RogueKiller 12.10.1 + 30days Premium

Discussion in 'other anti-malware software' started by liba, Mar 22, 2017.

  1. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    803
    Location:
    Da mean streets of Brooklyn
    Maybe it's a false positive, RogueKiller has those kind of often. I scan stuff like that with VS, even though I know I have the software already anyway. :) By the way, it's RogueKiller, not RougeKiller. :oops:
     
  2. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    Wow that was fast. It took over 30 min on my machine.
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    Last edited: Apr 25, 2017
  4. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,649
    What! It identifies Macrium as a PUP. That's terrible. That would be bye bye for me.
     
  5. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    Peter
    I don't know if that file is in the paid version but the link I posted says it's just in the free version MF I which have. Not sure why. If you are using the paid version of MF, you could always run a scan and see if it picks it up.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,649
    I have the paid versions of Reflect and that Reflectbin is one normal processes. I have no curiosity to install this program to see what it picks up.
     
  7. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,275
    Definitely a False Positive. See:
     
  8. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    I installed it in shadow mode so no harm.
     
  9. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,365
    Location:
    U.S.A. (South)
    OK I am a sucker for these things.

    I run the portable version because I always been Portable anything anyway which can run that way and not take up lodge in the registry or other places.

    To me it's nearly like SAS in that it does a good enough task in pointing out PUPS and/or other malware traces.

    Scan speed doesn't matter to me because if I think any app is taking too much time to do it's thing I kill it off and move on.
     
  10. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    Maybe that is why it was taking so long to scan on my system. Was using the portable version.
     
  11. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    136
    12.10.7
    - Added detections
    - Fixed a possible crash in COM module
    - Fixed a possible crash in Path parser
     
  12. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    803
    Location:
    Da mean streets of Brooklyn
    RK version 12.10.7 uploads to VirusTotal. Behold!
    VT RK.PNG
    Think I'll let this one slide. I should check the website to see if Adlice can whitelist some of these false positives.
     
  13. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    136
    12.10.8.0
    • Added detections
    • Fixed a bug in settings where Offline registry setting wasn't saved
     
  14. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    136
    12.10.9
    - Added detections
     
  15. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    136
    12.10.10
    - Added detections
     
  16. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    136
    12.11.0
    - Added detections
    - NEW! MalPE module (BETA)
    - NEW! RogueKillerAdmin V2 compatible
    - DEPRECATED: RogueKillerAdmin V1
     
  17. marciano222

    marciano222 Registered Member

    Joined:
    Nov 10, 2016
    Posts:
    18
    Location:
    Poland
    I use paid version
    As a supplement
    I recommend
    really good
    RogueKiller Premium
     
  18. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    Way too many false positives. :eek:
     
  19. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,365
    Location:
    U.S.A. (South)
    Especially if you're a Peter2150.

    Any program like this which fusses over that highly prized an imager is going to raise a stink.

    But in retrospect at least it was picked out as a PUP instead of malware found
     
  20. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    The new added module NEW! MalPE module (BETA) is not enabled by default and wow!!! see all the FP's with that SUCKER ENABLED. Pretty much any file that is a PE get's flagged. MS even has those files.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    18,649

    Huho_O
     
  22. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    Funny thing was when I emailed them about MR PUP detection, they not only aren't removing it but added a much worse module as I posted above.
     
  23. plat1098

    plat1098 Registered Member

    Joined:
    Jan 18, 2016
    Posts:
    803
    Location:
    Da mean streets of Brooklyn
    Well, you can manually whitelist at least some items via VirusTotal feature and this is stored in C:\ProgramData\RogueKiller so the next scan isn't so lengthy. t's not an "I-make-all-decisions-for-you" kind of tool. :)

    One thing: over serial scans, I make note of the potentially unwanted modifications (PUM), and mark if anything new is added from the initial scan. Past experience dictates I leave these baseline PUMs alone.
    PUM detections.PNG
     
  24. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,365
    Location:
    U.S.A. (South)

    Well it is obvious from the trend so far that it looks to me like they're taking it through some paces and adding other (shall we say additionals?) to better try to market it?

    I dunno. I normally don't use scanners anymore at all, even old SAS that at one time I did.

    Maybe I can take this one around the block for a spin and see how it does on this end since you raised my own curiosity about it now.
     
  25. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,289
    I was testing it Shadow defender before. Now I finally got Virtual Box running and will give a try in that. MS allows you to download a Windows 10 eval copy good for 90 days. Not sure what they mean about making a snapshot but I did. Was something about when the eval runs out would still be able to run the snapshot.
    This post is from in VB :)
     
Loading...