<

“Rogue Killer” – What a great name!

Published on
186,052 Points
28,452 Views
46 Endorsements
Last Modified:
Awarded
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl, the Zone Advisor for the Virus and Spyware Zones).

This tool IS easy enough for the casual user to implement, but be careful if you do - and you should always post your questions right here on EE, if you need additional help.

The purpose of this Article is to provide some basic usage and reference information about a tool developed by EE Expert “Tigzy”.

index.png
I have tested it on Windows XP (SP3) and Windows 7 Ultimate (SP1) systems and have been very impressed. It is quick, easy, and effective – AND – it addresses many of the most common sets of “after” symptoms once the malware repairs are done (HOSTS file, Proxy, DNS, etc).

First the basics and link information.

Lien pour ceux qui parlent Français: http://www.sur-la-toile.com/RogueKiller/

Link for the rest of us: http://www.geekstogo.com/forum/files/file/413-roguekiller/
[Current version on 17 JUL 14 is 9.2.3]

The usage instructions are as simple as:
1 – Download the file RogueKiller.exe to your desktop, and
2 – Double-left-click on the file (right-click, then Run as Administrator for 7 and Vista).

At this point a "pre-scan" will complete and a list of options will appear along the right-hand side. Start by scanning your system and then select the "Delete" button for anything it finds.

Note that there are four additional "Auto-Fixes" for some of the most common symptoms of malware problems. If you move your mouse pointer over each of these, a brief description of what it does will appear. Select any that apply to your situation.

Note that the developer does recommend a follow up scan with other anti-malware applications – with my number one recommendation being Malwarebytes.
Download program: (MBAM - http://www.malwarebytes.org/)
Download update: (http://data.mbamupdates.com/tools/mbam-rules.exe) - If needed.

For those of you familiar with fighting malware, please note that this application has the ability to identify and STOP malware processes before it starts repairing/fixing the problems. For all of us who had to previously run other applications (Rkill, etc.) this is a significant advantage.

As this application develops, I will update the Article and I invite all the malware fighters out there to post additional information/comments as needed.

Some other valid Articles here on Experts-Exchange that I highly recommend you read are:
2012-Malware-Variants
MALWARE - "An Ounce of Prevention..."
Basic Malware Troubleshooting
Stop-the-Bleeding-First-Aid-for-Malware
Latest-Malware-Threat-Windows-Stability-Center

Viruses in System Volume Information (System Restore)
THINGS YOU NEED TO DO WHEN YOUR PC IS INFECTED:
IF YOU CAN'T RUN .EXES IN AN INFECTED SYSTEM:
Can't Install an Antivirus - Windows Security Center still detects previous AV:
HijackThis - Some Tips & Tricks:
HijackThis reports missing files on 64-bit Systems:
"Google Hijack" - Google Search Gets Redirected:
RKreport.bmp
46
Comment
Author:younghv
  • 13
  • 5
  • 2
  • +7
28 Comments
 
LVL 52

Expert Comment

by:Mark Wills
Thanks younghv,

Seems to be a good tool - havent got any issues at the moment, but definitely a "keeper" for the rescue pack :)

Voted Yes :)
0
 
LVL 38

Author Comment

by:younghv
Thank you Marcus.
This is one of those tools that is "Good to have and not need, than to need and not have".

Here's another if you'd care to review it:
 http://www.experts-exchange.com/Anti_Spyware/A_5124.html
0
 
LVL 15

Expert Comment

by:Ryan_R
Thanks Vic

Will download a copy to my USB drive.

*votes yes*
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 38

Author Comment

by:younghv
Hey Ryan,
Long time no see.
Thank you for commenting and voting.
Vic
0
 
LVL 1

Expert Comment

by:agieryic
Great Tool! Whats you opinion of Combo-Fix? I use this tool and find it just as important as MalwareBytes
0
 
LVL 38

Author Comment

by:younghv
Hi agieryic,
Thank you for the comment.
As far as my opinion of ComboFix, I couldn't possibly do my job without it.
The developer (sUBS) was selected as a Microsoft MVP - based on the work he has done with fighting malware.

We have an on-going discussion question for proper use of MBAM and CF if you'd care to join in:
http://www.experts-exchange.com/Q_26933025.html
0
 
LVL 28

Expert Comment

by:Run5k
Vic,

I have only recently returned to the EE community after a rather extended absence, and it's certainly great to see the tremendous contributions you have made to Experts Exchange while I have been gone!

Thanks for the informative article!  I have heard good things about Rogue Killer recently, and it's nice to get some additional guidance from a genuinely trusted source.

~Tom
0
 
LVL 38

Author Comment

by:younghv
Hi Tom,
Thank you very much for the comments.
I noticed that you've jumped back in the EE game after a couple of years.
Good to see you back.
Vic
(Ran42k)
0
 
LVL 28

Expert Comment

by:Run5k
Vic, it is definitely nice to be back!  Do you still have my e-mail address from the old days?  If so, drop me a line when you get the chance.

~Tom
0
 
LVL 38

Author Comment

by:younghv
Tom - negative on the email address, but drop me a note with "@experts-exchange.com" added to my EE user name.
0
 
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
Younghv,

I was just helping someone out on ee and they pointed out that RogueKiller looked different.  I went to your link from the article and sure enough version 7 has a new GUI and looks totally different.  Just an FYI.
0
 
LVL 38

Author Comment

by:younghv
@tzucker - thank you.
I didn't know about the change, but got a copy and played with it a bit.
Very nice improvements (new image added).
0
 
LVL 30

Expert Comment

by:Sudeep Sharma
Thanks for updating the Image of Rogue Killer Vic, it would certainly help
0
 
LVL 93

Expert Comment

by:Patrick Matthews
Vic,

Just wanted to let you know that your suggestion of a one-two punch of Rogue Killer and MalwareBytes allowed me to dispatch the very annoying Security Shield 2012 virus today.

Thanks for this article, and for your answer over in http://www.experts-exchange.com/Security/Misc/Q_27435667.html

Patrick
0
 
LVL 38

Author Comment

by:younghv
Hi Patrick,
I am just getting back on-line after several days on the road.

After all these years on EE, a comment such as yours is worth much more than earning another T-shirt.

Many of the new malware variants are being bundled with additional malware and I need to amend this Article to include a recommendation for TDSSKILLER  (http://support.kaspersky.com/viruses/solutions?qid=208280684)

It is a very strong scanner/tool and safe to use. Give it a try (boilerplate follows):

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
Please post the log to be analyzed.
0
 
LVL 93

Expert Comment

by:Patrick Matthews
Once again, my employer's not-so-great McAfee enterprise anti-virus let slip a virus, the Smart Fortress 2012 malware.  Sigh.  (Smart Fortress seems to behave very, very similarly to Security Shield.)

However, once again the one-two punch of Rogue Killer and MalwareBytes removed it.  (I ran TDSSKiller too for good measure.)

Thanks again, Vic!
0
 
LVL 38

Author Comment

by:younghv
Hey Patrick!
Glad to know they worked again. Sometimes that one will mess up your file associations and executable commands.

If all of your programs are working properly, that's great - but keep this link handy (http://www.bleepingcomputer.com/download/windows/utilities/fixexec)

It is yet another handy tool from "Grinler" that will autofix the association for all of your executable files.

It would sure be nice if your employer would let you install the Pro version of Malwarebytes. It will not interfere with McAfee, but would be a great additional line of defense.

BTW - occasionally McAfee will start barking at some of the things MBAM does. If that happens, you can change the config as explained here (http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=162098&#entry162098)
0
 
LVL 93

Expert Comment

by:Patrick Matthews
And f$#@ing Security Shield was back.  This one took a little more effort, but it looks like once again running Rogue Killer and MBAM in safe mode, then following up with a MBAM scam in regular mode did the trick.

I know MBAM is not recommended for safe mode, but the only way I could get anything to run was in safe mode :)

Thanks again, Vic!  This is my "go-to" article :)
0
 
LVL 38

Author Comment

by:younghv
Hey Patrick,
I wrote another article that addresses the "2012" variants and there are some great follow up comments from Russell_Venable. He is one of those brainiacs who actually captures examples of the live malware and dissects it to find out what makes it tick.

http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6550-2012-Malware-Variants.html#c34001

What Browser (and version) are you running?
0
 
LVL 93

Expert Comment

by:Patrick Matthews
Windows 7 Enterprise

Chrome 19.0.1084.52 m

IE 8.0.7601.17514
0
 
LVL 38

Author Comment

by:younghv
Following the whole "Defense In Depth" concept, please check to make sure you have modified your IE for 'cookie' handling.

Tools -> Internet Options -> Privacy
Tools -> Internet Options -> Privacy -> Advanced
I don't know anything about Chrome - except on my 57 Chevy Impala (red convertible).
0
 
LVL 93

Expert Comment

by:Patrick Matthews
Thanks again, Vic!
0
 
LVL 1

Expert Comment

by:dbiz
Thanks for the article, it was really helpful!
0
 
LVL 38

Author Comment

by:younghv
@dbiz -
Thank you for the comment.
Were you able to solve the problem or are there remaining symptoms?
We can get you some targeted help if needed.
0
 
LVL 1

Expert Comment

by:dbiz
Thanks,  younghv

I think it is ok now.  I don't know if it was a virus or a driver problem or both.  

A couple of days ago it was saying that my copy of windows wasn't genuine.  That fixed itself and today it kept crashing while playing video games saying "attempt to reset the display driver and recover from timeout failed"

Rogue Killer replaced several registry entries.  I ran a full scan with Malware Bytes after that and no problems were found.

I updated the NVIDIA driver, and it hasn't crashed for a while.
0
 
LVL 38

Author Comment

by:younghv
<<I updated the NVIDIA driver, and it hasn't crashed for a while. >>

I hope that takes care of the the problem. In the past couple of weeks I've had two computers (nVidia cards) show the same kind of random crashes/re-booting.

With the first one, I threw everything in the book at it to no avail. A friend finally suggested replacing the driver; which worked.

On the second one, driver replacement was the first thing I tried --> game over.

I followed up with RK/MBAM and a couple of other scanners and only found some minor stuff.

Thank you for posting a follow up - see you around the zones.
0
 

Expert Comment

by:matedwards
great post.. straight and clear to understand.. many thanks

Mat
0
 
LVL 38

Author Comment

by:younghv
@Mat - thank you for the nice comment. Glad it helped.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month