“Rogue Killer” – What a great name!

AID: 4922

Status: Published

67688 points

Byyounghv
TypeTips/Tricks
Posted on2011-03-17 at 09:41:00

Awards

Community Pick
Experts Exchange Approved

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl, the Zone Advisor for the Virus and Spyware Zones).

This tool IS easy enough for the casual user to implement, but be careful if you do - and you should always post your questions right here on EE, if you need additional help.

The purpose of this Article is to provide some basic usage and reference information about a tool developed by EE Expert “Tigzy”.

I have tested it on Windows XP (SP3) and Windows 7 Ultimate (SP1) systems and have been very impressed. It is quick, easy, and effective – AND – it addresses many of the most common sets of “after” symptoms once the malware repairs are done (HOSTS file, Proxy, DNS, etc).

First the basics and link information.

Lien pour ceux qui parlent Français: http://www.sur-la-toile.com/RogueKiller/

Link for the rest of us: http://www.geekstogo.com/forum/files/file/413-roguekiller/

The usage instructions are as simple as:
1 – Download the file RogueKiller.exe to your desktop, and
2 – Double-left-click on the file (right-click, then Run as Administrator for 7 and Vista).

At this point a "pre-scan" will complete and a list of options will appear along the right-hand side. Start by scanning your system and then select the "Delete" button for anything it finds.

Note that there are four additional "Auto-Fixes" for some of the most common symptoms of malware problems. If you move your mouse pointer over each of these, a brief description of what it does will appear. Select any that apply to your situation.

RK-7.png

141 KB
RK_7

Note that the developer does recommend a follow up scan with other anti-malware applications – with my number one recommendation being Malwarebytes.
Download program: (MBAM - http://www.malwarebytes.org/)
Download update: (http://data.mbamupdates.com/tools/mbam-rules.exe) - If needed.

For those of you familiar with fighting malware, please note that this application has the ability to identify and STOP malware processes before it starts repairing/fixing the problems. For all of us who had to previously run other applications (Rkill, etc.) this is a significant advantage.

As this application develops, I will update the Article and I invite all the malware fighters out there to post additional information/comments as needed.

Some other valid Articles here on Experts-Exchange that I highly recommend you read are:
2012-Malware-Variants
MALWARE - "An Ounce of Prevention..."
Basic Malware Troubleshooting
Stop-the-Bleeding-First-Aid-for-Malware
Latest-Malware-Threat-Windows-Stability-Center

Viruses in System Volume Information (System Restore)
THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
IF YOU CAN'T RUN .EXES IN AN INFECTED SYSTEM:
Can't Install an Antivirus - Windows Security Center still detects previous AV:
HijackThis - Some Tips & Tricks:
HijackThis reports missing files on 64-bit Systems:
"Google Hijack" - Google Search Gets Redirected:

RKreport.bmp
- 1.7 MB
Report

Asked On: 2011-03-17 at 09:41:00ID4922
Tags: Malware
Topic: Anti-Virus
Views: 13255

About The Author

younghv

I enjoy hanging around EE - just watching some of the giants of the IT industry work their magic.
I learn more than I teach here every day ... and all of these teachers work for free.

More Articles From younghv

Comments

Expert Comment

by: mark_wills on 2011-03-28 at 11:31:37ID: 25172

Thanks younghv,

Seems to be a good tool - havent got any issues at the moment, but definitely a "keeper" for the rescue pack :)

Voted Yes :)

Author Comment

by: younghv on 2011-03-28 at 17:11:47ID: 25184

Thank you Marcus.
This is one of those tools that is "Good to have and not need, than to need and not have".

Here's another if you'd care to review it:
http://www.experts-exchange.com/Anti_Spyware/A_5124.html

Expert Comment

by: Ryan_R on 2011-03-30 at 21:42:35ID: 25289

Thanks Vic

Will download a copy to my USB drive.

*votes yes*

Author Comment

by: younghv on 2011-04-01 at 11:47:42ID: 25405

Hey Ryan,
Long time no see.
Thank you for commenting and voting.
Vic

Expert Comment

by: agieryic on 2011-05-10 at 11:29:14ID: 26958

Great Tool! Whats you opinion of Combo-Fix? I use this tool and find it just as important as MalwareBytes

Author Comment

by: younghv on 2011-05-10 at 16:13:19ID: 27010

Hi agieryic,
Thank you for the comment.
As far as my opinion of ComboFix, I couldn't possibly do my job without it.
The developer (sUBS) was selected as a Microsoft MVP - based on the work he has done with fighting malware.

We have an on-going discussion question for proper use of MBAM and CF if you'd care to join in:
http://www.experts-exchange.com/Q_26933025.html

Expert Comment

by: Run5k on 2011-06-09 at 13:36:52ID: 28196

Vic,

I have only recently returned to the EE community after a rather extended absence, and it's certainly great to see the tremendous contributions you have made to Experts Exchange while I have been gone!

Thanks for the informative article! I have heard good things about Rogue Killer recently, and it's nice to get some additional guidance from a genuinely trusted source.

~Tom

Author Comment

by: younghv on 2011-06-10 at 03:24:32ID: 28210

Hi Tom,
Thank you very much for the comments.
I noticed that you've jumped back in the EE game after a couple of years.
Good to see you back.
Vic
(Ran42k)

Expert Comment

by: Run5k on 2011-06-27 at 17:02:12ID: 29218

Vic, it is definitely nice to be back! Do you still have my e-mail address from the old days? If so, drop me a line when you get the chance.

~Tom

Author Comment

by: younghv on 2011-06-28 at 02:55:05ID: 29236

Tom - negative on the email address, but drop me a note with "@experts-exchange.com" added to my EE user name.

Expert Comment

by: tzucker on 2012-02-03 at 15:13:14ID: 41849

Younghv,

I was just helping someone out on ee and they pointed out that RogueKiller looked different. I went to your link from the article and sure enough version 7 has a new GUI and looks totally different. Just an FYI.

Author Comment

by: younghv on 2012-02-04 at 03:19:12ID: 41902

@tzucker - thank you.
I didn't know about the change, but got a copy and played with it a bit.
Very nice improvements (new image added).

Expert Comment

by: SSharma on 2012-02-09 at 07:10:39ID: 42427

Thanks for updating the Image of Rogue Killer Vic, it would certainly help

Expert Comment

by: matthewspatrick on 2012-03-16 at 11:50:20ID: 46400

Vic,

Just wanted to let you know that your suggestion of a one-two punch of Rogue Killer and MalwareBytes allowed me to dispatch the very annoying Security Shield 2012 virus today.

Thanks for this article, and for your answer over in http://www.experts-exchange.com/Security/Misc/Q_27435667.html

Patrick

Author Comment

by: younghv on 2012-03-19 at 16:32:02ID: 46932

Hi Patrick,
I am just getting back on-line after several days on the road.

After all these years on EE, a comment such as yours is worth much more than earning another T-shirt.

Many of the new malware variants are being bundled with additional malware and I need to amend this Article to include a recommendation for TDSSKILLER (http://support.kaspersky.com/viruses/solutions?qid=208280684)

It is a very strong scanner/tool and safe to use. Give it a try (boilerplate follows):

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete", you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.

Expert Comment

by: matthewspatrick on 2012-04-05 at 20:16:28ID: 48912

Once again, my employer's not-so-great McAfee enterprise anti-virus let slip a virus, the Smart Fortress 2012 malware. Sigh. (Smart Fortress seems to behave very, very similarly to Security Shield.)

However, once again the one-two punch of Rogue Killer and MalwareBytes removed it. (I ran TDSSKiller too for good measure.)

Thanks again, Vic!

Author Comment

by: younghv on 2012-04-06 at 02:51:19ID: 48921

Hey Patrick!
Glad to know they worked again. Sometimes that one will mess up your file associations and executable commands.

If all of your programs are working properly, that's great - but keep this link handy (http://www.bleepingcomputer.com/download/windows/utilities/fixexec)

It is yet another handy tool from "Grinler" that will autofix the association for all of your executable files.

It would sure be nice if your employer would let you install the Pro version of Malwarebytes. It will not interfere with McAfee, but would be a great additional line of defense.

BTW - occasionally McAfee will start barking at some of the things MBAM does. If that happens, you can change the config as explained here (http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162098&#entry162098)