Solved

rogue how to delete files

Posted on 2014-10-23
8
1,040 Views
Last Modified: 2014-10-25
rogue killer

windows 7




only one tab of information. when i press delete, browser window opens no delete
how to delete files





RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Administrator]
Mode : Scan -- Date : 10/23/2014  17:45:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 34 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SweetIM : C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir=  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir=  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\Yahoo! Search -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Found
[Suspicious.Path] \\Yahoo! Search Udpater -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1	localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] f0mfwzvp.default : mysearchdial.com [ffxtlbr@mysearchdial.com] -> Found
[PUP][FIREFX:Addon] f0mfwzvp.default : MySearchDial [{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] -> Found
[PUM.HomePage][FIREFX:Config] f0mfwzvp.default : user_pref("browser.startup.homepage", "http://rts.dsrlte.com?affID=na"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 419715f6912ab3416d80402d76f7d4c6
[BSP] 2c1614e2c06e79278a040ed2b5ff4bd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 35653632 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35858432 | Size: 697894 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10232014_173605.log
                                          

Open in new window

0
Comment
Question by:rgb192
  • 4
  • 3
8 Comments
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
rgb192--
Rogue Killer's official tutorial says
"The deletion is triggered by clicking on the Delete button.. Before, the user must check the results of the previous scan into the different tabs, or with the text report. If you’re in doubt, please see following sections on the deep analysis."
 
http://www.adlice.com/softwares/roguekiller/roguekiller-official-tutorial/

So since , per the log, no Rootkits were detected, there is nothing to delete from the AntiRootKit tab.  Switch to each of the other tabs.

That message about "Fetching Hook Data..." suggests you do not have a full log or report yet.
0
 

Author Comment

by:rgb192
Comment Utility
now all the tabs are filled with rows.
when I press delete a firefox window opens
http://www.adlice.com/pup-removal-howto/


Same number of rows.
I ran again and same result.
I can not delete rows.
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 250 total points
Comment Utility
rgb192--
Did you follow the advice in that link you posted
"right click on each of them that are in RED (in browser tab), and remove."

"I can not delete rows. "
I cannot understand what is happening.  What are rows?  If you do not know how to use Rogue Killer, don't use it.  Rather scan with the antivirus and antimalware apps you already have.

Why are you running Rogue Killer?
0
 

Author Comment

by:rgb192
Comment Utility
RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Administrator]
Mode : Delete -- Date : 10/24/2014  04:10:58

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 419715f6912ab3416d80402d76f7d4c6
[BSP] 2c1614e2c06e79278a040ed2b5ff4bd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 35653632 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35858432 | Size: 697894 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10232014_173605.log - RKreport_SCN_10232014_174527.log - RKreport_DEL_10232014_224605.log - RKreport_DEL_10232014_224622.log
RKreport_DEL_10232014_224646.log - RKreport_DEL_10232014_224702.log - RKreport_DEL_10232014_224714.log - RKreport_DEL_10232014_224730.log
RKreport_DEL_10232014_233823.log - RKreport_DEL_10232014_233903.log - RKreport_DEL_10232014_233934.log - RKreport_DEL_10232014_234016.log
RKreport_DEL_10232014_234029.log - RKreport_SCN_10232014_235508.log - RKreport_DEL_10242014_022556.log - RKreport_DEL_10242014_022613.log
RKreport_DEL_10242014_022650.log - RKreport_DEL_10242014_022714.log - RKreport_SCN_10242014_023243.log - RKreport_DEL_10242014_031536.log
RKreport_SCN_10242014_031844.log

Open in new window


after many delete and scan

Why are you running Rogue Killer?

recommended in previous question
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 91

Assisted Solution

by:nobus
nobus earned 250 total points
Comment Utility
an excerpt from the "how to use":
The deletion is triggered by clicking on the Delete button.. Before, the user must check the results of the previous scan into the different tabs, or with the text report. If you’re in doubt, please see following sections on the deep analysis.
 
 If some items looks legit, you have the possibility to uncheck them before the deletion (and notify them to the team by email, please). Unlike the scan, the deletion modifies the system, because this is the way malwares must be deleted. However, every modified thing is quarantined first.
 
Colors are pretty intuitive: Red is for Malware, Orange is for possible malware, Grey is reserved for PUM (Potentially Unwanted Modifications), and Green is for legit. Some items are unchecked by default, this is because the software was unable to tell if it’s malware, but it’s at least suspicious. Check them at your own risk.
 

here the site's article on how to use Roguekiller  http://www.adlice.com/softwares/roguekiller/roguekiller-official-tutorial/

that should help resolve your problems and questiob i hope
if not just ask
0
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
nobus--
That was the link and quote I suggested in http:#a40400622
0
 

Author Closing Comment

by:rgb192
Comment Utility
thanks for color information. I made deletes.
0
 
LVL 50

Expert Comment

by:jcimarron
Comment Utility
rgb192--
You are welcome.  But you did not give any credit to the fact that
1  the link I initially posted had the info about colors.  http:#a40400622
2) I actually mentioned the usefulness of the colors here  http:#a40400780
Both posts were made before nobus post http:#a40401163
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

The Display applet of Windows 7 Control Panel has changed a great deal since Windows XP  (it was missing and more or less replaced in Windows Vista by the Personalization applet.)  Below is a screenshot of what the Display applet of Windows XP, whic…
OfficeMate Freezes on login or does not load after login credentials are input.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now