Solved Information relating to RogueKiller software.

bobbyscot

Member
I am at present using RogueKiller Malware searcher. Caption shows to click files that is required to be Deleted. Files in this instance refer to PUM.dns and PUP. I have at present no experience in these types of files. Some guidance would be appreciated as to how to deal with these files, remove or ignore.
 

DonnaB

Malware Fighter
Member
Hi bobbyscot,

My apologies for the delay in responding. Let's take a closer look at what is going on in your system.

Please do the following:

Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

Note: You will need to run the version compatible with your system. If you are not sure which version (32 or 64-bit) applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


  • Make sure that FRST is on the desktop of the infected system
  • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Thank you,
Donna :)
 

bobbyscot

Member
Thank you for your response, appreciated. Unfortunately as before, the copy/paste fails
to work with my computer. Another Support forum requested my carry out the same
procedure to check my computer for errors and was unable to do so. My copy/paste works
ok within my computer but fails when utilised as in requests made by yourself. It seems
ok when using with E-mails or within my computer workings.
 

DonnaB

Malware Fighter
Member
Well, by golly! Let's see if we can attach the files to your next post.

The instructions to attach a file to your post are as follows:


  • At the bottom of the Quick Reply window, click on Go Advanced
  • On the next screen, under Additional Options, click on Manage Attachments
  • In the File Upload Manager window that pops up, click on Add Files then Browse.
  • In the next window that pops up, navigate to where the logs are saved and click on the log file, then click the Open button.
  • Once back to the File Upload Manager window, click on the Upload button.
  • You should then see that the log files is located under Attachments found under the Additional Options area.
 

Attachments

  • MBAM vs2 1215.txt
    886 bytes · Views: 0

DonnaB

Malware Fighter
Member
Perfect! See if you can find the FRST.txt log and attach that one as well. That is the one that I need to see the most.

Attaching the logs can be tricky till you do it a few times. :)
 

DonnaB

Malware Fighter
Member
Good morning bobbyscot,

Yes. I see the FRST.txt attachment in your post above. Thank you.

I also see that you had downloaded and saved the FRST.exe tool into a folder in your user profile that you named Robert as shown below:

C:\Users\Robert\FRST64.exe

Could you please go to that folder, open it up, then drag and drop FRST64.exe to the desktop of your computer? It is best to have it there for easier access..

Next:
- Save ALL Tools to your Desktop-

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browse(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.

- Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
Choose Settings. at the bottom of the screen click the "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

- Click the "Open Menu" button in the upper right-corner of the browser.
Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

As you can see, those logs are quite big. Please allow me a bit of time to review both logs and prepare a fix. I'll be back as soon as possible with my next set of instructions.

If there is anything that you do not understand, please, do not hesitate to ask questions. :)
 

bobbyscot

Member
I do not use or like Google Chrome or FireFox, both items should not appear any where in my
computer. Downloading and installing to many tools, I do not feel at all happy. From past
experiences over the years, this has caused me untold trouble causing computer to malfunction
and in some cases, required a factory setting of computer. Thanking you for assistance
and time spent is most appreciated, and look forward to learn of your findings. BobbyScot.
 

DonnaB

Malware Fighter
Member
Hi bobbyscot,

Sorry for the delay.

Ooops. I meant to provide the instructions for you to change the download default location for IE and Firefox. Do you know how to do that? If not, just let me know and I'll provide instructions for you.

Didn't mean to post the instructions for Google Chrome (which is not installed on your computer). Firefox is installed, though, and it would be best if you leave it installed even though you don't use it. There may come a time when you need a second, back up browser, and it will be there. It's not hurting anything being there.

This is a longer post than I had expected, so please read all the way through. As I pointed out before, if you have any questions what so ever, please ask. :)

I see you have 360 Total Security by Qihoo installed as your resident anti virus program. Personally, I would uninstall this AV product and install a more trust worthy AV software. You can read more about why I wouldn't let that software touch my system here.

It appears that you have downloaded a few other programs trying to fix your problems yourself.

Clean Master
Should I Remove It


The above 2 programs are very shady. We call them snake oil. :) They are system optimizers that can cause more harm than good and should be uninstalled. Ccleaner is also installed. Though it is a good temp file cleaner, please don't use the registry cleaner that is included. Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

If you would like to uninstall Ccleaner, a good safe temp file cleaner to replace it with would be TFC-Temporary File (TFC) Cleaner by OldTimer.

To uninstall the above programs, please click on your Start
> Control Panel > Programs and Features
, look for those 2 programs, right click and uninstall.

You also have µTorrent installed which is a P2P program. I must warn you that this type of program is of the highest nature that infections are invited into your Computer. I suggest that you remove it as well. Though the programs themselves are not malicious, the chance of downloading a malicious file is like playing russian roullette. Any file could be the one that will turn your computer into a very expensive door stop.

P2P Programs can invite spyware, viruses, Trojan horses, or worms into your computer. When the files are downloaded, your computer becomes infected. If you share these files with others, their computer becomes infected as well. You also invite the possibilities of others stealing your personal information such as passwords, online banking accounts, personal files, etc.

Once you uninstall the 3 above programs, please go to the following locations and delete the folder associated with them:

C:\Program Files (x86)\Reason


Next:

Were you able to move FRST64.exe to your desktop? I need you to save the following as fxilist.txt in the same location or the fix will not work.

I don't see any serious infection on your system. Did the other forum help ypou remove anything? Please provide a link to that other forum in your next post so I can what they did. :)

Let's remove the residual files I did find on your system.

Please do the following:

  • Open notepad (Start
    > type notepad into Start Search > chose notepad from list.
  • Please copy the entire contents of the code box below from start to end.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same directory as frst64.exe as fixlist.txt.

    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4215804292-628602006-1330011759-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-4215804292-628602006-1330011759-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-4215804292-628602006-1330011759-1000 -> {EB4CD3B2-2900-4FB9-9A42-56DF1566A752} URL = 
    SearchScopes: HKU\S-1-5-21-4215804292-628602006-1330011759-1000 -> {F129081D-9B7A-45B8-B5F9-E42FF30508CD} URL = 
    FF Extension: No Name - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\w4dp2k90.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-01-28] ()
    S4 cmcore; c:\program files (x86)\cmcm\Clean Master\cmcore.exe [315240 2015-01-24] (Kingsoft Corporation)
    S3 ksapi64; C:\Windows\system32\drivers\ksapi64.sys [56680 2015-01-24] (Kingsoft Corporation)
    S4 cpuz134; \??\C:\Users\Robert\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
    S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\ENG64.SYS [X]
    S4 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081126.003\EX64.SYS [X]
    S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S4 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [X]
    S4 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [X]
    2015-04-04 18:30 - 2015-04-04 18:30 - 02178048 _____ (Reason Software Company Inc.) C:\Users\Robert\ShouldIRemoveIt_Setup.exe
    2015-04-04 18:30 - 2015-04-04 18:30 - 00001070 _____ () C:\Users\Robert\Desktop\Should I Remove It.lnk
    2015-04-04 18:30 - 2015-04-04 18:30 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
    2015-04-04 18:30 - 2015-04-04 18:30 - 00000000 ____D () C:\Program Files (x86)\Reason
    C:\Users\Robert\disk-defrag-setup.exe
    C:\Users\Robert\FRST64.exe
    C:\Users\Robert\Intel Driver Update Utility Installer.exe
    C:\Users\Robert\Nero_DiscSpeed_3p.exe
    C:\Users\Robert\setup.exe
    C:\Users\Robert\ShouldIRemoveIt_Setup.exe
    C:\Users\Robert\vlc-2.2.0-win32.exe
    C:\Users\Robert\vlc-2.2.0-win64.exe
    C:\Users\Robert\AppData\Local\Temp\SSEInternetUpdaterX.exe
    EmptyTemp:
    Hosts:
    end

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

Logs I need to see in your next reply:

Fixlog.txt

Thank you,
Donna :)
 

bobbyscot

Member
Hello DonnaB, thanks for response. CCleaner is the paid up version and used for several years.
UTorrent is program that I really need and used constantly. 360 Total Security was highly recommended
by a Forum member from another similar to Vista Support Forums. I have tried several Free Antivirus
software and some indeed played up my computer and so far 360 Total Security, is the most or should I
say the least troublesome but your notes has to be taken seriously. What is the best anti virus? I will certainly
remove Clean Master as I do have doubts about it. FRST64 icon is shown on Desktop and active. Finally, will
try to carry out your other request.
 

DonnaB

Malware Fighter
Member
Hi bobbyscot,

Were you able to execute the fix I posted above? Most of the entries included in the fix are leftovers from previous programs that were uninstalled, including AV programs; such as Norton, SpyHunter (which is way outdated, and as far as I know isn't even updated anymore), drivers to old, outdated software that could cause issues, etc.

I'm surprised that a forum actually recommended that you install 360 Total Security. All the experts I know suggest that it is uninstalled since it does include the ability to optimize which is a BIG no, no and could be one of the reason you are experiencing issues.

What is the best anti virus?
You are. Common sense makes up 90% of security - software makes up the remaining 10%. No AV in the world can prevent infection 100%. I have used Avast free for years. I had just paid for a subscription to Panda when I was introduced to Avast which I had uninstalled Panda to install Avast. Glad I did. Never even realized how slow my system was till I made the change. Only time I have ever been infected is when I allowed my daughter to use my computer and she installed some software that had bundled "crapware" included with the software. I was cleaning her computer at the time because a friend had introduced her to utorrent and she infected the system so badly by downloading shared files that the HDD had to be wiped clean and reinstalled. She learned the hard way.

Please post the fixlog.txt once you execute that fix above. Then we'll just clean up a bit, and remove the tools.

Thank you,
Donna :)
 

bobbyscot

Member
Hello DonnaB, carried out by copy/paste of your program in Notepad, saved fix, but no
trace can be found in computer. What is the saved reference to use? You refer to Avast,
I tried it, but it also installed another program to clean your computer, well it certainly did
to such a degree, computer required a complete factory setting. I find that I am out of my
depth in trying to follow your excellent advice and help. It simply means my brain has
frizzled due to age. Thanks BobbyScot.
 

DonnaB

Malware Fighter
Member
Hi bobbyscot,

Were you able to move FRST64.exe to the desktop of your computer?


You should have saved the fixlist.txt to the desktop as well. The fixlist.txt needs to be in the same location as FRST54.txt is for it to work.

Once you have them in the same location, all you have to do is to open FRST64.txt, then click on the Fix button on the program screen.

Once the scan is finished, it will save a text file named fixlog.txt in the same location that FRST64.exe is located.

I am off to work now and won't be back till about 5pm my time.

Donna :)
 

bobbyscot

Member
Hello DonnaB, have a nice day. Well not being a defeatist I tried again, this time
a result, I hope. Icon is showing as Fixlog, hoping it is what you require.
 

Attachments

  • Fixlog.txt
    6.5 KB · Views: 0

DonnaB

Malware Fighter
Member
Very good, bobbyscot! That is exactly what I was waiting for. Thank you! :)

How is the computer behaving? Please explain in detail what problems you are experiencing.
 
Top