ESET Rogue Application Remover released

Discussion in 'ESET NOD32 Antivirus' started by Marcos, May 18, 2012.

Thread Status:
Not open for further replies.
  1. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I am happy to announce the availability of the long-anticipated ESET Rogue Application Remover intended for detecting and removing rogue applications as well as reverting changes made by the rogue applications to the registry. By design, ERAR focuses mostly on rogue applications that affect the operating system in a negative way and that are difficult to remove by our products. In no way should it be considered a substitute for running a scan with our products or ESET Online Scanner.

    ERAR must be run with elevated administrator rights either in normal or safe mode. Internet connection is recommended not only for better detection efficiency and accuracy but also for automatic submission of detected files to ESET's viruslab when approved by the user. ERAR supports restoration of quarantined objects using the /r switch. For a complete list of supported options, run it with the /? switch.


    ERAR is available for download from the KB article
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2372


    Feel free to share your feedback in this thread.
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I am happy to say I have no rogue.

    ERAR is very quick through all the phases.:thumb:
     
  3. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Tried ERA Remover 64 bit. As stated,it scanned very quickly. Will try this tools capability with some Rogue malware one of these days. Just to get an idea of how it works in action.
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Very fast on a clean machine. I am going to to test this next time one of my customers gets infected then I will report back.
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Comments and feedback have been solicited.
     
  6. That is excellent news Marcos . I will make that link available at my forum .
     
  7. acuariano

    acuariano Registered Member

    Joined:
    Nov 4, 2005
    Posts:
    786
    ok...i found a problem..how can it "fix" my registry..?without my authorization.
    and there is no "undo" changes..
    for example it reset the "change the way security center alerts me"
    when i had the 3 options unchecked
     
  8. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    Hi,

    edit : remove

    thank you,
     
  9. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Hello, does it detect all rogue samples that ESET Smart Security can detect?
     
  10. Janus

    Janus Registered Member

    Joined:
    Jan 2, 2012
    Posts:
    588
    Location:
    Europe - Denmark .
    Hello
    Just a small feedback.
    Tried only a couple of Fake AV's to satisfied my curiosity, regarding the new tool " ERA Remover ". ( in a non virtual environment/ windows 7 64 bit ,test pc )
    Everything went fine, left some minor remnants.( database.ref / xml) Did not tried to boot into safe mode, to see if it would give a better result. (probably made ​​a difference)
    One of the file used :SHA256: 8d249de1765f9328dfdca87dc5af4d053d842fcb9c1212cb12ef862d8a7d6612
     

    Attached Files:

    • best.png
      best.png
      File size:
      57.3 KB
      Views:
      2,744
  11. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Oops it detected and killed MCShield.
    It didn't delete the file automatically and asked me before removing its registry entries and files.
    I wish it to ask for every action.

    If I a not wrong ERA Remover do not use any database, just use heuristics.
     
  12. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Just finished testing it completely and writing a review. Such a nice software... :)

    Where should we submit false positives? This way? o_O
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No problems with MCShield on WinXP nor Win7 x64:
    System scan complete!
    No rogue applications detected!
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    These files are benign and thus are not supposed to be removed by ERAR (ESET products do not detect such benign files either).
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Not necessarily. ERAR chiefly focuses on problematic rogue applications that usually affect certain system functionalities (e.g. policies, file associations, etc.):
    By design, ERAR focuses mostly on rogue applications that affect the operating system in a negative way and that are difficult to remove by our products. In no way should it be considered a substitute for running a scan with our products or ESET Online Scanner.
     
  16. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    :eek: I ran the scan in x86 Win7 Home Basic.
    http://s19.postimage.org/p6gknw37n/image.jpg
    http://s19.postimage.org/n6zywh8w3/image.jpg
    It killed MCShield process and during full scan detected its files in 32 bit Windows 7 and 64 bit Windows 7 that is dual booted in the same machine and also have MCShield installed.

    Ok I will try scanning again.
     
  17. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Thanks :)
     
  18. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    ERAR detection rules are being adjusted according to the information gathered from submitted logs to make ERAR more accurate with minimum false positives. I'll keep you updated and let you know when it's available for download.
     
  19. sg09

    sg09 Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    2,713
    Location:
    Kolkata, India
    Thanks so much.
     
  20. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    ERAR has been updated to v. 1.0.1.1b. Detection rules have been adjusted according to the feedback we've gathered in the mean time.
     
  21. Proactive Services

    Proactive Services Registered Member

    Joined:
    Jan 10, 2006
    Posts:
    153
    Location:
    Petersfield, Hampshire, UK
    Whilst I think that innovation is necessary for an anti-virus product to continue to succeed, the growing number of separate programs that Eset offer should be integrated in the engine of the core Eset products.

    I don't want to have to download a separate, specific virus removal tool or find, update and run a "Rogue Application Remover". I want to click "Scan" in Eset and for it to do what it's there for: to remove malware. I do appreciate that infected systems may suffer from malfunctioning virus protection but there must be an effective, efficient way of bringing together these fragmented tools back into the core program and be able to run them even if the main product isn't working 100%.
     
  22. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Running stand-alone tools may be risky on server production systems and crucial files should always be backed up prior to running them regardless of the vendor. Integrating stand-alone cleaners into regular products would lead to substantially lower efficiency as they could no longer use aggressive heuristics / behavior analysis for safety reasons.
     
    Last edited: May 25, 2012
  23. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    ERAR version 1.0.1.1c released. Contains additional fine-tunings based on the feedback received.
     
  24. Draz

    Draz Registered Member

    Joined:
    Nov 29, 2007
    Posts:
    5
    I just downloaded and ran the latest version.

    It tried to delete my Sharkoon Mouse software :doubt:

    Other than that nothing found.
     
  25. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    This FP will be fixed in the next version of ERAR. You can restore the quarantined file using ERAR, if necessary. Remember that ERAR is meant to remove actual rogue AV infections if there's a problem cleaning them using ESET's products. It shouldn't be run just out of curiosity as it uses quite aggressive heuristic approach that may result in some false positives.
     
Thread Status:
Not open for further replies.