Of PUPs and other demons 1

Of PUPs and other demons   Story about a PUP using malware technology…     Introduction   What is a PUP? PUP means “Potentially Unwanted Program”. They are designated that way (or sometimes “Not-A-Malware”) because they are in theory not harmful for you, just annoying. A few examples: Zeus is a real malware, because it […]



BHO: A spy in your browser 1

BHO: A spy in your browser   Or how Internet Explorer extensions can turn into a Spy.     Introduction   What is a BHO? A BHO (for Browser Helper Object) is a module (often a DLL) that acts as a plugin for either explorer.exe or Internet Explorer. Most of the time (as its name […]

Bootkit removal with RogueKiller 3

Bootkit removal with RogueKiller   How to remove Bootkits with RogueKiller     Description   Bootkits are rootkits infecting the Master Boot Record (MBR) or sometimes the Volume Boot Record (VBR) of a partition. Those rootkits take advantage of super early loading in the system to bypass antiviruses and hide themselves with a kernel driver. […]

Boot process

Second stage payload in registry value

Gootkit/Xswkit removal with RogueKiller 1

Gootkit/Xswkit removal with RogueKiller   How to remove Gootkit variants (Xswkit) with RogueKiller     Little Analysis   Gootkit is a malware with trojan/backdoor features, and fileless behavior. The payload (malware file) is injected into several legit processes, and loaded at boot time by a RUN key calling the injector.   That run value is […]

Zeus removal with RogueKiller 11

Zeus removal with RogueKiller   How to remove Zeus variants (Citadel) with RogueKiller     EDIT October,4th 2014   If the only process detected is your Antivirus, please ignore the detection.   We are working on this issue, which is not really a bug, but a problem of signature scanner definition VS Antivirus definition.   […]


Userland rootkits: Part 1, IAT hooks 37

Userland rootkits: Part 1, IAT hooks   This is the first part of this series about Userland rootkits, I wanted to write on it and demonstrate how some rootkits do to hide files by using IAT hooks.   This post is about a classic trick, known for decades. Malware specialists may know this already, so […]



RogueKiller V10 is here! 8

RogueKiller V10 is here   …With a brand new UI and a Premium version (beta)   No worries, user experience is still the same (fortunately, or unfortunately, it’s up to you :)) Here’s what it looks like:       What’s new?   New UI, based on Qt Framework. All the forms have been redesigned, […]