Does RogueKiller Install Malware? [Resolved: No it doesn't]

[Rico]

Hi Guys,

After seeing RogueKiller in a few posts here. I cautiously tried the app. in shadow mode, everything seemed ok.

Yesterday I tried Rogue Killer & it prompted me to update, the update said a zip program was required & offered 7 zip. Then nasty infection. I blame RK as I previously used the icon, stored on flash drive, clicked it & it prompted me for update & offered the source of malware..

Dr Web live cd found & deleted 3 or 4 TR's. MSERT found 0, MBAM chamillian, won't run , RKill does not allow mban to run, tried rename mbam

IE no says (no add ons) & won't start. Rstrui.exe gives blank SR page.

TDSS Killer gets, shutdown when updating.

Also I believe the associations were lost, I had eset online scanner on, a flash drive, it's now almost complete, with nothing found.

Combofix restored, I believe userinit

_______________________

Anyway Rogue Killer is malware imo!

[mick92z]

Roguekiller is not malware, either something has gone drastically wrong, or you have downloaded a bogus version. Where did you download it from ?
I would contact geekstogo as a matter of urgencey, their experts use the tool, and the author also posts there
http://www.geekstogo.com/forum/

[Rico]

Hi Mick,

Where From a post here at Wilders. Initially all was well, & I saved to FD. I ran it 1 or 2 times from the FD no problem. As previously stated, I ran it from the FD (not infected) & RK prompted me that it was out of date & a newer version available. Then it said in order to run a zip program was required, it offered 7 zip that contained the TR's. Therefore clicking the icon for RK directly led me to the infected 7 zip.

I do not believe this program is legitimate, other vendors offer FREE programs, which are designed to do the same job as RK WITHOUT INSTALLING TR's. Needless to say I won't be using this garbage ever again. Mick if you like PM me & I'll upload to you directly, RK from the aforementioned FD. Use at your own risk.

For now this is a warning, regarding my experience with RK!

Actually I found the link to RK's web site here, & downloaded from there site.

[mick92z]

Quote:

Originally Posted by Rico

Actually I found the link to RK's web site here, & downloaded from there site.

I posted a link containing Roguekiller http://www.wilderssecurity.com/showthread.php?t=330954
in which you also posted. I don't know if you used that link, but it is the legit download link , and exactly the same as the one used on the geekstogo forum. Once again I urge you to post on their forum. to try and find out what's happened. They are genuine people, one of , uses the tool , and I have known fro some time

[Rico]

Mick,

What's your problem:

Quote:

I don't know if you used that link, but it is the legit download link , and exactly the same as the one used on the geekstogo forum.

I told you, now move on, as far as reporting it on another forum, YOU feel free, perhaps the, developer of trash RK will respond here?

As stated this is a Warning!

You have not provided anything that contradicts my experience with RK, other than your thoughts or musings.

Shame on me for playing with a fly-by-night, one man operation, looking for $$$, when reputable vendors offer solutions.

Thanks for the non help, & support; for the malware linked/associated software!

[Tigzy]

Hello

I'm RogueKiller's developer.
I bet my jacket you clicked on an advertisement.

RK does not contain any malware nor toolbar, nor affiliate trash.
I apologize for the french webpage being far better referenced as the english one. I'll be nice though, here's the english official webpage:
http://tigzy.geekstogo.com/roguekiller.php

(click on the arrow images (purple or blue), not on the big "download" ad)

The first link goes to the 'even more official' webpage (the french one you don't like), but the second link is a direct mirror. Good luck!



PS: Be careful, lots of websites contain ads. I suggest you to begin now to train your mouse

PPS: Before going on forum to propagate rumors, you could also contact me, my email is pinned everywhere on the web (and especially on RK's webpage)

[Rico]

Mick

I'm still fixing, the mess caused by RK.

The FD was plugged into the sick machine & NPE (norton power eraser) identified Rogue Killer as bad.

Downloaded RK from RK's website. RK is trash!

[Tigzy]

@Rico

Can you please answer me?
Do you still have the RK executable? can you send it to me?

Norton triggers false positive based on bugged heuristics. This is not new

[Tigzy]

Last VT scan : ~VT results removed per TOS~ -Malware?

855 likes on FB : http://www.facebook.com/pages/RogueK...69413966416663

20 000 downloads /day : http://www.sur-la-toile.com/RogueKiller/stats.php

65 votes, note 4.8/5 : http://www.commentcamarche.net/downl...03-roguekiller

Do you really think the reputation will be this high with a malware?


EDIT: In my opinion, based on what I read , your box was infected, and what you saw was the infection.... userinit was often infected by ZeroAccess and some rootkits.
And you know what, these rootkits are able to redirect internet flow to malware websites. I'd be interested to see the link where you download the "update". Not the one you THINK you were, but the true link (redirected)

[Meriadoc]

Hello,

RogueKiller is not malware, nor installs malware and you can trust the developer - in fact Tigzy's a nice guy whose contribution to anti-malware is commendable.

[Tigzy]

Somebody knows why VT links are removed by the bot ronjor?

[Longboard]

@Rico
Not malware.
There is something else.
Sounds like Tigzy would like to help.

?Mods: some (other ) action here?

Regards

[Meriadoc]

Quote:

Originally Posted by Tigzy

Somebody knows why VT links are removed by the bot ronjor?

Terms of Service (Forum Rules)
http://www.wilderssecurity.com/showthread.php?t=180057

[Tigzy]

Quote:

Too frequently people go out and find some piece of malware, upload it to one of those services, then based upon the results displayed, start a thread here to either praise or bash the anti-virus scanners involved.

Understood.
But this is not the case here
Nevermind.

[mick92z]

I had intended post a lengthy reply today, however, now the developer has posted , I will keep it short. I felt personally offended that someone would accuse me ( albeit mistakenly ) of posting a malicious link, that trashed their machine.
I can understand the anger of getting infected. However, to publicly start slandering and throwing totally unsubstantiated claims about software programs,and their developers, is wrong
Absolutely no proof, was offered. When i piped up, in support of Roguekiller, I was told to ' move on '
I think, if the OP cannot offer any concrete evidence, his posts should be removed, forthwith. That's my lot on this sorry subject

[Page42]

Quote:

Originally Posted by mick92z

I think, if the OP cannot offer any concrete evidence, his posts should be removed, forthwith. That's my lot on this sorry subject

Your concern is understandable (and justified), but there's a lesson to be learned in this thread, and all posts should remain intact if for no other reasons than that.

[Tigzy]

Agreed.
However, may I ask you to rename the topic's title, as under google referencing it can be badly interpreted.

Something like "still infected after RogueKiller" or something in the same idea...

[Page42]

Tigzy, I'm just a responding member.
It'll be up to a mod or LowWaterMark to make such a change.

[Rico]

Tigzy - the file was deleted by NPE. While I believe you don't install malware with RK. I'm having difficulty with:

Original download from your web site, or location from you site to get the English version.

Clicking your icon, prompted for an update

This required a zip & 7 zip was offered <note clicking your icon brought me to 7zip, which contained the malware.

Technically RK may/is clean, but what came up by using your product, caused infection. Perhaps this is out of your control. The fact remains I used your product cautiously, at first, only to later become infected from clicking your icon.

Due to using your product, I'm now 84% finished with formatting.

AGAIN - Perhaps what happened is beyond your control. Don't know!

Also note your tone seemed to change as in renewed interest when I posted NPE flanged your product. Should you have asked for the copy, prior to NPE, I would gladly sent it to you.

[ComputerSaysNo]

That does sound a bit suspect. Where did you download it from? that's the important question. I always get my software from MajorGeeks or Softpedia they 99% of the time have clean software.

[Tigzy]

Quote:

Original download from your web site, or location from you site to get the English version.

Quote:

Clicking your icon, prompted for an update

Yes, this is normal if your version is outdated. It should open the official website.

Quote:

This required a zip & 7 zip was offered <note clicking your icon brought me to 7zip, which contained the malware.

This is what I said, you clicked on an ad for 7-zip. RK is a standalone PE (.exe), it does not need any extractor or any third party program.

Quote:

Technically RK may/is clean, but what came up by using your product, caused infection. Perhaps this is out of your control

The ads are out of my control. Where you click is also out of my control.
RK do not download anything, it only opens the website, which is the same for everyone. And you're the only one who claims having malware installed after RK (the others claims to opposite )

[PJC]

RogueKiller has been a fine Tool.
When cleaning PCs, I've used RogueKiller without a problem.

[ComputerSaysNo]

Were the add's on RougeKiller's website? Or on another page?

If they were on RougeKiller's personal webpage then I think the OP is right to have some sort of grievence as they are responsible for what add's are posted on their page.

If they were on another download portal page then RougeKiller is not at fault.

[Tigzy]

Yes on RK's webpage. As the soft is free, there are some ads. Like any other download website. Ads are randomized and generated by adsense, I'll not F5-ing all the day to block some malicious ads, this is not my job. Here we speak about 7-zip ad, which is not malicious (IMO)

In this case, I'm pretty sure the box was infected BEFORE RK, and as 99% of rootkits are trojan downloader, RK came in the same time as the fresh infection downloaded / installed by the rootkit.

If the OP has VMWare or VirtualBox, he can try RogueKiller on a clean VM, he will see that RK install nothing. And i'm sure the ads also. Ads sometimes provided adwares, but not full featured rootkits and trojan. (when installed I mean, exploits blackholes are another problem)

[Rico]

Jesus for the last FREAKING TIME

1 visit RK's web site
2. follow the link for download.
3. test using shadow mode
4. Copy RK to new FD
5. Click the icon, prompted RK update, here it said zip required & offered 7zip.

I FREAKING DID NOT CLICK ANY ADS JUST FOLLOWED INSTRUCTIONS FROM CLICKING RK'S ICON.

I say it's probable that you have no control what happens, when you authorize, others to pimp your product

Larger firms: Symantec MCAFEE, G-Data, KAV etc. etc. Seem to be able to control there products, so this does not happen to them. Even if a 3rd party added something to your product, this should be a warning to you Tigzy, as this only will sour me & others to your product.