RogueKiller is a tool which aims to help you to detect and remove malware from your PC.
The program doesn't rely on virus signatures, which is good for detecting the latest threats, but also bad in terms of raising false alarms. When we launched RogueKiller, for instance, it immediately terminated two entirely innocent processes because it thought they were running from a "suspicious path".
And after clicking Scan, and waiting for the program to quickly check our system, we found similar false alarms under the Registry tab, where again RogueKiller assumed entirely legitimate programs were malware.
If you know what you're doing, though, the program's report does contain a great deal of useful information on possibly dubious startup programs, HOSTS file lines, proxy and DNS settings, drivers, shortcuts, MBR code and more.
And although RogueKiller will close processes it doesn't trust on launch, other files and Registry settings won't be removed unless you specifically click the relevant "Fix" button.
RogueKiller wouldn't be our first choice for a tool to disinfect a PC, then. But if other antivirus apps have failed, then there's no harm in giving the program a try, especially as it's portable so there's no need to install anything. (Just make sure you save any work before launching the program, just in case it tries to close the wrong process on your system, too.)
Version 10.11.1 (Changelog):
- Added detections
- Added filter on VirusTotal internal submit (no user file)
- Improved shellcode module detection in inline hooks module
- Fixed memory growth while scanning filesystem
- IAT scan is now much faster because only scanning windows DLLs table
- Table-based hooks have cleaner display in logs (module!export)
- Fixed a bug in modules enumeration on 64 bits
- Excluded wow64cpu enter from inline hooks detection
- Now inline hooks architecture detection relies on import module architecture instead of process
- RogueKillerCMD: Added -dont_ask switch (to eliminate all user interactions and use default actions)
RogueKiller provides plenty of tools to help you detect and remove malware, but unfortunately many of these are just as likely to highlight (or even automatically close down) legitimate programs