Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having a problem interpreting Rogue Killer results


  • Please log in to reply
14 replies to this topic

#1 ArchimedesNose

ArchimedesNose

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 04 March 2018 - 11:05 PM

Hello, it has been a while since my last post. Hopefully, everyone is doing well.  :bananas:  :guitar:
 
I'm having a potential issue with a 7 or 8 month-old computer (that's been gently used) and setting up the security on it. One of which, is particularly giving
me a headache: RogueKiller. I'm not certain how to interpret the results it gave me.
 
Upon installing RogueKiller, it found 23 threats that were PUP.Gen0, PUPGen1, and PUM.HomePage "Detection"(s).
There were also four red entries in this first scan that were PUP.Gen1|VT.Detected in my Registry:Firewall.
 
Long story short, I deleted the four red entries and more specifically, any entries that did not have my anti-virus listed (Panda AV/pandasecurity) in the "Path" or "Data" sections.
 
Later, I reset my computer and removed everything, and after putting Panda AV and Rogue Killer back on the computer, I ran a scan with Rogue Killer again and I had five new results appear:
 
an orange PUP.Gen1 Scheduled Task and four red PUP.Gen1|VT.Detected in the Registry:Firewall. This time, the red results have different pathways.
 
I am no longer running RogueKiller at the moment. (It was uninstalled with Revo) but I am still curious what the results are flagging, and why.
 
If I need to PM someone the screenshots, manually type them, or if someone already has an idea what I am looking at here, I would be very interested in what they have
to say.
 
To be clear, I am currently running Windows 10 Home Edition and a free version of Malwarebytes, SpywareBlaster, SUPERAntiSpyware Free Edition, and a free version of Panda AV.
Thanks again, and I look forward to a response.
 
**ArchimedesNose**

Edited by ArchimedesNose, 04 March 2018 - 11:13 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:21 AM

Posted 05 March 2018 - 05:43 AM

Based on test results of Panda and security pros no longer using or recommending Super AntiSpyware....I suggest you remove both.

See Panda Free Antivirus (2017) Review & Rating | PCMag.com

 

I don't know what Rogue Killer is detecting. It could of been Panda's adware....best to use the programs below. Windows Antivirus is probably

just as good as Panda. Avast or Bit Defender would be a better choice. I know FREE Avast will install adware.

 

I know you have Malwarebytes installed. After removing the above programs, please run a scan using it by following the directions below.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Check your add-ons in browsers for any mention of Panda or anything mentioning such as Search or Web protect and disable/ delete.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 08 March 2018 - 10:50 AM

Hi there buddy215,

I am so glad to see that my thread was answered. Thank you!  :)

I know you have Malwarebytes installed. After removing the above programs, please run a scan using it by following the directions below.

  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so

 

To make sure that I'm clear on your instructions:
 
1.) Are you asking me to:
a.) Remove SUPERAntiSpyware, Panda Free Anti-virus and Malwarebytes...then...
b.) preferably replace Panda with either Avast or BitDefender,
and then...
c.) re-install malwarebytes? 
 
2.) Before I start removing anything with Revo or CCleaner, I would like to ask if it is possible to recover a group of Microsoft Paint .png files that were saved to my desktop
before I performed a computer reset with a "remove everything" option? I am aware that I should have made a backup of them, but I was under the impression that no file is
permanently removed from a computer... Is this true?
 
3.) As for removing Panda Free Antivirus and SUPERAntiSpyware, I think it is important to mention that I am not familiar with how to use Revo. It was done for me when
RogueKiller was removed. Also, prior to my computer's reset, I have uninstalled Mcafee which automatically
came with the computer, and I also uninstalled Avast after hearing negative comments about the program. There still seem to be remnants from Mcafee that linger on my
computer. Will this be a problem?
 
I will go ahead and download CCleaner and AdwCleaner, but before cleaning or posting logs, I will wait for your response. 
Thank you very much for your help; I am most appreciative for it.
 
**ArchimedesNose**


#4 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:21 AM

Posted 08 March 2018 - 11:01 AM

NO...I asked for you to use the Malwarebytes you have installed to run a scan using it and the instructions for using it.

 

Yes...I recommended you uninstall both the Free Panda and Super Antispyware.

 

Instructions for scanning and posting using Malwarebytes:

  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:10:21 AM

Posted 08 March 2018 - 11:34 AM

@ArchimedesNose

 

Just a note on PUPs - be careful and aware.  Identification of what is a "PUP" varies from vendor to vendor.  Some are more aggressive  than others.  For ex, vendor A may ID and classify 15 things as "PUPs" whereas Vendor B may ID only 7.  So, be careful before you delete or quarantine and check carefully.  Also - IMHO never ever allow a program to delete PUPs automatically.  I.E. you may need to change a setting.

 

Much of this requires learning, research and experience.

 

I also concur with Buddy's suggestions.



#6 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 09 March 2018 - 12:24 PM

Hello everyone, and thank you for responding. 

 

buddy215

 

1.) I downloaded Revo Uninstaller and uninstalled Panda AV which was replaced with Bitdefender.

 

2.) SUPERAntiSpyware was uninstalled

 

3.) Bitdefender refused to install with SpywareBlaster running on my computer, so I used Revo and uninstalled SpywareBlaster.

 

4.) I installed AdwCleaner, and ran a scan with Malwarebytes.

 

Since I have not used Revo until today, after uninstalling programs, I performed a safe scan for file remnants, and ignored all remnants except for Panda Protection which returned a folder and a file that both clearly stated Panda. The first log is beneath this message. (I did edit my name out) I will post back shortly with the AdwCleaner log.

 

DavidLMO

Hello there! Welcome!  :)

 

@ArchimedesNose

 

Some are more aggressive  than others.  For ex, vendor A may ID and classify 15 things as "PUPs" whereas Vendor B may ID only 7.  So, be careful before you delete or quarantine and check carefully.  Also - IMHO never ever allow a program to delete PUPs automatically.  I.E. you may need to change a setting.

Thank you very much for the heads up and advice. I agree, I would not have deleted them if given the chance to do so again. Much needed experience, indeed.

 

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 3/9/18
Scan Time: 11:18 AM
Log File: 8b3184a6-23b5-11e8-905f-f44d307de3b2.json
Administrator: Yes
 
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4276
License: Expired
 
-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: DESKTOP-665J7J4\
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280441
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 13 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#7 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 09 March 2018 - 01:01 PM

Okay second scan with AdwCleaner is also below this message.

 

1.) I didn't notice anything in my browser add-ons that said "Panda," "Search," or "Web Protect." I do have "AdBlock," "HTTPS Everywhere," and "Ghostery." Did I need to disable or delete these?

 

# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 09 17:50:00 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-08.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
Adware.pokki, C:\Users\Default\AppData\Local\Host App Service
Adware.pokki, C:\Users\Default User\AppData\Local\Host App Service
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
PUP.Optional.Legacy, App Explorer
 
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1AFFDD76-056B-421F-AC3D-B434E9C6FFAA}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {22CD0C8E-9676-4911-8C78-66A2BDB9E9E2}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D27070DB-D00B-4DE4-92E5-B5F24548F079}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D27070DB-D00B-4DE4-92E5-B5F24548F079}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0835FAAD-4EBF-43E8-AF3E-BF2A8EB325E3}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0835FAAD-4EBF-43E8-AF3E-BF2A8EB325E3}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Panda, Plugin found: Panda Safe Web - 
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

Edited by ArchimedesNose, 09 March 2018 - 01:05 PM.


#8 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:21 AM

Posted 09 March 2018 - 01:12 PM

Allow AdwCleaner to delete all that it found. Rerun AdwCleaner and click on Clean when scan finishes.

 

As you can see...Panda Safe Web was found. Also, if you synchronize Chrome with other gadgets then

you will need to follow the directions given before cleaning the Chrome preferences.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 09 March 2018 - 02:05 PM

Allow AdwCleaner to delete all that it found.

Okay...it has been deleted.

 

 

if you synchronize Chrome with other gadgets then

you will need to follow the directions given before cleaning the Chrome preferences.

Forgive me if I am being an idiot. It sounds like you are saying that I need to disable or delete AdBlock, HTTPS Everywhere, and Ghostery. Is this correct?

 

Rerun AdwCleaner and click on Clean when scan finishes.

Working on that now.  :)



#10 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 09 March 2018 - 02:17 PM

The scan results from re-running AdwCleaner show me the following:

 

# AdwCleaner 7.0.8.0 - Logfile created on Fri Mar 09 19:11:50 2018
# Updated on 2018/08/02 by Malwarebytes 
# Database: 2018-03-08.1
# Running on Windows 10 Home (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [2083 B] - [2018/3/9 18:53:17]
C:/AdwCleaner/AdwCleaner[S0].txt - [2173 B] - [2018/3/9 17:50:0]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########


#11 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:21 AM

Posted 09 March 2018 - 02:40 PM

No, that is not what I am referring to. If you have synchronized your settings, add-ons, etc. with other gadgets

such as a smart phone, tablet, or other computer then you need to do what I suggested to get rid of Panda's adware

and other items found. If you haven't synchronized/ shared your Chrome's preferences then you can forgo that step.

 
REPEAT:
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
I think you are good to go...if you see something else such as excess ads, sloooow computer, etc. please let me know.
 

If you don't have an ad blocker installed I suggest using Adblock Plus.

Adblock Plus :: Add-ons for Firefox     Adblock Plus - Chrome Web Store

Adblock Plus for Edge browser   Adblock Plus for IE

 

You can block the ad and tracking cookies from installing on your computer by blocking third party cookies.

How to disable third-party cookies in all major web browsers

Once you have blocked the install of those cookies then run CCleaner to remove the existing ones.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 11 March 2018 - 10:32 AM

Thanks for the heads up on Adblock Plus. I'm guessing that this would be better than AdBlock? and...free?  :)  :grinner:

 

Yes, I do have third-party cookies blocked in my browser settings.

 

If you have synchronized your settings, add-ons, etc. with other gadgets such as a smart phone, tablet, or other computer then you need to do what I suggested to get rid of Panda's adware

and other items found.

 

The only thing that my computer is connected to is a router. Not sure if that counts as a gadget in this case.  :huh:

 

I was not able to access the google support link that you posted. Would this have anything to do with:

Closing all programs>Opening task manager and right-clicking on Google Chrome under "processes" to end task>windows+R>run>type "appdata">select "Local">select "Google">"Chrome"> Delete folder named "User Data"?


Edited by ArchimedesNose, 11 March 2018 - 10:40 AM.


#13 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:21 AM

Posted 11 March 2018 - 10:49 AM

If ads are being blocked by your ad blocker then that is good enough. It likely uses the same Easy List of ad servers as do other

ad blockers.

 

No, your router is not a gadget that I was referring to.

 

Happy surfin'.....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 ArchimedesNose

ArchimedesNose
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 AM

Posted 11 March 2018 - 11:01 AM

Excellent! Thank you so much for your assistance buddy215. You have been most helpful and very patient with me. I appreciate it a great deal.  :thumbup2:



#15 buddy215

buddy215

  • Moderator
  • 13,301 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:21 AM

Posted 11 March 2018 - 11:46 AM

You're welcome...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users