Based on generic ways to find malwares by their behaviour (heuristics), on classic anti-malware analysis (signature finding) and on undocumented hacks, RogueKiller can find/remove most of the basic malwares (rogues, trojans, …) and some advanced threats like ZeroAccess or TDSS that behave more like rootkits.
RogueKiller is a tiny anti-malware maintained by a small team, and thus new detections are based on “most spread threats“. We react quickly to integrate detection and removal of what we think can be a global threat and affect a big amount of users across the world.
Here’s a little summary of what RogueKiller is able to do:
Kill malicious processes
Stop malicious services
Unload malicious DLLs from processes
Find/Kill malicious hidden processes
Find and remove malicious autostart entries, including :
Registry keys (RUN/RUNONCE, …)
Tasks Scheduler (1.0/2.0)
Startup folders
Find and remove registry hijacks, including :
Shell / Load entries
Extension association hijacks
DLL hijacks
Many, many others …
Read / Fix DNS Hijacks (DNS Fix button)
Read / Fix Proxy Hijacks (Proxy Fix button)
Read / Fix Hosts Hijacks (Hosts Fix button)
Restore shortcuts / files hidden by rogues of type “Fake HDD“
Read / Fix malicious Master Boot Record (MBR), even hidden behind rootkit
List / Fix SSDT – Shadow SSDT – IRP Hooks (Even with inline hooks)
Find and restore system files patched / faked by a rootkit
Changelog:
V13.1.7 03/05/2019
=================
- Updated to core 3.0.5
* Fixed WebScanner mitigation
* Disabled PUM.StartMenu for RogueKiller
* Fixed Appdata scan duplicate
* Fixed LocalAppdata scan duplicate
- Fixed an issue with renewal links
