Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue Killer


  • Please log in to reply
9 replies to this topic

#1 SacredSpectra

SacredSpectra

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 02 February 2014 - 04:50 PM

Just a quick question. How do I remove and delete the quarantine viruses? Also, I was recently infected with the win64/patched virus. I kept getting the notification from AVG and took some approaches. I used rogue killer at some point and it deleted some HKEY_CURRENT_USER and some HKEY_LOCAL_MACHINE. I also  scanned with some of my other programs such as MWB. I am NOT getting the AVG notification anymore, but how can I be 1000% sure that the virus is no longer on my machine?

Mod Edit: moved to Am I Infected ~~ boopme

Edited by boopme, 02 February 2014 - 05:16 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 PM

Posted 02 February 2014 - 07:12 PM

Please post that log.
This is really not and end user tool. Like Combofix it should only be run with assistance as you are asking for.

If needed

Download RogueKiller from one of the following links and save it to your desktop:
  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista or 7 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Copy and paste the report that opens into your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent Scan

Edited by boopme, 02 February 2014 - 07:13 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 SacredSpectra

SacredSpectra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 02 February 2014 - 11:16 PM

Oh I'm sorry, I didn't know. I didn't do anything with ComboFix though.

 

 

Here is the log 

 

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Betty [Admin rights]
Mode : Scan -- Date : 02/02/2014 23:12:37
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 0 ¤¤¤
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD3200BPVT-24ZEST0 +++++
--- User ---
[MBR] 689d4011cd17156f2eded79365af9411
[BSP] 96f3bc4b336ec01525ba7ed6dbdbb04d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 260243 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 533389312 | Size: 29692 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 594198528 | Size: 15109 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_02022014_231237.txt >>

I didn't press fix as you said.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:38 PM

Posted 03 February 2014 - 12:27 AM

I understand I was just providing advice so you don't shut down your machine/

 

That's a clean log. What "the quarantine viruses" did you mean?


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 SacredSpectra

SacredSpectra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 03 February 2014 - 04:34 PM

Oh thanks. I'll remember that for next time.

there was another folder called "Quarantine something" that held some files called HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE but I got rid of it.. O_O



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:38 PM

Posted 03 February 2014 - 05:36 PM

Many security programs (including RogueKiller) will create a Quarantine folder when using them.

When an anti-virus or security program quarantines a file (item) and moves it into a virus vault (virus chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through proprietary security routines which may copy, rename (usually by adding a .vir extension), encrypt and password protect the file as part of the process.

Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer. One reason for doing this is to prevent the permanent deletion of a legitimate file that may have been incorrectly flagged (a "false positive") and placed in quarantine. This can occur if the scanner uses heuristic analysis technology which is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. After confirming the file is legitimate, it can be safely restored from quarantine and added to the exclusion or ignore list.

When the quarantined file is known to be malicious, you can permanently delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.

Keep in mind, however, that if these files are left in quarantine, other scanning programs and security tools may flag them as a threat while in the quarantined area so don't be alarmed if you see such an alert. That is what happened with AVG.

When deleting the quarantined items (or folder containing them) after confirming they are malware...subsequent scans should no longer detect them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 SacredSpectra

SacredSpectra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 04 February 2014 - 02:58 PM

Oh okay, Thanks so much for your help. 

One more question, How do i go about uninstalling rogue killer



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:38 PM

Posted 04 February 2014 - 03:25 PM


Please download DelFix by Xplode and save to your Desktop.
  • Double-click on delfix.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Put a check mark next to these items:
    - Activate UAC
    - Remove disinfection tools
    - Create registry backup
    - Purge System Restore
    - Reset system settings
  • Click the "Run" button.
  • When the tool has finished, it will create and open a log report (DelFix.txt)
  • A copy of that report will be saved to the following location C:\DelFix.txt.
-- Doing this will remove many specialized tools downloaded and used for malware removal. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click on it and choose delete).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 SacredSpectra

SacredSpectra
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 05 February 2014 - 10:08 PM

great thanks so much for you so much for your help! :]



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,918 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:38 PM

Posted 05 February 2014 - 10:11 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users