RogueKiller is an anti-malware program written in C++ and able to detect and remove generic malwares and some advanced threats such as rootkits, rogues, worms, …
Based on generic ways to find malwares by their behaviour (heuristics), on classic anti-malware analysis (signature finding) and on undocumented hacks, RogueKiller can find/remove most of the basic malwares (rogues, trojans, …) and some advanced threats like ZeroAccess or TDSS that behave more like rootkits.
RogueKiller is a tiny anti-malware maintained by a small team, and thus new detections are based on “most spread threats“. We react quickly to integrate detection and removal of what we think can be a global threat and affect a big amount of users across the world.
Here’s a little summary of what RogueKiller is able to do:
- Kill malicious processes
- Stop malicious services
- Unload malicious DLLs from processes
- Find/Kill malicious hidden processes
- Find and remove malicious autostart entries, including :
- Registry keys (RUN/RUNONCE, …)
- Tasks Scheduler (1.0/2.0)
- Startup folders
- Find and remove registry hijacks, including :
- Shell / Load entries
- Extension association hijacks
- DLL hijacks
- Many, many others …
- Read / Fix DNS Hijacks (DNS Fix button)
- Read / Fix Proxy Hijacks (Proxy Fix button)
- Read / Fix Hosts Hijacks (Hosts Fix button)
- Restore shortcuts / files hidden by rogues of type “Fake HDD“
- Read / Fix malicious Master Boot Record (MBR), even hidden behind rootkit
- List / Fix SSDT – Shadow SSDT – IRP Hooks (Even with inline hooks)
- Find and restore system files patched / faked by a rootkit
RogueKiller is a GUI-ed tool (since the new version), so it’s easy to use. However, one can have difficulties to interpret the results and know what needs to be fixed. This is normal and malware removal is somewhat tricky. Please feel free to contact us or better grab the scan log and post it on the forum. They know how to interpret it and they will guide you in the removal (for free, of course).
RogueKiller is available in the following languages, detected by computer’s language.If your language is not inside and you think it would be useful, if you can translate from/to Engligh please contact us.
French, English, Chinese, Czech, German, Greek, Italian, Dutch, Portuguese, Russian, Spanish, Slovak
Please support us!
RogueKiller is a free software, updated about once a week. It needs perpetual watch on live malware, and constant improvements to crush bugs, handle new malware and add new cool features.
Advertisements on the website are the only reliable way to get our developers paid for all that hard work.
However, you can contribute in a most valuable way by making a small (or generous, depends on your mood) donation with Paypal. Don’t hesitate to leave a message explaining your thankfulness with your donation, this is an important thing for the team!
If you don’t wish to donate, you can still express your thankfulness (lucky you! :)) by liking us on Facebook and/or Google+ (below).
Disclaimer. RogueKiller is able to send feedback report automatically in order to help developers to fix bugs and improve the software. The content of the reports is not sensitive, and does not contains personal data (except username), only software related data. This feedback is used for several things: first, improve the software by providing debug/crash informations. Next, it’s used to build real time statistics of in-the-wild threats (see below). If you disagree with this, please do not use this software.
Disclaimer 2. RogueKiller, by design, can detect some false positives. We made the choice to “sometimes” detect wrong things (marked as suspicious) and have a very high accuracy against malwares rather than never detect wrong things and miss a lot of malwares. That said, you have always the choice to uncheck things before deletion (and report them as false positive to us!)
RogueKiller is easy to use. Basically, a classic use would be the following:
- Launch the program. Wait for the Prescan to finish
- Hit the “Scan button”. Wait for the scan to finish.
- Chose an option (Delete, HostsFix, …) according to what the scan has found (and what you want to delete).
- Hit that button. Wait for the end of deletion.
- If any other thing to do, restart from 2.
The official tutorial, which is quite complete can be found here :
Little demo against the latest ZeroAccess variant:
If you encounter any problem, have any doubt, and just want to thank, make a suggestion or provide any help, please feel free to contact us with any mean provided in the contact page of the website. You can also use the forum, as always.
RogueKiller, due to its automated feedback, send some informations in real time about currently spreading threats. It allows us to be prepared and warn people that a new attack is in effect, or that a 0-day is been exploited. More, we can see which operating systems are most used, which languages, and so.