Solved

rogue how to delete files

Posted on 2014-10-23
8
1,093 Views
Last Modified: 2014-10-25
rogue killer

windows 7




only one tab of information. when i press delete, browser window opens no delete
how to delete files





RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Administrator]
Mode : Scan -- Date : 10/23/2014  17:45:27

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 34 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SweetIM : C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Windows\CurrentVersion\Run | Yahoo! Search : C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe  -> Found
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir=  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://start.mysearchdial.com/?f=1&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0AyDzzyEtA0C0DyByEyCtN0D0Tzu0CyCyCtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=116513266&ir=  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://rts.dsrlte.com?affID=na  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1308060415-97262782-2788367357-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3D2D8DCA-7146-4637-A7ED-EDF659C3D285} | DhcpNameServer : 213.80.101.3 213.80.98.2  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \\Yahoo! Search -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrlte.exe -> Found
[Suspicious.Path] \\Yahoo! Search Udpater -- C:\Users\Robert\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.12.4\dsrsetup.exe -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1	localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP][FIREFX:Addon] f0mfwzvp.default : mysearchdial.com [ffxtlbr@mysearchdial.com] -> Found
[PUP][FIREFX:Addon] f0mfwzvp.default : MySearchDial [{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] -> Found
[PUM.HomePage][FIREFX:Config] f0mfwzvp.default : user_pref("browser.startup.homepage", "http://rts.dsrlte.com?affID=na"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 419715f6912ab3416d80402d76f7d4c6
[BSP] 2c1614e2c06e79278a040ed2b5ff4bd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 35653632 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35858432 | Size: 697894 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10232014_173605.log
                                          

Open in new window

0
Comment
Question by:rgb192
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 50

Expert Comment

by:jcimarron
ID: 40400622
rgb192--
Rogue Killer's official tutorial says
"The deletion is triggered by clicking on the Delete button.. Before, the user must check the results of the previous scan into the different tabs, or with the text report. If you’re in doubt, please see following sections on the deep analysis."
 
http://www.adlice.com/softwares/roguekiller/roguekiller-official-tutorial/

So since , per the log, no Rootkits were detected, there is nothing to delete from the AntiRootKit tab.  Switch to each of the other tabs.

That message about "Fetching Hook Data..." suggests you do not have a full log or report yet.
0
 

Author Comment

by:rgb192
ID: 40400705
now all the tabs are filled with rows.
when I press delete a firefox window opens
http://www.adlice.com/pup-removal-howto/


Same number of rows.
I ran again and same result.
I can not delete rows.
0
 
LVL 50

Accepted Solution

by:
jcimarron earned 250 total points
ID: 40400780
rgb192--
Did you follow the advice in that link you posted
"right click on each of them that are in RED (in browser tab), and remove."

"I can not delete rows. "
I cannot understand what is happening.  What are rows?  If you do not know how to use Rogue Killer, don't use it.  Rather scan with the antivirus and antimalware apps you already have.

Why are you running Rogue Killer?
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:rgb192
ID: 40400957
RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Robert [Administrator]
Mode : Delete -- Date : 10/24/2014  04:10:58

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BDB9671-64F6-44D0-B64A-F9F4384AC35E} | DhcpNameServer : 209.18.47.61 209.18.47.62  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 419715f6912ab3416d80402d76f7d4c6
[BSP] 2c1614e2c06e79278a040ed2b5ff4bd1 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 35653632 | Size: 100 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 35858432 | Size: 697894 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_10232014_173605.log - RKreport_SCN_10232014_174527.log - RKreport_DEL_10232014_224605.log - RKreport_DEL_10232014_224622.log
RKreport_DEL_10232014_224646.log - RKreport_DEL_10232014_224702.log - RKreport_DEL_10232014_224714.log - RKreport_DEL_10232014_224730.log
RKreport_DEL_10232014_233823.log - RKreport_DEL_10232014_233903.log - RKreport_DEL_10232014_233934.log - RKreport_DEL_10232014_234016.log
RKreport_DEL_10232014_234029.log - RKreport_SCN_10232014_235508.log - RKreport_DEL_10242014_022556.log - RKreport_DEL_10242014_022613.log
RKreport_DEL_10242014_022650.log - RKreport_DEL_10242014_022714.log - RKreport_SCN_10242014_023243.log - RKreport_DEL_10242014_031536.log
RKreport_SCN_10242014_031844.log

Open in new window


after many delete and scan

Why are you running Rogue Killer?

recommended in previous question
0
 
LVL 92

Assisted Solution

by:nobus
nobus earned 250 total points
ID: 40401163
an excerpt from the "how to use":
The deletion is triggered by clicking on the Delete button.. Before, the user must check the results of the previous scan into the different tabs, or with the text report. If you’re in doubt, please see following sections on the deep analysis.
 
 If some items looks legit, you have the possibility to uncheck them before the deletion (and notify them to the team by email, please). Unlike the scan, the deletion modifies the system, because this is the way malwares must be deleted. However, every modified thing is quarantined first.
 
Colors are pretty intuitive: Red is for Malware, Orange is for possible malware, Grey is reserved for PUM (Potentially Unwanted Modifications), and Green is for legit. Some items are unchecked by default, this is because the software was unable to tell if it’s malware, but it’s at least suspicious. Check them at your own risk.
 

here the site's article on how to use Roguekiller  http://www.adlice.com/softwares/roguekiller/roguekiller-official-tutorial/

that should help resolve your problems and questiob i hope
if not just ask
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40402428
nobus--
That was the link and quote I suggested in http:#a40400622
0
 

Author Closing Comment

by:rgb192
ID: 40403474
thanks for color information. I made deletes.
0
 
LVL 50

Expert Comment

by:jcimarron
ID: 40404077
rgb192--
You are welcome.  But you did not give any credit to the fact that
1  the link I initially posted had the info about colors.  http:#a40400622
2) I actually mentioned the usefulness of the colors here  http:#a40400780
Both posts were made before nobus post http:#a40401163
0

Featured Post

Increase your protection from Zero Day threats!

Running two Antivirus' is never a good idea.
Taking advantage of Multiple Security layers on the other hand can often save your hide.
See which top notch security software brands have been proven to happily coexist together.
Reduce your chances of becoming a statistic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question