Link to home
Start Free TrialLog in
Avatar of Abraham Deutsch
Abraham Deutsch

asked on

Roguekiller has no option of deleting

I ran a Roguekiller scan and it detected some threat but I have no option of deleting it, even I select the list it still says not selected. see attached
Roguekiller.JPG
Avatar of Raghav
Raghav
Flag of India image

Hi,

You might find something useful in below links -

http://www.bleepingcomputer.com/forums/t/554514/pumdns-found-on-rogue-killer-help-please/

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

You also might want to disable / uninstall software form Solvusoft to see it this fixes your issue.

Good luck with that.

--Raghav.
Avatar of btan
btan

Do see this FAQ shared
Q – RogueKiller antirootkit found items, but I can’t check them for deletion. Why?
A – Antirootkit is for diagnostic only. It shows hooks made in the system, and potentially suspicious. Hooks are a consequence, and never a cause of malicious activity. So it wouldn’t make any sense to remove them, hence why they are not proposed for removal.
http://www.adlice.com/documentation/roguekiller/faq/
Avatar of Abraham Deutsch

ASKER

"RogueKiller antirootkit" Would you give me a little more explanation what antirootkit means, is it that I don't have the full version? (It's RogueKiller premium)
anti-rootkit is in all version @ http://www.adlice.com/download/roguekiller/
come to think of it and evident from the image, PUP is not really a hooks as depicted under AK scan. See this AK findings
https://forum.adlice.com/index.php?topic=195.msg733#msg733
I saw the issue is due to product issue to be patched instead. Probably has to get latest version and reinstall
https://forum.adlice.com/index.php?topic=323.msg1399#msg1399
Alternatively, can try the RogueKillerCMD but it is paid version based on the version table.
i suppose you ran other AV and malware scans?
if not run these too : http://www.malwarebytes.org/mbam.php                         MBAM
http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/        JRT
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
What Roguekiller has found is one suspicious Chrome addon and four registry entries.

The Chrome addon can be uninstalled by the user.  That's no big problem.

The first registry entry points to Solvusoft software.  If Solvusoft software is installed on this computer then it can be uninstalled.  That may get rid of that entry but I don't consider it important.

The other three ARE important but I can't see enough of them to see the full contents.
Is it what you are saying that roguekiller will only take action on what is marked red, and giving no choice to kill PUP etc? so what is this check box near each line? (Selecting it keeps the status as not selected see image)

See attached I have the latest version of roguekiller

I Have have malwarebytes paid version but is noes not detect anything. on the image you can see the only threat roguekiller marks red is  malwarebytes and it disables it. (I enable it manually after a roguekiller run).

I also attached a report from kaspersky which deleted 12 threat yesterday.  

I know I am under some attack (even with being protected with all of this protections) as mgs was send out from my Skype and unauthorized user tried to access my Microsoft account (I have two factor authentication on so access was blocked) Also my internet browsing is vary slow.
RogueKillerV.JPG
kaspersky.JPG
RoguekillerR.JPG
in such a case - you best backup your data, and do a fresh install of the OS, after wiping the diskµ
and change your passwords
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Doing a fresh install in my case is not so simple since I have lot of tools which I collected over the years I will definitely lose some, and with others I will have license issues since I did not save each and every license.

Also I have few NAS drives and external drives attached worms my be sitting there and come back after the fresh install. It may be in a Microsoft doc from where I see someone has\tried to have (Already change password) and will come back as soon I sing in and the folders sync.

I believe the virus can be removed but it's time consuming a fresh install and putting back this workstation as it's now will also be time consuming (this is not your typical PC) I would rather spend the time and gain experience.


As said earlier I already ren malwarebytes and it did not detect and threat [based on my current experience I would say this is the least effective over others]


I ren AdwCleaner it removed some stuff see attached.


I removed Asana


Solvusoft seems to have being removed by AdwCleaner since I don’t see it anymore in add remove programs list.


I see kaspersky did not find anything at its lest scan.


Now I ren AdwCleaner it show no threats, It may be a good idea to run a scan before windows boot so if the virus is in the kernel layer or in the boot part on the operating system it should remove it. Any recommendation on such tool. Please advice
It may be
AdwCleaner-C0-.txt
nobody wants to do a fresh install
but in your case - i would not think about another solution, since it was compromised already - as you said.
Do you want that that continues? if the answer is no - do a fresh install i say
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Clean install and recover data from backup as well as reinsrall your toolkit is best approach. Since you already suspect there may be recurrence, that best approach is recommended. Regardless, you can still continue as is and has to be extra careful using the machine.

 If possible, do not connect this machine to Internet. You may consider using sandboxie to sandbox your browser for any browsing. Disconnect mapped drive rather than auto mapping them for the time being.
I tracked back and found the virus was only one day in my computer so after cleaning with kaspersky and AdwCleaner I feel comfortable that my computer is clean.

From my experience I would not recommend malwarebytes, since it did not detect in real time (paid version) as wall after ruing a scan. same is with Roguekiller it detection is poor and capability of removing even less.
I am surprised kaspersky did not detect it as it got infected, but after a scan it did remove stuff.
About AdwCleaner I am amazed how quick it runs it power of detecting and removal.

PS I recommend to disable auto play in windows, so the removable drive will not open before the scan on the drive is not completed.  

Thank you all for your help.
MalwareBytes is best when you have an infection and want to clean up and not as a real time anti-virus product.

Good for running over your system once a month as a check.
Three proprietary technologies—signature, heuristics, and behavior—automatically guard you and your online experience from malware that antivirus products don't find. Real-time protection detects and shields against the most dangerous forms of malware.

Breathe easy. Automatic scanning does the work for you, so you never have to worry about getting infected. Your computer and all its data stays safe.

https://www.malwarebytes.com/antimalware/
Three proprietary technologies ...

etc etc

... and all its data stays safe.

Advertising.  Like a toothpaste advert or a party political advert.  They could also use "Trust us.  We know what we're doing."