Does RogueKiller Install Malware? [Resolved: No it doesn't]

[Tigzy]

Quote:

5. Click the icon, prompted RK update, here it said zip required & offered 7zip.

And that's false. For the same reason as above.
What does the program icon looked like?

Quote:

Larger firms: Symantec MCAFEE, G-Data, KAV etc. etc. Seem to be able to control there products, so this does not happen to them. Even if a 3rd party added something to your product, this should be a warning to you Tigzy, as this only will sour me & others to your product.

I don't understand what you're talking about... what control? You definitely not downloaded the good thing.

If you have nothing to show (any log, any screenshot, any binary) for me there is nothing to do then...

[kupo]

A mod should modify the title, as many user could be alarmed by the mess caused by OP's stupidity.

[Rico]

Quote:

A mod should modify the title, as many user could be alarmed by the mess caused by OP's stupidity.

I'm quite sure the mods can handle this, without you making them aware. I also suggest that you CHILL, on the name calling. Flames do not help!

[Tigzy]

You definitely have not report / binary / screenshot to provide?

[mick92z]

Ok, as version 8.0.3 is now out, and i already have version 8.0.2 , i decided to put this to the test. After executing the older version, R.K told me that a update was available , I clicked ok, and my browser opened at the R.K homepage. The program does not update, but simply offers you the option to download the latest version.
While on the homepage, I saw an advert at the top of the page for windows zip, so i download 7zsetup.exe ( or similar ) , sent it to V.T and got 4 detections for adware. ( betterinstaller )
Ran 7zip sandboxed, and was given the option ( two boxes to tick ) for incredibar, I accepted. Browser opened with incredibar installed and has been running for 1 hour now, with no problems
Malwarebytes blocked some more adware Vidsaver-ppi-multi_2012-08-22.exe, I told MBAM to ignore and extracted this file submiited to V.T and got 4 detections , adware (gameplaylabs )
I ran this file sandboxed, but it appeared to terminate ( it ran with no apparent effects, and no message from S.B )
So there was no requirement / prompt from RK to download or install anything other than RK itself.
As for the 7zip ad, there was an opportunity ( or more ) to decline the software, though as Tigzy said , don't click on ads;
I hope this sheds some light on this saga.

[Page42]

Quote:

Originally Posted by mick92z

As for the 7zip ad, there was an opportunity ( or more ) to decline the software, though as Tigzy said , don't click on ads

Amen to that. Better yet, use an ad blocker and don't even subject yourself to the choice.

[mick92z]

Quote:

Originally Posted by Page42

Amen to that. Better yet, use an ad blocker and don't even subject yourself to the choice.

I do thats why I could not see the ads before
I had to disable it to see them

[Page42]

I figured you had an ad blocker. I was posting for the less enlightened among us, and apparently they are among us. We're all learning in this forum. This thread, though unfortunately titled, provides some definite do's and don'ts.

[zapjb]

Image, image image.

I feel empathy towards OP.






But the clicky discussion reminds me when I 1st joined another forum that was not ......
The forum was clean. But the website itself was very dirty, it'd drop trojans by the minute.
Then people would come onto the forum & scream bloody murder. And the members would
just laugh & deride the n00bs. It was a l33t thing. Trial by fire. Good thing I used a different
nic over there. Ah back in the 98SE days.

[Tigzy]

Yes, that makes sense.
Don't blame me, ads are the only way to be remunerated while keeping the soft free of charges.
I'm not for adblockers (that's another debate) cause if everyone had them the web wouldn't be the same, everything would be not free. Think about it.

Ad is a thing, but I bet the infection was the other thing (userinit and so on...)
We you disinfect your box (supposed to be infected then), how can someone claims one of the tools he uses can be at the origin of an infection?
I guess maybe only specialists know that lots of rootkits are heavily dynamics (bringing lot of malware buddies to the party). This is a thing to consider, your box is maybe not clean, even now.

[Rico]

HMMMM.

You say:

Quote:

After executing the older version, R.K told me that a update was available , I clicked ok, and my browser opened at the R.K homepage. The program does not update, but simply offers you the option to download the latest version.
While on the homepage, I saw an advert at the top of the page for windows zip, so i download 7zsetup.exe ( or similar ) , sent it to V.T and got 4 detections for adware. ( betterinstaller )

So Tigzy site led you to the problem, correct? Do you honestly think you could go to say ESET home page then have a poisoned link. Seems like lack of control as to how RK is being sent out.

You clicked RK's site and from there led to malware. Seems you've proved my point Tigzy is not aware that his product leads to malware. With this being allowed to happen many beside me will have negative thoughts about Tigsy product.

[mick92z]

Quote:

Originally Posted by Rico

.
So Tigzy site led you to the problem, correct? .

No, only minor adware, that needed you to click on an ad, and approval to install. ( user consent, several times )See my pictures.
What you had was something entirely different, altogether more serious.

[silat]

Quote:

Originally Posted by Rico

Jesus for the last FREAKING TIME

1 visit RK's web site
2. follow the link for download.
3. test using shadow mode
4. Copy RK to new FD
5. Click the icon, prompted RK update, here it said zip required & offered 7zip.

I FREAKING DID NOT CLICK ANY ADS JUST FOLLOWED INSTRUCTIONS FROM CLICKING RK'S ICON.

I say it's probable that you have no control what happens, when you authorize, others to pimp your product

Larger firms: Symantec MCAFEE, G-Data, KAV etc. etc. Seem to be able to control there products, so this does not happen to them. Even if a 3rd party added something to your product, this should be a warning to you Tigzy, as this only will sour me & others to your product.

Ok I just followed your directions and downloaded the item. It was fine and dandy for me.

[Rico]

Was fine and dandy for me, testing it, test machines had ad bloc + perhaps that's why I did not see the ads.

So in order to make a buck > RK's is distributed to sites that, attach some form of malware to RK's install or update routine, or make the ads viewable by clicking on RK? Is that a fair statement?

[Longboard]

Quote:

Originally Posted by Rico

So in order to make a buck > RK's is distributed to sites that, attach some form of malware to RK's install or update routine, or make the ads viewable by clicking on RK? Is that a fair statement?

No.

Quote:

many beside me will have negative thoughts about Tigsy product.

I suspect not

OT: I cant recall 7Zip coming with all that crap attached ??
Just checked: If downloaded from home page: Nil attached.

[Tigzy]

Quote:

RK's is distributed to sites that, attach some form of malware to RK's install or update routine, or make the ads viewable by clicking on RK?

No. RK's webpage include ads, like ANY OTHER download website. Developers include them because their softwares are free or open source. What do you not understand? You want examples? Right.

notepad++ : http://notepad-plus-plus.org/fr/download/v6.1.7.html
softpedia : http://www.softpedia.com/get/Securit...ueKiller.shtml
01net : http://www.01net.com/telecharger/win...ger-25899.html

Quote:

So Tigzy site led you to the problem, correct? Do you honestly think you could go to say ESET home page then have a poisoned link. Seems like lack of control as to how RK is being sent out.

Why do you compare me to a million dollar company? That doesn't make sense, I'm a small dev working alone and for (almost) free.

I explained everything, but I guess you didn't read.
Please, have a look and use your common sense

Quote:

Yes, that makes sense.
Don't blame me, ads are the only way to be remunerated while keeping the soft free of charges.
I'm not for adblockers (that's another debate) cause if everyone had them the web wouldn't be the same, everything would be not free. Think about it.

Ad is a thing, but I bet the infection was the other thing (userinit and so on...)
We you disinfect your box (supposed to be infected then), how can someone claims one of the tools he uses can be at the origin of an infection?
I guess maybe only specialists know that lots of rootkits are heavily dynamics (bringing lot of malware buddies to the party). This is a thing to consider, your box is maybe not clean, even now.

Quote:

many beside me will have negative thoughts about Tigsy product.

If it'd be the case, I'd had to hire a secretary to answer the complaints. (FYI 20000 download per day, I'm approaching the 4 million downloads)
PS: BTW, 7-zip isn't an adware. it's an open source tool. I guess helpers would laugh if you claims being infected by him.

[Rico]

Uncle I give up.

1, RK is a fine product.
2. I clicked an ad after, dbl clicking RK
3. Tested RK with, with Adblockers ON, machine in question no Ad blockers
that's why I saw & incorrectly thought they were associated with RK,
My bad!
4. Can my Mea culpa, no allow, a lowering of defenses?

Thanks & Take Care
Rico

[Tigzy]

I sense a bit of sarcasms.

[Rico]

No sarcasm! Just a mistake on my part fueled by frustration. Sorry

Take Care
Rico

[SweX]

@Rico

Where EXACTLY did you click when you downloaded RK on this site?
http://tigzy.geekstogo.com/roguekiller.php

Since I visited the site yesterday and in the square in the middle of the page it said "DOWNLOAD" in big green letters, but that in fact is the actual AD that you shouldn't click on.

[Tigzy]

Adsense is known to provide targeted ads. For download webpages, they will choose ads with oversized big green download button. This is efficient because confusing.

If a mod / admin look at this, may he change the title for something less confusing?

[LowWaterMark]

We're going to close this here since the actual circumstances regarding what happened seem to have been cleared up. And the thread starter has changed their position on this, as well.

RogueKiller does not install malware. It is very well known in the industry and is recommended by many of those who help others clean infected systems on a daily basis.