Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 334
  • Last Modified:

Roguekiller has no option of deleting

I ran a Roguekiller scan and it detected some threat but I have no option of deleting it, even I select the list it still says not selected. see attached
Roguekiller.JPG
0
Abraham Deutsch
Asked:
Abraham Deutsch
  • 5
  • 5
  • 5
  • +2
4 Solutions
 
RaghavIT SpecialistCommented:
Hi,

You might find something useful in below links -

http://www.bleepingcomputer.com/forums/t/554514/pumdns-found-on-rogue-killer-help-please/

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

You also might want to disable / uninstall software form Solvusoft to see it this fixes your issue.

Good luck with that.

--Raghav.
0
 
btanExec ConsultantCommented:
Do see this FAQ shared
Q – RogueKiller antirootkit found items, but I can’t check them for deletion. Why?
A – Antirootkit is for diagnostic only. It shows hooks made in the system, and potentially suspicious. Hooks are a consequence, and never a cause of malicious activity. So it wouldn’t make any sense to remove them, hence why they are not proposed for removal.
http://www.adlice.com/documentation/roguekiller/faq/
0
 
Abraham DeutschIT professionalAuthor Commented:
"RogueKiller antirootkit" Would you give me a little more explanation what antirootkit means, is it that I don't have the full version? (It's RogueKiller premium)
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
btanExec ConsultantCommented:
anti-rootkit is in all version @ http://www.adlice.com/download/roguekiller/
come to think of it and evident from the image, PUP is not really a hooks as depicted under AK scan. See this AK findings
https://forum.adlice.com/index.php?topic=195.msg733#msg733
I saw the issue is due to product issue to be patched instead. Probably has to get latest version and reinstall
https://forum.adlice.com/index.php?topic=323.msg1399#msg1399
Alternatively, can try the RogueKillerCMD but it is paid version based on the version table.
0
 
nobusCommented:
i suppose you ran other AV and malware scans?
if not run these too : http://www.malwarebytes.org/mbam.php                         MBAM
http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/        JRT
0
 
btanExec ConsultantCommented:
To add you can try removal using this
AdwCleaner is a program that searches for and deletes Adware, Toolbars, Potentially Unwanted Programs (PUP), and browser Hijackers from your computer.  
http://www.bleepingcomputer.com/download/adwcleaner/
0
 
dbruntonCommented:
What Roguekiller has found is one suspicious Chrome addon and four registry entries.

The Chrome addon can be uninstalled by the user.  That's no big problem.

The first registry entry points to Solvusoft software.  If Solvusoft software is installed on this computer then it can be uninstalled.  That may get rid of that entry but I don't consider it important.

The other three ARE important but I can't see enough of them to see the full contents.
0
 
Abraham DeutschIT professionalAuthor Commented:
Is it what you are saying that roguekiller will only take action on what is marked red, and giving no choice to kill PUP etc? so what is this check box near each line? (Selecting it keeps the status as not selected see image)

See attached I have the latest version of roguekiller

I Have have malwarebytes paid version but is noes not detect anything. on the image you can see the only threat roguekiller marks red is  malwarebytes and it disables it. (I enable it manually after a roguekiller run).

I also attached a report from kaspersky which deleted 12 threat yesterday.  

I know I am under some attack (even with being protected with all of this protections) as mgs was send out from my Skype and unauthorized user tried to access my Microsoft account (I have two factor authentication on so access was blocked) Also my internet browsing is vary slow.
RogueKillerV.JPG
kaspersky.JPG
RoguekillerR.JPG
0
 
nobusCommented:
in such a case - you best backup your data, and do a fresh install of the OS, after wiping the diskµ
and change your passwords
0
 
btanExec ConsultantCommented:
Roguekiller only take action for those in RED and if it is not among the RED, it means it cannot remove them. That is why we cannot rely on single tool, do consider AdwCleaner and Malwarebytes Anti-malware as suggested by experts.

However, from the alert of Zeus infection, that may be a false positive as RK has a conflict in signature
It was indeed a signature conflict, because for Zeus we have the same signature as MBAM (seen with a dump of mbamservice.exe). As the database is loaded in memory, it will be detected as malicious by RK.
We just whitelisted the mbamservice process.
https://forum.adlice.com/index.php?topic=300.0

But from the other scan, it may be the machine is already compromised and I strongly suggest that the machine be rebuild from clean state instead of cleaning up. The root cause may be have penetrated and resident in other media like infected USB or email attachment or drive by download in compromised website. In short, the recurrence is possible. Agree with nobus on the recovery of data and change of login password (use a strong password )
0
 
dbruntonCommented:
Roguekiller

If you are happy with the Asana Extension for Chrome then leave it alone.  Otherwise uninstall it.

Rogueklller seems unhappy with your path to your Quickbooks.  If Quickbooks works OK for you leave it alone.  You probably don't want it deleted anyway.

Roguekiller does not like Solvusoft software and regards it as bad.  If you have Solvusoft software on then consider deleting it.  Comments about Solvusoft software range from positive to bad.  There are indications that it may/might contain trojans or malware.  Or not.

Now for the entries in gray - the ones flagged PUM.Dns
These are registry paths that seem to be legitimate.  But the data may not be legitimate.  That is the 10.0.0.1 ([ ])

Roguekiller will not delete those because they may be legitimate.  See http://www.adlice.com/remove-pum/ for more information.

Now it is quite probable that your ISP provider has supplied you with a modem that has the address in it of 10.0.0.1.  If so then the registry paths are probably quite legitimate.  I can't tell.
0
 
Abraham DeutschIT professionalAuthor Commented:
Doing a fresh install in my case is not so simple since I have lot of tools which I collected over the years I will definitely lose some, and with others I will have license issues since I did not save each and every license.

Also I have few NAS drives and external drives attached worms my be sitting there and come back after the fresh install. It may be in a Microsoft doc from where I see someone has\tried to have (Already change password) and will come back as soon I sing in and the folders sync.

I believe the virus can be removed but it's time consuming a fresh install and putting back this workstation as it's now will also be time consuming (this is not your typical PC) I would rather spend the time and gain experience.


As said earlier I already ren malwarebytes and it did not detect and threat [based on my current experience I would say this is the least effective over others]


I ren AdwCleaner it removed some stuff see attached.


I removed Asana


Solvusoft seems to have being removed by AdwCleaner since I don’t see it anymore in add remove programs list.


I see kaspersky did not find anything at its lest scan.


Now I ren AdwCleaner it show no threats, It may be a good idea to run a scan before windows boot so if the virus is in the kernel layer or in the boot part on the operating system it should remove it. Any recommendation on such tool. Please advice
It may be
AdwCleaner-C0-.txt
0
 
nobusCommented:
nobody wants to do a fresh install
but in your case - i would not think about another solution, since it was compromised already - as you said.
Do you want that that continues? if the answer is no - do a fresh install i say
0
 
dbruntonCommented:
Adwcleaner didn't like the Asana extension either so it got rid of it.



Try the following:

TDSS Killer  http://www.bleepingcomputer.com/download/tdsskiller/  (this checks for root viruses)

If you are running Windows 8 or less (not 8.1 or 10) then also try Combofix  http://www.bleepingcomputer.com/download/combofix/

If you do run Combofix it may take a very long time.
0
 
btanExec ConsultantCommented:
Clean install and recover data from backup as well as reinsrall your toolkit is best approach. Since you already suspect there may be recurrence, that best approach is recommended. Regardless, you can still continue as is and has to be extra careful using the machine.

 If possible, do not connect this machine to Internet. You may consider using sandboxie to sandbox your browser for any browsing. Disconnect mapped drive rather than auto mapping them for the time being.
0
 
Abraham DeutschIT professionalAuthor Commented:
I tracked back and found the virus was only one day in my computer so after cleaning with kaspersky and AdwCleaner I feel comfortable that my computer is clean.

From my experience I would not recommend malwarebytes, since it did not detect in real time (paid version) as wall after ruing a scan. same is with Roguekiller it detection is poor and capability of removing even less.
I am surprised kaspersky did not detect it as it got infected, but after a scan it did remove stuff.
About AdwCleaner I am amazed how quick it runs it power of detecting and removal.

PS I recommend to disable auto play in windows, so the removable drive will not open before the scan on the drive is not completed.  

Thank you all for your help.
0
 
dbruntonCommented:
MalwareBytes is best when you have an infection and want to clean up and not as a real time anti-virus product.

Good for running over your system once a month as a check.
0
 
Abraham DeutschIT professionalAuthor Commented:
Three proprietary technologies—signature, heuristics, and behavior—automatically guard you and your online experience from malware that antivirus products don't find. Real-time protection detects and shields against the most dangerous forms of malware.

Breathe easy. Automatic scanning does the work for you, so you never have to worry about getting infected. Your computer and all its data stays safe.

https://www.malwarebytes.com/antimalware/
0
 
dbruntonCommented:
Three proprietary technologies ...

etc etc

... and all its data stays safe.

Advertising.  Like a toothpaste advert or a party political advert.  They could also use "Trust us.  We know what we're doing."
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 5
  • 5
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now