Adlice forum
Software feedback => RogueKiller => Topic started by: Tigzy on November 24, 2014, 09:50:25 AM
-
Hello
If you have a problem of RogueKiller crashing, please do the following:
---------------
Note on July, 30th 2015:
Just to let you know (I'll update the main post as well) that every BSOD issue will not be fixed now, for a very good reason:
We are in the process of redoing the driver from scratch for better performance and stability.
The driver is the thing that would cause 99% of the BSOD you encounter with (and caused by) RogueKiller, so hopefully once the new version of the driver is out the problem will be gone. Please be patient.
As a workaround you can switch driver off with -nodriver command line, or for Premium users by unchecking the Kernel driver in settings.
---------------
1. BSoD (Blue Screen), this is a driver crash:
- Go to C:/windows/minidumps
- Find the latests dump file, and upload it here (zipped please)
2. Application crash:
- Restart the application
- If it asks for sending crash information, please upload them. If not, follow 2.1
- That's all you need to do
2.1 Application crash, manual dump:
- Download ProcDump: http://technet.microsoft.com/en-us/sysinternals/dd996900.aspx
- Follow the option A. of this tutorial: https://kb.acronis.com/content/27931
- The command line to execute is "procdump -e -w -ma RogueKiller.exe"
- When the application crashes, it will generate a dump.
- Zip it, upload it on http://upload.adlice.com.
3. Application is blocked/hangs on something:
- Download Process Hacker or Process Explorer, and install it. Start it.
- Restart RogueKiller
- When it hangs, make a full dump of the process with Process Hacker/Explorer with a right click.
- Zip it, upload it on http://upload.adlice.com.
Thanks!
-
BSOD with the latest version of Roguekiller. Previous version work fine.
-
After the pre-scan, the scan hangs at 62%. It will hang there indefinitely. Here is the dropbox link.
https://www.dropbox.com/s/rkbkdpxqvy46mzs/RogueKiller%20%282%29.zip?dl=0
-
Thanks, dumps will be analyzed.
-
@HolidayRobin, could you tell me which version you used? The old GUI or the new one?
Looks like the file has been changed when you downloaded it. Can you upload the file RogueKiller (2).exe to Virus Total and give the link?
-
Version 10.0.6 worked fine but 10.0.8 freezes at checking hidden processes during initialization.
-
@bucktail, could you make a dump when it hangs?
-
BSOD with the latest version of Roguekiller (RogueKillerX64 10.0.8.0)
I have Windows 7 Home Premium SP1 64-bit.
I have attached a minidump
Tomas
-
I am getting a BSOD (0x0000007e (0xffffffffc0000005, 0xfffff80002e81b74, 0xfffff880033a0ea8, 0xfffff880033a0700) running most recent version of rogue killer.
DMP file:
https://onedrive.live.com/redir?resid=8B8D493102488C1A!8577&authkey=!AGC0cJs5ZfOzYMY&ithint=file%2czip (https://onedrive.live.com/redir?resid=8B8D493102488C1A!8577&authkey=!AGC0cJs5ZfOzYMY&ithint=file%2czip)
-
Hi, RogueKiller crashed on XP.
Latest build as of today.
https://www.dropbox.com/s/ah8zgpz4fm1slhj/RK-Mini122714-01.dmp?dl=0
-
Thanks I'll take a look.
-
I Ran "procdump -e -w -ma RogueKillerX64.exe" Still received the same 0x0000007e (0xffffffffc0000005, 0xfffff80002ed9b74, 0xfffff880033aeea8, 0xfffff880033ae700)
Below is the minidump from "c:\windows\minidump" on a Dell E6540 & Dell E6420(both x64) Windows 7 Enterprise, AV is SCEP
https://onedrive.live.com/redir?resid=8B8D493102488C1A!8682&authkey=!AIy7oO7zDm5jobQ&ithint=file%2czip (https://onedrive.live.com/redir?resid=8B8D493102488C1A!8682&authkey=!AIy7oO7zDm5jobQ&ithint=file%2czip)
RogueKiller.exe(x32) runs fine
-
Another crash. I was told it crashed (BSOD) as soon as RogueKiller was started, however I cannot verify when exactly it crashed.
-
Eric, BSoD can only be related to driver loading...
So yes in the beginning makes sense.
-
minidump - bsod - RKx64 crashing on initialization - help please....
Thanks.....
-
Hi Gumby,
Welcome to Adlice.com Forum.
Thanks for the feedback. The minidump you provided will be examined in order to troubleshoot the issue.
Regards.
-
Hello,
I'm stuck with TR.Gootkit and proc.svchost found on a w2003 SP2 server for at least 2 weeks. At 1st it used to scan correctly and remove those infections. Trouble is that these virus kept on coming back, I just can't get rid of them.
But since I updated to the newest version 10.4.3.0 (and even with 10.4.1 I believe), Roguekiller hangs during pre-scan at 80%, always.
I also get an "error opening process" when I try to get a full dump with Process Explorer.
I used to hang on NAVENG service, and now it hangs on NAVEX15 service.
FYI Symantec Endpoint Protection client v12 is installed and running on this server. Roguekiller seems to detect Symantec as false positive as well.
Find attached screenshots (doc file) and logs, though no more logs since the 19th of february, since roguekiller hangs during prescan.
I hope you can help me since I'm stuck?
Best regards
-
Hi mist63,
Welcome to Adlice.com Forum!
Could you please try starting RogueKiller with option -nokill ?
Is the server a critical one ? If that's the case, I strongly encourage you to do a full system reinstall.
Regards.
-
Hi Curson,
Thanks for your answer, it works fine with the -nokill option.
To do a full system reinstall would be my last choice...
It found Tr.gootkit and proc.svchost once again, though I do not think it's the right place to post here?
-
Hi mist63,
Yes, indeed. Could you please open a new threat in the RogueKiller section ?
Il will help you there.
Regards.
-
Hello !
I have a BSoD crash when I try to scan for the first time. I have attached the dumpfile.
Thanks for your help.
-
Hi quavas,
Welcome to Adlice.com Forum.
A new version of RogueKiller was released today.
Could you please give it a try ?
Regards.
-
Hi,
I'm getting a blue screen, while scanning processes.
Windows 7 SP1 x64, RougueKiller 10.6.00 x64
-Phil
-
Hi Phil,
Welcome to Adlice.com Forum.
Thank you for reporting this bug. This will be inspected as soon as possible.
Regards.
-
Some further investigation has revealed that quitting motherboard's monitoring software (Gigabyte EasyTune 6) before running RogueKiller prevents the crash.
It was hiding in the system tray so I hadn't realized it was even running.
-Phil
-
Hi Phil,
Thanks for the feedback.
Could you please launch RogueKiller using the "-nokill" switch while Gigabyte EasyTune is running ?
If no BSOD occure, please do a full scan and post the rapport obtained.
Regards.
-
BSOD again, even with -nokill
-Phil
-
Hi Phil,
Thanks for giving RogueKiller latest version a try.
Since the -nokill switch didn't change anything, it's more than likely a problem related to the driver.
The informations you provided will be very useful in the investigation of this bug.
Thanks again.
Regards.
-
Hi there,
Getting BSOD during pre-check using Rogue Killer debug version (normal version gets stuck on initialization).
Please see link for minidump file:
[dump removed]
Please advise, thank you.
-
Hi cinder,
Welcome to Adlice.com Forum.
Thanks for bringing this problem to our attention.
We will proceed to the analysis of the minidump you provided to troubleshoot it.
Regards.
-
Many thanks :)
-
Hi cinder,
You are very welcome. ;)
Regards.
-
Hi Curson,
Any progress with this issue at all?
Thanks,
- Natalie.
-
Hi Natalie,
RogueKiller was updated lately.
Could you please give this latest version a try ?
Regards.
-
Hi,
I'm using 10.8.4.0, is there a later version than this?
- Thanks.
-
I have just run version 10.8.6.0 and it still causes the BSOD. I was watching to see which process it was currently checking and it was taskeng.exe, not sure if that helps. Dump seems to be the same.
I did some of my own analysis:
WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error source that reported the error. Parameter 2 holds the address of the WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa8011fbe8f8, Address of the WHEA_ERROR_RECORD structure.
Arg3: 0000000000000000, High order 32-bits of the MCi_STATUS value.
Arg4: 0000000000000000, Low order 32-bits of the MCi_STATUS value.
Debugging Details:
------------------
BUGCHECK_STR: 0x124_GenuineIntel
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
STACK_TEXT:
fffff880`039935b0 fffff800`03912cb9 : fffffa80`11fbe8d0 fffffa80`0ca53040 00000000`00000001 00000000`00000000 : nt!WheapCreateLiveTriageDump+0x6c
fffff880`03993ad0 fffff800`037f3157 : fffffa80`11fbe8d0 fffff800`0386d2d8 fffffa80`0ca53040 00000000`00000000 : nt!WheapCreateTriageDumpFromPreviousSession+0x49
fffff880`03993b00 fffff800`0375a505 : fffff800`038ced00 00000000`00000001 00000000`00000000 fffffa80`0ca53040 : nt!WheapProcessWorkQueueItem+0x57
fffff880`03993b40 fffff800`036cfa95 : fffff880`01850400 fffff800`0375a4e0 fffffa80`0ca53000 00000000`00000000 : nt!WheapWorkQueueWorkerRoutine+0x25
fffff880`03993b70 fffff800`03964b8a : 00000000`00000000 fffffa80`0ca53040 00000000`00000080 fffffa80`0ca1a9e0 : nt!ExpWorkerThread+0x111
fffff880`03993c00 fffff800`036b78e6 : fffff880`03774180 fffffa80`0ca53040 fffff880`0377f0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03993c40 00000000`00000000 : fffff880`03994000 fffff880`0398e000 fffff880`03993560 00000000`00000000 : nt!KxStartSystemThread+0x16
STACK_COMMAND: kb
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: GenuineIntel
IMAGE_NAME: GenuineIntel
DEBUG_FLR_IMAGE_TIMESTAMP: 0
IMAGE_VERSION:
FAILURE_BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
BUCKET_ID: X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:x64_0x124_genuineintel_processor_mae_prv
FAILURE_ID_HASH: {435e2195-e498-1e77-0526-f8d7450275e5}
Followup: MachineOwner
___
===============================================================================
Common Platform Error Record @ fffffa8011fbe8f8
-------------------------------------------------------------------------------
Record Id : 01d0683f2e8df525
Severity : Fatal (1)
Length : 928
Creator : Microsoft
Notify Type : Machine Check Exception
Timestamp : 3/27/2015 3:36:20 (UTC)
Flags : 0x00000002 PreviousError
===============================================================================
Section 0 : Processor Generic
-------------------------------------------------------------------------------
Descriptor @ fffffa8011fbe978
Section @ fffffa8011fbea50
Offset : 344
Length : 192
Flags : 0x00000001 Primary
Severity : Fatal
Proc. Type : x86/x64
Instr. Set : x64
Error Type : Micro-Architectural Error
Flags : 0x00
CPU Version : 0x00000000000306c3
Processor ID : 0x0000000000000000
===============================================================================
Section 1 : x86/x64 Processor Specific
-------------------------------------------------------------------------------
Descriptor @ fffffa8011fbe9c0
Section @ fffffa8011fbeb10
Offset : 536
Length : 128
Flags : 0x00000000
Severity : Fatal
Local APIC Id : 0x0000000000000000
CPU Id : c3 06 03 00 00 08 10 00 - ff fb fa 7f ff fb eb bf
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
Proc. Info 0 @ fffffa8011fbeb10
===============================================================================
Section 2 : x86/x64 MCA
-------------------------------------------------------------------------------
Descriptor @ fffffa8011fbea08
Section @ fffffa8011fbeb90
Offset : 664
Length : 264
Flags : 0x00000000
Severity : Fatal
Error : Internal unclassified (Proc 0 Bank 1)
Status : 0xbf80000000200401
Address : 0x00000000fee00000
Misc. : 0x0000000000000086
_________________________________________________________________________
So is this indicating an issue with my CPU? I'm now worried!
By the way, the BSOD occurs on random process scans, not just the one I mentioned earlier. so that taskeng.exe is unrelated.
-
I have removed the offending software, which turned out to be Gigabyte utilities for my motherboard. FYI for future reference if anyone else is having this issue.
-
Hi Natalie,
Thanks for the heads-up.
RogueKiller's driver is currently refactored. We will do our best to ensure compatibility with Gigabyte software in the future.
Thanks again.
Regards.
-
RK won't run.
procdump failed when trying to capture the RK crash.
Here is the error:[img][img]
NOTE: the failing program is called "anti~mal~ware tool" instead of RogueKiller!! ??
This on Windows XP Home 32 on AMD 32. Panda running.
-
Hi fred3,
Welcome to Adlice.com Forum.
Could you please repost the image showing procdump failling attempt ? You didn't include the link in your previous post.
Regards.
-
Here they are:
-
Hi fred3,
That's problematic.
Is your system up-to-date ?
Regards.
-
Yes, the system is completely up to date....
-
I'm beginning to think that there's an incompatibility with this hardware and the most recent RogueKiller.
A very similar issue exists with the latest Malwarebytes.
See:
https://forums.malwarebytes.org/index.php?/topic/170525-malwarebytes-anti-malware-version-2181057-is-not-working/
Note that they have developed a workaround (I"ve not tested it yet).
On this system:
Google Chrome (the latest) will not install and the installer says it's incompatible with the hardware.
Firefox will install. Bitdefender will install. They both work fine.
Malwarebytes, in an older version will install and run but not the latest version.
-
Hello Fred3, could you say if you see the same crash happening with OLD RogueKiller interface?
Can you tell me what Processor is your machine?
-
The processor is an AMD 32 bit. Something like an AMD XP 3200+ I believe.
I'm not sure what the "old interface" is.... ?
-
Hi fred3,
The old interface is not using the QT Toolkit but the Win32 API.
Could you please download this version (http://www.adlice.com/download/roguekiller-oldgui-32/?wpdmdl=2500) and give it a try ?
Regards.
-
Yes. The old one works on this computer.
Thanks.
-
Hi fred3,
I'm glad to read this.
Could you please stick to the version with the old interface until we troubleshoot the problem you encountered with the new one ?
Regards.
-
Yes. Thank for the help!
-
Hi fred3,
You are very welcome.
I will let you know of the outcome of our investigation.
Regards.
-
Hi there. I'm running the last version of roguekiller x64 under windows 8.1 pro wmc x64 and i'm receiving bsod. I always used roguekiller and i never got this stuff. I'll upload the minidump in here. Thank you!
-
Hi graphixillusion,
Welcome to Adlice.com Forum.
Thanks for bringing this problem to our attention.
We will proceed to the analysis of the minidump you provided as soon as possible.
Regards.
-
Hello,
Just to let you know (I'll update the main post as well) that every BSOD issue will not be fixed now, for a very good reason:
We are in the process of redoing the driver from scratch for better performance and stability.
The driver is the thing that would cause 99% of the BSOD you encounter with (and caused by) RogueKiller, so hopefully once the new version of the driver is out the problem will be gone. Please be patient.
As a workaround you can switch driver off with -nodriver command line, or for Premium users by unchecking the Kernel driver in settings.
-
running windows 10
I can run RogueKiller_DEBUG previous version.
I can run RogueKiller newest version in 32bit
I can't run RogueKiller 64bit any version.
64bit versions crash (blue screen) within seconds of starting the app, so there is no dmp from RogueKiller.
windows minidump included
-
Hi WD-40.
Welcome to Adlice.com Forum.
According to the minidump you provided, the crash is caused by a driver issue.
However, we won't be able to correct it since we are in the process of redoing the driver from scratch for better performance and stability.
You can still use the 64-bit version of RogueKiller using the "-nodriver" switch.
If you need help with the tool, please refer to the official tutorial (http://www.adlice.com/softwares/roguekiller/roguekiller-official-tutorial/).
Regards.
-
Latest version of RogueKiller
What if I am -not- getting a BSoD, but my entire computer is freezing?
Granted, I never let it sit there for several minutes before seeing if it would blue screen, but every time, it consistently freezes my entire computer when it gets to Antirootkit Scanner and I have to hit the reset button.
Scan completed fine in Safe mode, but driver was off when in safe mode.
-
Hi Ammako,
Could you please give me the name and full path of the process displayed when the system hang ?
Regards.
-
I am using the old version of Roguekiller (I don't really care for the new interface) and I'm having a problem with it on most computers. It usually gets to around 50% before the interface freezes. I can open up Task Manager and see that Roguekiller is still doing something, I can move the Roguekiller window around as well. But I can't get the Stop button to work.
If I leave it sit for a while (>10 minutes), the stop button eventually functions. If I leave it sit even longer, Roguekiller will eventually finish its scan. It usually takes longer than 30 minutes for it to "snap out of it." This happens on 32- and 64-bit versions of Windows 7, 8, and 10. Task Manager shows Roguekiller's CPU usage, RAM usage, and disk usage changing the entire time, so like I said, it still appears to be doing something even when the interface is frozen.
I never had this problem with the versions of Roguekiller prior to the interface change, nor with the new interface, but as I stated, I don't like the new interface so I switched over to using the "old" versions shortly after the new interface was released. I just updated to 12.2.0.0 and I'm still having this problem on pretty much every computer.
-
Hi rarson,
Welcome to Adlice.com Forum.
I was able to reproduce the issue on my end.
However, the old interface is not really updated anymore, so I can't promise we will be able to fix it.
Regards.
-
Okay, thanks. So only option is to use the new interface then? :(
Edit: the "old interface" version numbers are still increasing along with the new interface version numbers. Why is the old interface being updated if it's not supported?
-
Hi rarson,
The bug has been fixed in RogueKiller latest release.
V12.2.1 05/16/2016
=================
- Added detections
- Fixed transfer progress reset
- Updated translations
- Fixed UI hangs bug in old GUI
You can continue to use the old interface. :)
Edit: the "old interface" version numbers are still increasing along with the new interface version numbers. Why is the old interface being updated if it's not supported?
Version numbers are linked to RogueKiller's core, not the interface used.
Regards.
-
Awesome, thanks so much!
-
Hi rarson,
You are very welcome.
Regards.
-
Hi there. I'm still suffering the bsod. Last current version used. Win10 1511 x64 up to date. The scan is ok until the "scanning disk" phase, then bsod. Memory dump in the attachment. Thank you!
-
Hi graphixillusion,
The driver has been entirely rewritten. I'm really sorry you are still experiencing BSODs.
We will investigate this issue as soon as possible.
Regards.
-
I am having a new problem recently using the old interface. It doesn't seem to be hanging, but after the scan completes, none of the results show. Attached is a picture of the problem. Each tab displays blank underneath it like shown.
-
Hi rarson,
Thanks for your feedback.
We will investigate this issue.
Edit : Could you please tell me if any infection is detected ?
Regards.
-
Hi graphixillusion,
The driver has been entirely rewritten. I'm really sorry you are still experiencing BSODs.
We will investigate this issue as soon as possible.
Regards.
So any news about it? Thank you!
-
Hi graphixillusion,
The dump didn't provide any useful infomation.
Could you please download RogueKiller latest version and run it using the -nodriver command line argument ?
Regards.
-
Hi graphixillusion,
The dump didn't provide any useful infomation.
Could you please download RogueKiller latest version and run it using the -nodriver command line argument ?
Regards.
I just did a test as you said. The scan with the "-nodriver" flag is ok and the scan complete successfully. With the normal behaviour the program crash the system when the scan reaches the "scanning disk" phase at the end. I upload the log about the disks with the "-nodriver" option active.
-
Hi graphixillusion,
There is probably a component on your system that is messing with the rootkit scan.
Unfortunately, this is really difficult to troubleshoot since this occurs very rarely.
Since we cannot fix this, I will advice you to only run RoguKiller with the -nodriver switch. This will limit the scan, but stay powerful enough for most of the malware.
Regards.
-
Ok, thank you for support!
-
Hi graphixillusion,
You are welcome,
I'm sorry, I was not able to make it working, though.
Regards.
-
Hi,
I have a strange issue with Win7 ( up to date ):
I wanted to scan PC just after having downloaded a " suspicious " file. ( not having run it )
so, I tested it first with AVG and malwarebytes : nothing found
I then launched Roguekiller, and caught a WIN7 severe alert ( the green tab on the low right ) telling me win found something and cares for.
so, win made its job and asked me to restart the machine.
so far, so good, I restarted and relaunched Rogue.
Here is the issue : after some times, Win7 detects "something " and cares for it - no need to restart.
but 3 or 4 seconds later Roguekiller stops, without any report shown. It also disappears from the task manager screen.
I uninstalled rogue and reinstalled it ( one never knows ) but the issue is still here @ the same moment.
Now, ... about me , just consider me as a gentle idiot : ask me what you want BUT you'll have to explain how to do it and where to find it.
I'm just a computer user ...
so, please be very clear and patient.
Thanks for the help
Alain
-
Hi Alain,
Welcome to Adlice.com Forum.
Is your native language french ? If that's the case, no need for translation. :)
Which version of RogueKiller are your running (current version is 12.10.1) ?
Could you please tell me if you are running Windows 7 32-bit or 64-bit version ?
Regards.
-
Hi, Curson
merci pour l'accueil , pour le langage, c'est au choix ... en bon Auvergnat de souche ... on peut essayer le patois local ???
naaann ... je plaisante.
bon, il s'agit de win 7 64 bits et roguekiller est la derniere version soit la 12.10.1.0
au cas où tu souhaiterais vivre dangereusement, je pourrai te donner le site où l'on trouve ça ... un site bien innocent de bidouilleur d'électronique Espagnol ...
Regards
Alain
-
Bonjour,
Téléchargez ProcDump64 (http://live.sysinternals.com/procdump64.exe) et enregistrez-le sur votre bureau.
Lancez une "Invite de commandes" en tant qu'administrateur et copiez/collez la commande ci-dessous et validez :
"%USERPROFILE%\Desktop\procdump64.exe" -e -h -l -ma -accepteula -t -w RogueKiller64.exe "C:\RogueKiller.dmp"
Laissez la fenêtre ouverte.
Relancez un scan avec RogueKiller.
Lorsque le logiciel va crasher, l'Invite de commandes va se fermer et un nouveau fichier nommé RogueKiller.dmp va apparaître à la racine de votre disque système (C:\).
Uploadez-le sur Google Drive/Dropbox et postez le lien dans votre prochaine réponse.
Meilleures salutations.
-
Bonsoir,
ce ne fut pas de la tarte ...
bon, j'ai bien exécuté ce qui était dit, mais il y a eu un truc bizarre dans la fenètre de commande.
ça m'a indiqué que le fichier de 128 M avait été rempli en 0.4s ...
ensuite, c'est revenu à l'invite de départ
j'ai laissé tourner et ça s'est encore arrèté vers le mème point (+/- 12mn)
je comprends que le dump soit indiscret : y'a plein de trucs confidentiels, là dedans ...
voici le lien donné par google drive :
RogueKiller.zip (file://AURORE-PC/Users/Aurore/Google%20Drive/RogueKiller.zip)
Alain
-
Bonjour,
Il s'agit d'un lien local (file://AURORE-PC).
Pouvez-vous me donner le lien publique ?
Meilleures salutations.
-
Bonjour Curson
en cherchant un peu j'ai trouvé ça ... apparemment va falloir que je me recycle: l'ère des modes d'emploi papier semble révolue ::) .
https://drive.google.com/file/d/0B8lXJOWQlhLURTZxWXE5YjlqTDA/view?usp=sharing
je laisse l'ordi suspect à l'arret au maximum ...
un truc me revient : il apparaît - pas à tous les coups - une fenètre Windows -semblant authentique - qui me dit qu'il aimerait bien examiner un fichier, avec un bouton pour passer en mode admin et visualiser le nom du fichier à envoyer ...
le premier coup c'était un vieux driver de carte son soundblaster live, alors j'ai pas trop tiqué vu l'âge ( +/- 20 ans de la bète ) ...
je vous donnerai le second quand je rallumerai.
mais bon ... la paranoïa gagne du terrain ...
j'ai déjà un ordi au tapis très probablement à cause à cause de ce f...u fichier ( que j'avais malheureusement ouvert ). celui-là sera remonté à zéro ( c'était le mien ): une carte graphique qui affiche des pointillés, puis 2 belles barres verticales jaunes + BIOS de CM pourri.
et je ne tiens pas à réutiliser le HDD qui y était ... un formatage LL arriverait il à le nettoyer ???
voilà pour les nouvelles et merci encore de votre soutien.
Alain
-
Bonjour Alain,
Merci pour le dump.
Nous allons l'analyser et vous donneront les résultats dès que possible.
un truc me revient : il apparaît - pas à tous les coups - une fenètre Windows -semblant authentique - qui me dit qu'il aimerait bien examiner un fichier, avec un bouton pour passer en mode admin et visualiser le nom du fichier à envoyer
Pouvez-vous réaliser une capture de cette fenêtre et l'attacher avec votre prochaine réponse ?
mais bon ... la paranoïa gagne du terrain ...
j'ai déjà un ordi au tapis très probablement à cause à cause de ce f...u fichier
et je ne tiens pas à réutiliser le HDD qui y était ... un formatage LL arriverait il à le nettoyer
Le comportement de RogueKiller est causé par un bug et non par une infection.
Oui, un formatage supprimera l'intégralité des données présentes sur le HDD.
Meilleures salutations.
-
Bonjour Curson
quelques nouvelles : j'ai laissé tourner le PC tranquillement : pas de détections ni d'écran de demande de la part de windows.
- lancé windows essentials : il m'a trouvé quelques bricoles: win32 Poweressere.D, Virgof.A, Orsam!rts,bumat , Dynamer et a déclenché AVG qui m'a demandé un redémarrage.
dommage, il ne m'a pas gardé le nom des coupables ( présumés ... )
par contre je n'ai pas refait tourner Roguekiller.
Bonne journée
Alain
-
I have a Windows 7 machine that RK portable x64 keeps crashing on. I'm a little confused with creating a process dump... I'm probably wrong here but my thinking is if the process crashes, how can I make a dump of something that's no longer running? It takes about 15-20 minutes+ as I haven't been sitting there waiting for it to crash, it just crashed about 5 or 6 times before I figured I'd reach out.
Original issue has to do with dns failing to resolve when Malwarebytes is installed (this is the 8th machine I've seen since last Thursday presenting this issue). We set static IP addresses and removed Malwarebytes and the computers can load a web page again. I can connect using a backup RAT, once I set static dns I can get in with TeamViewer again but the web pages aren't loading until I run JRT and RK (I wasn't really paying attention to which one seems to have resolved the issue), I think JRT but I'm not certain.
-
Hi Ufdah,
ProcDump monitors the targeted process and interrupts its execution when certain system calls are made. At this point, the dump of the process is made, then the process execution is resumed, leading to the crash.
If you need any help with the process dump creation, don't hesitate to ask.
Regards.
-
Thanks, learned something!
Here's the output from our elevated command prompt (attached image).
-
Hi Ufdah,
According to the output you provided, ProcDump succesfully found RogueKiller process, but the process exited succesfully, that's why the dump wasn't created.
Could you please retry ?
Regards.
-
Hi! Here's my dmp (BSoD)
-
Hi kram,
Welcome to Adlice.com Forum.
Your computer is infected. Could you please open a new thread in the Malware Removal section (http://Malware Removal section) of the forum ?
Regards.