Prorootect

Level 53
Verified
RogueKiller by Tigzy - latest version download topic here ..

RogueKiller by Tigzy, download on Adlice Software Home page: http://www.adlice.com/softwares/roguekiller/

- Latest version Today : v10.0.4.0

Picture of download buttons on Adlice Software home page:


FossHub website RogueKiller download page: http://www.fosshub.com/RogueKiller.html
The FossHub download page identifies the current version release reference.
RogueKiller.exe (so Portable!) : 4.63 MB latest version on 32-bit, RogueKillerX64.exe : 5.18 MB on 64-bit Windows ..

Ancient GUI of RogueKiller.jpg


RogueKiller NEW black GUI.jpg


RogueKiller can be used on Windows XP, Server 2003, Vista, Server 2008, Windows 7, Windows 8, Windows 8.1.
RogueKiller can be used on both 32 bits and 64 bits operating systems.

RogueKiller is able to remove lots of actual infections, including ZeroAccess, TDSS, all rogues, and many Ransomwares. Detections are Blacklist/Whitelist based or Heuristic based.

[EN] RogueKiller official tutorial : http://www.adlice.com/softwares/roguekiller/roguekiller-official-tutorial/

- I use it since beginning of 2012, NO problems ..
I had one FP (false positive) only, I've unchecked and closed, no problems.
In drivers folder, you have TrueSight.sys from Adlice Software RogueKiller, this is anti-rootkit driver.

NEW website of RogueKiller developer Tigzy is called Adlice Software at adlice.com : http://www.adlice.com/

- Updated frequently - so always effective! -Thank you, Tigzy developer!

=========================================================
=== ===
=== RogueKiller Changelog ===
=== ===
=========================================================
-------------------
- Adlice Software -
-------------------

V10.0.4 10/29/2014
=================
- Added link to translations in language menu
- Added Delay IAT in PE module
- Added Delay IAT hooks in antirootkit
- Now IAT hooks are printed to UI as they are scanned
- Removed ctfmon from sensitive processes
- Now detects Zeus variants
- Now informative texts are not elided
- Better choices (currency/amount) for Paypal form
- Removed unused resources
- Improvements in quarantine module
- Now DNS entries show country IP in text report
- PREMIUM: Added quarantine handler
- Added detections


V10.0.3 10/22/2014
=================
- New user-agent: Now sends extended vendor names for real time monitoring
- Added detections


V10.0.2 10/16/2014
=================
- Added detection of services hidden from SCM and from registry
- Dropped command line support in free version
- Removed EAT hooks (useless)
- Improved IAT hooks scanner (now scans all modules instead of main module)
- Fixed a bug in driver library (driver could not load under certain circumstances)
- Added Czech translation
- Added tooltip with detection level (for colorblind people)
- Added detections


V10.0.1 10/10/2014
=================
- Improvements in Process library
- Added COM integrity check to disable COM calls when server is corrupted (Poweliks)
- Fixed Poweliks rule
- Added detections
- Fixed Bug in registry module
- Fixed a bug in logging


V10.0.0 10/08/2014
=================
- Major UI changes
- Added support for future Premium version
- Added support for ShellIconOverlayIdentifiers and ShellServiceObjectDelayLoad keys
- Now CLSIDs are scanned for path and memory
- Added detections

- VERY useful software, this one!
 
Last edited:

Nikos751

Level 17
Verified
Hello!! I did a scan with the tool (run from desktop as admin, exited all running programs before) and the report is as following. I consider my pc to be clean, so what are those registry entries it found? Sorry if posting in the wrong thread, if so tell me :)




RogueKiller V8.5.3 _x64_ [Mar 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : NikosAdmin [Admin rights]
Mode : Scan -- Date : 03/17/2013 14:24:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{3E9EAAD4-6CA2-4568-99E0-68A514481302} : NameServer (198.153.192.40,198.153.194.40) -> FOUND
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3750528AS +++++
--- User ---
[MBR] 2813ec722610dc391176a11d6d18959e
[BSP] 50f181a794c0b0d45a289c4900e89981 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 2046 | Size: 160000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 327682048 | Size: 390000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 1126402048 | Size: 165402 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03172013_02d1424.txt >>
RKreport[1]_S_03172013_02d1424.txt
 

Prorootect

Level 53
Verified
You have NO problems, all this are FPs. Registry section: all FPs, I think.
Your MBR ('Windows 7/8 MBR Code' line, LL1, LL2 OK!) is OK.

I have this same FP: [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
It's nothing, FP.

Bad processes: 0.
 

Moose

Level 22
Does RogueKiller by Tigzy have a portable version for Windows 8 X86 & X64 O.S? It so, can you post the links
for Windows 8 X86 & X64 O.S? Many many thanks!
 

Nikos751

Level 17
Verified
Moose said:
Does RogueKiller by Tigzy have a portable version for Windows 8 X86 & X64 O.S? It so, can you post the links
for Windows 8 X86 & X64 O.S? Many many thanks!
RogueKiller does not need installation, is compatible with Windows 8 32 and 64 bit, and you can download it here (the page link is already given; here are direct download links)
32 bit http://tigzy.geekstogo.com/Tools/RogueKiller.exe
64 bit http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe
 

Prorootect

Level 53
Verified
Latest version Today : v8.5.4 .. so it's actively developed.


[New!] Detection of malicious lines in Hosts file.

------------------------------------------------

EXAMPLE:

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
111.111.111 test1
127.012.123.1444 wxw.face book.com <======= The malicious line

------------------------------------------------

Sorry for english speakers. RK will not point which line is malicious, considering the whole file as compromised. You can then restore a clean copy (with HostsFix button), but you'll have to push your custom lines again.

...............................................

Latest news: Tigzy began his work at Malwarebytes company ..
 
Last edited:

Prorootect

Level 53
Verified
- Latest version Today : v9.2.9.0

I have an FP: redbook.sys
The Redbook system driver (Redbook.sys) is the KS filter that manages the rendering of CD digital audio - audio filter driver. It's legit Microsoft file.
 
Last edited:

Prorootect

Level 53
Verified
RogueKiller NEW version v10.0.3.0 - very nice black GUI!
Tabs buttons they illuminate in orange, very nice! Chapeau!
Works very quickly.

Too nice!

For screenshot I made, look on the first topic's post, please ..
 

Prorootect

Level 53
Verified
.. and the latest Changelog I added in the first topic's post:

=========================================================
=== ===
=== RogueKiller Changelog ===
=== ===
=========================================================
-------------------
- Adlice Software -
-------------------
V10.0.3 10/22/2014
=================
- New user-agent: Now sends extended vendor names for real time monitoring
- Added detections


V10.0.2 10/16/2014
=================
- Added detection of services hidden from SCM and from registry
- Dropped command line support in free version
- Removed EAT hooks (useless)
- Improved IAT hooks scanner (now scans all modules instead of main module)
- Fixed a bug in driver library (driver could not load under certain circumstances)
- Added Czech translation
- Added tooltip with detection level (for colorblind people)
- Added detections


V10.0.1 10/10/2014
=================
- Improvements in Process library
- Added COM integrity check to disable COM calls when server is corrupted (Poweliks)
- Fixed Poweliks rule
- Added detections
- Fixed Bug in registry module
- Fixed a bug in logging


V10.0.0 10/08/2014
=================
- Major UI changes
- Added support for future Premium version
- Added support for ShellIconOverlayIdentifiers and ShellServiceObjectDelayLoad keys
- Now CLSIDs are scanned for path and memory
- Added detections
 

Prorootect

Level 53
Verified
RogueKiller NEW version V10.0.4 10/29/2014
=================
- Added link to translations in language menu
- Added Delay IAT in PE module
- Added Delay IAT hooks in antirootkit
- Now IAT hooks are printed to UI as they are scanned
- Removed ctfmon from sensitive processes
- Now detects Zeus variants
- Now informative texts are not elided
- Better choices (currency/amount) for Paypal form
- Removed unused resources
- Improvements in quarantine module
- Now DNS entries show country IP in text report
- PREMIUM: Added quarantine handler
- Added detections