Poweliks removal with RogueKiller 2

Poweliks removal with RogueKiller   How to remove Poweliks with RogueKiller       Little Analysis   Poweliks is a malware with rootkit-like features, with no file (directly passing from registry to memory at boot time). The payload (malware file) is stored in an encrypted registry value, and loaded at boot time by a RUN […]

RogueKillerCMD can read the full content

filesystem filter

KernelMode rootkits: Part 3, kernel filters

KernelMode rootkits: Part 3, kernel filters   This is the third part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: Keyloggers) do to intercept keystrokes by using kernel filters.   To understand the basics of kernelmode, drivers, please refer to the first part.   […]


KernelMode rootkits: Part 2, IRP hooks 6

KernelMode rootkits: Part 2, IRP hooks   This is the second part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: TDL4) do to hijack disk access by using IRP hooks.   To understand the basics of kernelmode, drivers, please refer to the first part. […]

IRP hook

Src: Microsoft

KernelMode rootkits: Part 1, SSDT hooks 1

KernelMode rootkits: Part 1, SSDT hooks   This is the first part of this series about Kernel Mode rootkits, I wanted to write on it and demonstrate how some rootkits (Ex: Necurs) do to hide their presence and protect themselves from removal by using SSDT hooks.   I’ll first introduce what is KernelMode (against UserLand), […]


New RogueKiller statistics are here!

New RogueKiller statistics are here!   And they are way more sexy than before…   RogueKiller’s statistics are a way to display the data sent by the software to our webserver database.   The statistics are displayed in real time (you have to refresh the page though), so there’s no need to have human action […]

stats1

Capture

Dear AVs, why don’t you like me? 9

Dear AVs, why don’t you like me?   How you destroy small developers   Starting with RogueKiller V9, we have a lot of issues with some Antivirus vendors, flagging our software at every release. Not because it’s a malware, but because of their heuristics engine. And overall, because they really SUCK at whitelisting legit products. […]


Necurs removal with RogueKiller

Necurs removal with RogueKiller   How to remove Necurs rootkit with RogueKiller     Little Analysis   Necurs is a rootkit, having a kernel driver and a protected service. The kernel driver has a self-protection feature against service key removal. It also filters which kernel driver can load to avoid antirootkits enter kernelmode and try […]

Capture

sdk1

RogueKiller 9 on the tracks! 4

RogueKiller 9 on the tracks!   We are currently developing the version 9 of RogueKiller, by rewriting everything (engine) from scratch. It will take several months yet, but will be a great and exciting new thing!   What will change?   Almost everything, except the UI. Basically, we are building what will be called the […]