Description
RogueKiller is an anti-malware program written in C++ and able to detect and remove generic malwares and some advanced threats such as rootkits, rogues, worms, …
Based on generic ways to find malware by their behaviour (heuristics), on classic anti-malware analysis (signature finding) and on undocumented hacks, RogueKiller can find/remove most of the basic malware (rogues, trojans, …) and some advanced threats like ZeroAccess or TDSS that behave more like rootkits.
RogueKiller is an anti-malware maintained by a small team, and thus new detections are based on “most spread threats“. We react quickly to integrate detection and removal of what we think can be a global threat and affect a big amount of users across the world.
Here’s a little summary of what RogueKiller is able to do:
- Kill malicious processes
- Stop malicious services
- Unload malicious DLLs from processes
- Find/Kill malicious hidden processes
-
Find and remove malicious autostart entries, including :
- Registry keys (RUN/RUNONCE, …)
- Tasks Scheduler (1.0/2.0)
- Startup folders
- Find and remove registry hijacks, including :
- Shell / Load entries
- Extension association hijacks
- DLL hijacks
- Many, many others …
- Read / Fix DNS Hijacks
- Read / Fix Proxy Hijacks
- Read / Fix Hosts Hijacks
- Read / Fix malicious Master Boot Record (MBR) or Volume Boot Record (VBR), even hidden with a rootkit
- List / Fix SSDT – Shadow SSDT – IRP Hooks (Even with inline hooks)
- Find and restore system files patched / hidden by a rootkit
RogueKiller is a GUI-ed tool (since the new version), so it’s easy to use. However, one can have difficulties to interpret the results and know what needs to be fixed. This is normal and malware removal is somewhat tricky. We’ve made a documentation to help you, please read it in case of need. If you still have problems, please feel free to post the scan log on the forum. They know how to interpret it and they will guide you in the removal (for free, of course).
RogueKiller is available in the following languages, detected by computer’s language. If your language is not inside and you think it would be useful, if you can translate from/to Engligh please go on that forum thread, all you need is explained.
French, English, Arabic, German, Italian, Czech, Dutch, Portuguese (Braz), Spanish, Chinese, Polish
User guide
Disclaimer. RogueKiller is able to send feedback report automatically in order to help developers to fix bugs and improve the software. The content is not sensitive, and does not contain personal data, only software related data. This feedback is used for real time statistics of in-the-wild threats (see below). If you disagree with this, please do not use this software.
Disclaimer 2. RogueKiller, by design, can detect some false positives. We made the choice to “sometimes” detect wrong things (marked as suspicious) and have a very high efficiency against malware rather than never detect legit things and miss a lot of malware. That said, you have always the choice to uncheck items before hitting deletion (and report them as false positive to us!)
RogueKiller is easy to use. Basically, a classic use would be the following:
- Launch the program. Wait for the Prescan to finish
- Hit the “Scan” button. Wait for the scan to finish.
- Perform a quick visual check of what has been found in the different tabs. Leave unchecked what you want to keep.
- Hit that “Delete” button. Wait for the end of deletion.
Changelog:
V12.5.0 08/22/2016
=================
- Added detections
- Added file exclusion for forged files
- Fixed a bug where big files were detected as VT.Unknown
- Updated scanner to use Yara 3.5: https://github.com/VirusTotal/yara/releases/tag/v3.5.0
- Fixed (Yara 3.5): Processes scan doesn't use all memory/cpu
- Improvements (Yara 3.5): Scan is faster
Downloads: