Developer

RogueKiller scans systems for rootkits, registry issues, and more

RogueKiller is better at resolving registry issues than CCleaner, according to Jack Wallen. Learn how to use this supplemental defense against malicious software.

RogueKiller was a command-line only application for quite some time; thankfully, the app's developer listened to users who said they preferred GUI apps and created a GUI front end that any admin can easily begin using on their company systems. The development of this GUI tool makes RogueKiller a perfect portable app, so you don't have to bother with installation. (Note: The RogueKiller site is in French.)

RogueKiller will check for rootkits, rogue processes, rogue Registry entries, rogue or untrusted drivers, and Master Boot Record (MBR) issues. RogueKiller can restore a Host file, delete any Proxy entries, and repair shortcut problems.

Caution: This is not a replacement for an antivirus or an anti-malware tool. Also, RogueKiller is not a tool that anyone can fire up and start pointing and clicking their way to a healthy PC. You need to use common sense when using RogueKiller; if you don't, you could delete a Registry entry that shouldn't be deleted.

Using RogueKiller

Download the RogueKiller executable file and slap it on your flash drive. To run a scan, close all running applications, open RogueKiller, and click the Scan button. Within 2-5 minutes, you should see the scan's results (Figure A). Figure A

A PC's registry issues are resolved. (Click the image to enlarge.)

After you run the scan, check each tab to see if any issues are present. If there is an issue, click the associated button to the right of the application. After you click an action button, RogueKiller will go through another scan, and the problem should not appear. I find RogueKiller is superior to CCleaner for getting rid of registry issues.

Once the scan is complete, click the Report button to see a full report of what RogueKiller has found; this piece of this report will appear in the individual tabs on the main window. The actions you take next depend upon what RogueKiller finds. For example:

  • If RogueKiller finds rogue Registry entries, you can delete them by clicking the Registry tab and clicking the Delete button. Please look over each registry entry before deleting it to avoid accidentally deleting a false positive.
  • If there are any rogue processes, click the Delete button.
  • If you find any entries in the Host file (RogueKiller will display the contents of the Host file), you can delete all but the localhost entry by clicking the Hosts tab and then clicking the Fix Host button.
  • Click the Proxy tab and, if there are any proxy configurations that do not belong, click the Fix Proxy button.
  • If your system is hit with a FakeHDD attack that renders your shortcuts unusable, click the Fix Shortcuts button to resolve this issue.
Note: With the DNS, Hosts, and Proxy tabs, what RogueKiller finds may not be an issue; it is imperative that you look over anything it finds before you delete it.

The Driver tab will display hooks made into the Windows kernel. If some of the System Service Descriptor Table (SSDT) indexes are reported as malware, the original index can be restored by left-clicking the rogue entry in the Drivers tab and selecting Restore SSDT. SSDT is used by the Windows kernel when dispatching system calls. You have to be careful with this — make sure you know it is safe to restore an original index on the system in question; it is possible to restore a driver to the original index and wind up with an unstable system. To be safe, if you plan on using this feature, create a restore point before moving forward.

If RogueKiller finds issues with your MPR, you can have the tool repair it by clicking the MBR tab and then clicking the Fix MBR button (Figure B). Figure B

If your machine has multiple drives, select the drive housing the MBR. (Click the image to enlarge.)

You will need to fully understand this issue before you use RogueKiller. However, if the app turns up an issue with your MBR and the Fix MBR button is available, your best bet is to allow RogueKiller to fix the issue.

Bottom line

If you're looking for a supplemental defense against malicious software, and you have a solid understanding of your system, RogueKiller is a great tool. Even if you don't use RogueKiller for its ability to repair the MBR, restore drivers, or repair the host file, DNS, or Proxy issues, the Fix Shortcuts feature alone is worth your time.

Give RogueKiller a try. It's donation ware, so it won't break your bank.

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

Editor's Picks