General Category > Malware removal help

RogueKiller Finds them, says it removes them but after reboot still there.

(1/2) > >>

I5 - processor
Win 10 x 64; 8mb Ram

It is probably me, not RogueKiller.  Not sure what I am doing wrong.  I am not sure if the 2 problems are related.  The first problem Roguekiller finds things, but after I am told they are removed, they are still found - the same ones ("problems").  So, I run Roguekiller, delete the "stuff", reboot and rescan. All 16 problems are still there,

The second problem:

All of my computer resources feel like they are being used or drained.  Computer feels sluggish, slow or lagged.  When I look at task manager it says my disk use is 100%  this is a fairly frequent problem. 

I did all of these steps and none worked:

I contacted Microsoft Support, someone took control of my computer and they pretty much followed the same steps though informed me they did additional trouble shooting and solved the problem, they did not fix it.

I do not know if it is important to note but this is an official fix, I do not have this "Device"

[Proc.Injected|Proc.RunPE] Wow-64.exe(10016) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found
12 "[PUP.Gen0]" errors
A firewall problem and another.

Hi BrokenPerson,

Welcome to forum.
Could you please attach RogueKiller full report with your next reply ?


Sorry not my post but wanted to provide some input on the World of Warcraft part of this. My scans today also flagged this file the same way but only when the game was open in the background. When it is closed and I run another scan everything comes back clear each time. It's got me a bit edgy since I'm not sure what exactly it is or why it's marking it as a threat since it hasn't in the past.

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected|Proc.RunPE] Wow-64.exe(6376) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found
¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected|Proc.RunPE] Wow-64.exe(4780) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found
¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected|Proc.RunPE] Wow-64.exe(4804) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found

Could it be detecting warden?

So that was my problem. When WOW was closed, it detected nothing.  When running  RKK detected the files the other person mentioned.  My problem....  When I load wow it instantly hijacks my resources now (100% disk - Task Manager).  WHY ME?  Though, I do not know if this is related to something else as it happens when I am not playing. However, the launcher is up 7/24/365 mostly. 

Warden is very invasive and does a lot of stuff. There is no way it is not spy/malware.  However we all knowingly and openly sign our lives away (if ya read the fine print) <---- good old article.

I wonder how the Warden has evolved?  In their anti-cheat agreement which was updated not too terribly long ago, not too much before I started having endless problems.  WOW openly says they will make your computer their zombie.  To play that is the price you pay.  I just confirmed the problem only exists when the game is running.  Warden is a threat, tits if RKKrew flags it.  (Tits as in "good", just clarifying - keeping it PG-13).   It is one of those potentially necessary threats.  Like keeping a gun when you are really drunk.
In process
•Signature checks
•Game specific checks
•Hook detection
•Pointer chain
•Call stacks periodic checks
•Debug related
•Out of process
•Signature based detection
•Pattern searching in all processes address space
•Scanning for game process handles
•Scanning files for signatures (offline)
•Send suspected programs to server for analysis
•Check DNS history for cheat update servers

Hi Akainu, BrokenPerson,

This process structure is unusual, probably linked to anti-cheat, but it does not contain malware.
We will whitelist it as soon as possible.

As a side note, Warden client use dubious methods but it's not detected by RogueKiller because of the requirement to have it running for playing Blizzard games.



[0] Message Index

[#] Next page

Go to full version