RogueKiller V13

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
@Tigzy The detection as keylogger for Winja, phrozen.io, is a false-positive, or not?

Winja v5.1 - Phrozen

3SOE0Q.png


https://www.reverse.it/sample/9125a...c90a10501c4980f06395/5c7ca8760388382a0f9f1f19

Not sure about this Threat Description - Adlice Software

I saw that the developer of Winja probably made a keylogger, but also other things I think?

Thank you.

Hey, no it's not. We are aware here's a great dev and such, but still this is a keylogger and having it installed on a machine may be for bad purposes so we've chosen to detect. You can add exclusion if you want :)

EDIT: I see what you mean, we'll try to modify the rule to only detect Keylogger.
 

FrFc1908

Level 20
Verified
Top Poster
Well-known
Jul 28, 2016
950
Hi tigzy. Thanks for your awesome work! Really like the program, good to have as an extra in the on demand scanner Arsenal. The only thing that is a little annoying is the fact that you will need to download definitions as a standalone pack from the website each time and integrate them manually. I hope this process can / will be available automatically in the future?
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Hi tigzy. Thanks for your awesome work! Really like the program, good to have as an extra in the on demand scanner Arsenal. The only thing that is a little annoying is the fact that you will need to download definitions as a standalone pack from the website each time and integrate them manually. I hope this process can / will be available automatically in the future?
Hey, this is automatic when you get a Premium license ;)
 

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,869
I want to report a FP. War Thunder is a cross platform vehicular combat multiplayer video game and not an an adware/malware. Clean results on VT for C:\Users\user_name\AppData\Local\WarThunder\win64\Aces.exe
Another one for C:\Users\user_name\AppData\Local\WarThunder\Launcher.exe VT results
Threat: Suspicious Path
Detected items are registry keys linked to these two .exe files.
 
Last edited:
  • Like
Reactions: stefanos

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,344
Hey, no it's not. We are aware here's a great dev and such, but still this is a keylogger and having it installed on a machine may be for bad purposes so we've chosen to detect. You can add exclusion if you want :)

EDIT: I see what you mean, we'll try to modify the rule to only detect Keylogger.
Oh very interesting. So it has a keylogger in it? That's pretty bad. I did a scan and it detected it so I removed it.

It detected Auslogics Disk defrag as PUP but I kept it.

Also, it detected this so I removed it. It definitely seems like a good tool. Good job! :)
212788
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
I want to report a FP. War Thunder is a cross platform vehicular combat multiplayer video game and not an an adware/malware. Clean results on VT for C:\Users\user_name\AppData\Local\WarThunder\win64\Aces.exe
Another one for C:\Users\user_name\AppData\Local\WarThunder\Launcher.exe VT results
Threat: Suspicious Path
Detected items are registry keys linked to these two .exe files.
Thanks, we will add.

Oh very interesting. So it has a keylogger in it? That's pretty bad. I did a scan and it detected it so I removed it.

It detected Auslogics Disk defrag as PUP but I kept it.

Also, it detected this so I removed it. It definitely seems like a good tool. Good job! :)View attachment 212788

I have a doubt about the INCA Shared file, can you share the hash ? It's weird that it has EICAR signature in it, that would be a nonsense for them :)
 

Andrew999

Level 24
Verified
Top Poster
Well-known
Dec 17, 2014
1,344
I have a doubt about the INCA Shared file, can you share the hash ? It's weird that it has EICAR signature in it, that would be a nonsense for them :)
Ok, here is the hash
a2a5cc6b5232b8e29e722dbc507785b3

Please tell me if I can remove it or not? Or is it safe?

Also you said that Winja, phrozen.io was a keylogger right?
 
  • Like
Reactions: harlan4096

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi all

RogueKiller v13.1.10


V13.1.10 04/24/2019
=================
- Added notifications setting
- Updated to core 3.0.8
* Bug fixes
* Updated signatures


With best Regards
Mops21
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Ok, here is the hash
a2a5cc6b5232b8e29e722dbc507785b3

Please tell me if I can remove it or not? Or is it safe?

Also you said that Winja, phrozen.io was a keylogger right?
As you can see on Virustotal, eGambit is also detecting EICAR code. It's probably because they are exposing EICAR test code in their file, that's a poor design... But it's safe, you can leave it alone.

As for Winja, no. Phrozen has made a keylogger, it's a separate product; Don't worry too much, this detection will adjusted on our side.
 

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi all

RogueKiller v13.2.0.0


V13.2.0 05/14/2019
=================

- Updated to core 3.0.9
* Bug fixes
* Updated signatures
* UCheck engine update
- Fix for hidden.proc
- Free users can now download signatures package automatically

With best Regards
Mops21
 
Last edited:

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi all

RogueKiller v13.2.2.0


V13.2.2 06/10/2019
=================
- Updated to core 3.0.11
* Fixed startup registration issue when laptop on battery
* Fixed warning message at startup when floppy drive exists
* Fixed file not closing after zip operations
- Added automatic updates setting
- New Automatic update system (silent with notifications and scheduler)
- Fixed last scan date (taken from config and not history)

Witzh best Regards
Mops21
 

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi all

RogueKiller v13.3.0.0 + Roguekiller 13.3.1.0


V13.3.1 01/07/2019
=================
- Updated to core 3.1.1
* Minor fixes

V13.3.0 01/07/2019
=================
- Updated to core 3.1.0
* Fixed an issue where GetErrorMode API isn't present on XP
* New machine ID (less prone to changes on Windows install)
* Technician trial (if applicable)
* Scheduler V2
* Reviews notifications
- Better notifications
- Added Machine ID on Account page

With best Regards
Mops21
 
Last edited:

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi all

RogueKiller v13.3.2.0


V13.3.2 07/15/2019
=================
- Updated to core 3.2.0
* Signed files are whitelisted by default
* Fixed an issue in scheduler
* MalPE V2

With best Regards
Mops21
 

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi all

RogueKiller v13.4.2.0


V13.4.2 08/09/2019
=================
- Updated to core 3.2.1
* Fixed scheduler reload
- Fixed a possible deadlock in scheduler

With best Regards
Mops21
 

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi all

RogueKiller v13.4.3.0


V13.4.3 08/20/2019
=================
- Updated to core 3.2.4
* Fixed an issue in WinTrust (part 2)
* Fixed possible deadlock while enumerating processes
* Fixed SearchStrings method
* Signatures 20190819_114745
* Added new Scan locations
* Fixed an issue with ACLs where config files may not be properly saved
* Fixed portable_license CLI parameter
* Fixed low privilege Shell extension Registration

With best Regards
Mops21
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top