Adlice forum
Software feedback => RogueKiller PREMIUM => Topic started by: calamityjane on May 31, 2017, 10:30:01 PM
-
Before I spend a lot of time on this, could you kindly verify that these are not false positives.
This is the first time I have ever seen anything detected under the Services category.
They are in the enclosed attachment, and displayed in red zone saying they are dangerous and must be removed.
Many thanks.
cj
-
Hi Calamity,
These are false positives.
Could you please tell me if you disabled the "VirusTotal Analysis" option ?
Regards.
Note : This thread has been moved to the "RogueKiller PREMIUM" section for clarity.
-
Hi Curson,
I'm grateful for your quick reply.
No, "VirusTotal Analysis" option was not ticked.
I've included a screen shot of the scan settings.
If there is anything different that you recommend I change the settings to, please advise.
I'm breathing easier now.
My regards to you.
cj
-
Hi Calamity,
It's strongly adviced to keep the "VirusTotal Analysis" option enabled when using MalPE detection engine.
Could you please enable it, redo a scan and check if the false positives you reported are still detected ?
Regards.
-
I'm doing this right now.
Curiously, I had thought "Virus Total" was included as I have not changed any settings for a long time.
I will report back with updated scan results, asap.
cj
-
OK,
If you are still awake, Curson, et al,
I've re-run RK with Virus Total analysis and included the image attachment-
Results: The same 4 "malware objects", as the previous ones listed.
Should I try to scan again and use the beta malPE analysis?
cj
ps- The only variable I can think of is today's scans are the first scans I've performed since your latest update.
-
Hi Calamity,
Thanks for your feedback.
A bug was spotted that triggers false positives when using MalPE analysis. This will be fixed on RogueKiller next release.
I advice you to disabled it for the time being and wait for the fix before testing it again.
Regards.
-
Hi Curson,
You said-
"A bug was detected.....when using MalPE analysis...."
However, I never used the MalPE option when I scanned.
I've included, again in attachment, what my settings were.
I did rescan, but only using "VirusTotal Analysis" option and NOT the MalPE analysis.
cj
-
Hi Calamity,
RogueKiller next release will be shipped on Monday.
Would you please give it a try and tell me if thoses false positives are still here ?
Regards.
-
Absolutely.
I'll report back when I have the results next week.
Regards,
cj
-
Hi Calamity,
Thanks.
I will wait for your feedback.
Regards.
-
Hi Curson,
I re-ran scan w/today's update.
I've included attachments showing:
1. Detections in "orange" zone (no red, this time)
(slightly different mix of detected objects)
2. Scan settings used
3. Notification bar on Windows
-Something odd I've never seen before, left of normal RK icon was "error" RK icon.
-Following RK update, when I put cursor over this yellow triangle error icon, it said "corrupted file .
-However, eventually, the error icon disappeared on it's own.
If you want me to try anything else, just let me know.
Regards,
cj
-
Hi Calamity,
Thanks for your feedback.
Could you please attach the three executables detected in your next reply ?
Regards.
-
Sorry Curson, I should have included more detail.
Please see attachments & let me know what else I can do.
cj
-
Hi Calamity,
For the time being, we are going to investigate the files detected during the scan and determine why they are not whitelisted by VT database.
I will keep you updated on the results of our investigations.
Regards.
-
Hi Calamity,
A new version of RogueKiller has been released today.
Could you please give it a try and check if those false positives are still present ?
Regards.
-
Hi Curson,
I wanted to let you know that the false MalPE detections are totally gone, with your latest update.
However, I am still getting that icon in the notification area, lower left corner, that says "RogueKiller.exe corrupt file".
Specifically, this error first occurred with last week's update and is only present when downloading new update.
I've included an attachment.
Regards,
cj
-
Hi Calamity,
I'm glad the issue whith MalPE is now solved.
Regarding the issue you described, could you please delete the following folder and check if the message is still displayed :
C:\ProgramData\RogueKiller\Debug
Regards.
-
Hi Curson,
I deleted the "debug" folder.
However, I won't be able to confirm notification status until your next update since this error seems to only show up either during or just after the update.
I will certainly let you know the results.
Also, I wanted to express my deep appreciation for your kind assistance and the good work of all concerned.
Regards,
cj
-
Hi Calamity,
You are very welcome.
I will wait for your feedback.
Regards.