is manufacture created and pretty self explanatory. The "Basic data partition......Size: 463175 MB" is your 463.175GB 'C' drive that is your primary partition. The other tiny partitions are probably related to the drives partition table and reserved sectors for drive repair.
I see no problem with that part. I do see registry entries that appear to have been removed that apparently were infected (though I do not know the program).

You have to be a little bit crazy to keep you from going insane.


Report •

#3
March 16, 2018 at 21:05:27
Okay, thank you for taking the time to look over the report for me. So, the "mounts" are associated with the RogueKiller itself, not my machine, correct?

Thank you again. Much appreciated.

message edited by cosmo18


Report •

Related Solutions

#4
March 16, 2018 at 21:09:14
OtheHill: No, no Linux running on my laptop that I know of. That's what I was worried about after searching google and only finding references to Linux.

Report •

#5
March 17, 2018 at 06:06:22
The scan results list a bunch of PUMs (Potentially Unwanted Modifications) & they all show the problem being with your start page - http://dell13.msn.com

You might wanna consider changing it to something else. If you like MSN, use the "real" website as your homepage - https://www.msn.com/


Report •

Ask Question