Adlice forum

Software feedback => RogueKiller => Topic started by: Tigzy on November 24, 2014, 09:50:25 am

Title: ==> Crash/Hang/Block, please come here <==
Post by: Tigzy on November 24, 2014, 09:50:25 am
Hello
If you have a problem of RogueKiller crashing, please do the following:

---------------

Note on July, 30th 2015:
Just to let you know (I'll update the main post as well) that every BSOD issue will not be fixed now, for a very good reason:
We are in the process of redoing the driver from scratch for better performance and stability.

The driver is the thing that would cause 99% of the BSOD you encounter with (and caused by) RogueKiller, so hopefully once the new version of the driver is out the problem will be gone. Please be patient.

As a workaround you can switch driver off with -nodriver command line, or for Premium users by unchecking the Kernel driver in settings.

---------------

1. BSoD (Blue Screen), this is a driver crash:

2. Application crash:

2.1 Application crash, manual dump:

3. Application is blocked/hangs on something:

Thanks!
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Jhfiama on November 29, 2014, 04:11:38 pm
BSOD with the latest version of Roguekiller. Previous version work fine.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: HolidayRobin on November 30, 2014, 07:46:51 pm
After the pre-scan, the scan hangs at 62%. It will hang there indefinitely. Here is the dropbox link.

https://www.dropbox.com/s/rkbkdpxqvy46mzs/RogueKiller%20%282%29.zip?dl=0
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Tigzy on December 01, 2014, 08:46:35 am
Thanks, dumps will be analyzed.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Tigzy on December 01, 2014, 11:15:42 am
@HolidayRobin, could you tell me which version you used? The old GUI or the new one?
Looks like the file has been changed when you downloaded it. Can you upload the file RogueKiller (2).exe to Virus Total and give the link?
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: bucktail on December 03, 2014, 02:28:12 am
Version 10.0.6 worked fine but 10.0.8 freezes at checking hidden processes during initialization.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Tigzy on December 03, 2014, 10:28:32 am
@bucktail, could you make a dump when it hangs?
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Tomas_Sweden on December 06, 2014, 08:58:29 am
BSOD with the latest version of Roguekiller (RogueKillerX64 10.0.8.0)
I have Windows 7 Home Premium SP1 64-bit.
I have attached a minidump

Tomas
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: brewfan9 on December 26, 2014, 09:33:57 pm
I am getting a BSOD (0x0000007e (0xffffffffc0000005, 0xfffff80002e81b74, 0xfffff880033a0ea8, 0xfffff880033a0700) running most recent version of rogue killer.
DMP file:
https://onedrive.live.com/redir?resid=8B8D493102488C1A!8577&authkey=!AGC0cJs5ZfOzYMY&ithint=file%2czip (https://onedrive.live.com/redir?resid=8B8D493102488C1A!8577&authkey=!AGC0cJs5ZfOzYMY&ithint=file%2czip)


Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: ericthobbs on December 28, 2014, 12:35:38 am
Hi, RogueKiller crashed on XP.
Latest build as of today.

https://www.dropbox.com/s/ah8zgpz4fm1slhj/RK-Mini122714-01.dmp?dl=0
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Tigzy on December 29, 2014, 10:35:24 am
Thanks I'll take a look.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: brewfan9 on December 29, 2014, 03:21:00 pm

I Ran "procdump -e -w -ma RogueKillerX64.exe" Still received the same 0x0000007e (0xffffffffc0000005, 0xfffff80002ed9b74, 0xfffff880033aeea8, 0xfffff880033ae700)

Below is the minidump from "c:\windows\minidump" on a Dell E6540 & Dell E6420(both x64) Windows 7 Enterprise, AV is SCEP

https://onedrive.live.com/redir?resid=8B8D493102488C1A!8682&authkey=!AIy7oO7zDm5jobQ&ithint=file%2czip (https://onedrive.live.com/redir?resid=8B8D493102488C1A!8682&authkey=!AIy7oO7zDm5jobQ&ithint=file%2czip)

RogueKiller.exe(x32) runs fine
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: ericthobbs on January 20, 2015, 08:14:24 am
Another crash. I was told it crashed (BSOD) as soon as RogueKiller was started, however I cannot verify when exactly it crashed.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Tigzy on January 20, 2015, 08:30:30 am
Eric, BSoD can only be related to driver loading...
So yes in the beginning makes sense.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Gumby on February 10, 2015, 11:22:47 am
minidump - bsod  - RKx64 crashing on initialization - help please....
Thanks.....
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on February 10, 2015, 03:13:30 pm
Hi Gumby,

Welcome to Adlice.com Forum.
Thanks for the feedback. The minidump you provided will be examined in order to troubleshoot the issue.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: mist63 on February 27, 2015, 10:39:32 am
Hello,
I'm stuck with TR.Gootkit and proc.svchost found on a w2003 SP2 server for at least 2 weeks. At 1st it used to scan correctly and remove those infections. Trouble is that these virus kept on coming back, I just can't get rid of them.
But since I updated to the newest version 10.4.3.0 (and even with 10.4.1 I believe), Roguekiller hangs during pre-scan at 80%, always.
I also get an "error opening process" when I try to get a full dump with Process Explorer.
I used to hang on NAVENG service, and now it hangs on NAVEX15 service.
FYI Symantec Endpoint Protection client v12 is installed and running on this server. Roguekiller seems to detect Symantec as false positive as well.
Find attached screenshots (doc file) and logs, though no more logs since the 19th of february, since roguekiller hangs during prescan.
I hope you can help me since I'm stuck?
Best regards
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on February 27, 2015, 12:59:49 pm
Hi mist63,

Welcome to Adlice.com Forum!

Could you please try starting RogueKiller with option -nokill ?
Is the server a critical one ? If that's the case, I strongly encourage you to do a full system reinstall.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: mist63 on February 27, 2015, 02:48:34 pm
Hi Curson,
Thanks for your answer, it works fine with the -nokill option.
To do a full system reinstall would be my last choice...
It found Tr.gootkit and proc.svchost once again, though I do not think it's the right place to post here?
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on February 27, 2015, 03:06:03 pm
Hi mist63,

Yes, indeed. Could you please open a new threat in the RogueKiller section ?
Il will help you there.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: quavas on April 06, 2015, 06:12:43 pm
Hello !

I have a BSoD crash when I try to scan for the first time. I have attached the dumpfile.

Thanks for your help.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on April 07, 2015, 11:01:27 pm
Hi quavas,

Welcome to Adlice.com Forum.

A new version of RogueKiller was released today.
Could you please give it a try ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: shiftyphil on April 23, 2015, 09:16:17 am
Hi,

I'm getting a blue screen, while scanning processes.

Windows 7 SP1 x64, RougueKiller 10.6.00 x64

-Phil
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on April 23, 2015, 09:44:26 pm
Hi Phil,

Welcome to Adlice.com Forum.
Thank you for reporting this bug. This will be inspected as soon as possible.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: shiftyphil on April 24, 2015, 02:46:27 am
Some further investigation has revealed that quitting motherboard's monitoring software  (Gigabyte EasyTune 6) before running RogueKiller prevents the crash.
It was hiding in the system tray so I hadn't realized it was even running.

-Phil
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on April 24, 2015, 08:36:19 am
Hi Phil,

Thanks for the feedback.

Could you please launch RogueKiller using the "-nokill" switch while Gigabyte EasyTune is running ?
If no BSOD occure, please do a full scan and post the rapport obtained.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: shiftyphil on April 27, 2015, 04:10:08 am
BSOD again, even with -nokill

-Phil
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on April 27, 2015, 10:12:54 pm
Hi Phil,

Thanks for giving RogueKiller latest version a try.
Since the -nokill switch didn't change anything, it's more than likely a problem related to the driver.

The informations you provided will be very useful in the investigation of this bug.
Thanks again.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: cinder on June 19, 2015, 05:35:08 am
Hi there,

Getting BSOD during pre-check using Rogue Killer debug version (normal version gets stuck on initialization).

Please see link for minidump file:

[dump removed]

Please advise, thank you.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on June 19, 2015, 11:29:23 am
Hi cinder,

Welcome to Adlice.com Forum.

Thanks for bringing this problem to our attention.
We will proceed to the analysis of the minidump you provided to troubleshoot it.


Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: cinder on June 20, 2015, 03:54:29 am
Many thanks :)
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on June 21, 2015, 05:57:06 pm
Hi cinder,

You are very welcome.  ;)

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: cinder on June 24, 2015, 01:27:24 am
Hi Curson,

Any progress with this issue at all?

Thanks,
- Natalie.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on June 24, 2015, 10:53:38 pm
Hi Natalie,

RogueKiller was updated lately.
Could you please give this latest version a try ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: cinder on June 25, 2015, 05:09:11 am
Hi,
I'm using 10.8.4.0, is there a later version than this?
- Thanks.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: cinder on June 25, 2015, 05:22:19 am
I have just run version 10.8.6.0 and it still causes the BSOD. I was watching to see which process it was currently checking and it was taskeng.exe, not sure if that helps. Dump seems to be the same.

I did some of my own analysis:

WHEA_UNCORRECTABLE_ERROR (124)
A fatal hardware error has occurred. Parameter 1 identifies the type of error source that reported the error. Parameter 2 holds the address of the WHEA_ERROR_RECORD structure that describes the error conditon.
Arguments:
Arg1: 0000000000000000, Machine Check Exception
Arg2: fffffa8011fbe8f8, Address of the WHEA_ERROR_RECORD structure.
Arg3: 0000000000000000, High order 32-bits of the MCi_STATUS value.
Arg4: 0000000000000000, Low order 32-bits of the MCi_STATUS value.

Debugging Details:
------------------


BUGCHECK_STR:  0x124_GenuineIntel

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

PROCESS_NAME:  System

CURRENT_IRQL:  0

ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre

STACK_TEXT: 
fffff880`039935b0 fffff800`03912cb9 : fffffa80`11fbe8d0 fffffa80`0ca53040 00000000`00000001 00000000`00000000 : nt!WheapCreateLiveTriageDump+0x6c
fffff880`03993ad0 fffff800`037f3157 : fffffa80`11fbe8d0 fffff800`0386d2d8 fffffa80`0ca53040 00000000`00000000 : nt!WheapCreateTriageDumpFromPreviousSession+0x49
fffff880`03993b00 fffff800`0375a505 : fffff800`038ced00 00000000`00000001 00000000`00000000 fffffa80`0ca53040 : nt!WheapProcessWorkQueueItem+0x57
fffff880`03993b40 fffff800`036cfa95 : fffff880`01850400 fffff800`0375a4e0 fffffa80`0ca53000 00000000`00000000 : nt!WheapWorkQueueWorkerRoutine+0x25
fffff880`03993b70 fffff800`03964b8a : 00000000`00000000 fffffa80`0ca53040 00000000`00000080 fffffa80`0ca1a9e0 : nt!ExpWorkerThread+0x111
fffff880`03993c00 fffff800`036b78e6 : fffff880`03774180 fffffa80`0ca53040 fffff880`0377f0c0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a
fffff880`03993c40 00000000`00000000 : fffff880`03994000 fffff880`0398e000 fffff880`03993560 00000000`00000000 : nt!KxStartSystemThread+0x16


STACK_COMMAND:  kb

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: GenuineIntel

IMAGE_NAME:  GenuineIntel

DEBUG_FLR_IMAGE_TIMESTAMP:  0

IMAGE_VERSION: 

FAILURE_BUCKET_ID:  X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV

BUCKET_ID:  X64_0x124_GenuineIntel_PROCESSOR_MAE_PRV

ANALYSIS_SOURCE:  KM

FAILURE_ID_HASH_STRING:  km:x64_0x124_genuineintel_processor_mae_prv

FAILURE_ID_HASH:  {435e2195-e498-1e77-0526-f8d7450275e5}

Followup: MachineOwner
___

===============================================================================
Common Platform Error Record @ fffffa8011fbe8f8
-------------------------------------------------------------------------------
Record Id     : 01d0683f2e8df525
Severity      : Fatal (1)
Length        : 928
Creator       : Microsoft
Notify Type   : Machine Check Exception
Timestamp     : 3/27/2015 3:36:20 (UTC)
Flags         : 0x00000002 PreviousError

===============================================================================
Section 0     : Processor Generic
-------------------------------------------------------------------------------
Descriptor    @ fffffa8011fbe978
Section       @ fffffa8011fbea50
Offset        : 344
Length        : 192
Flags         : 0x00000001 Primary
Severity      : Fatal

Proc. Type    : x86/x64
Instr. Set    : x64
Error Type    : Micro-Architectural Error
Flags         : 0x00
CPU Version   : 0x00000000000306c3
Processor ID  : 0x0000000000000000

===============================================================================
Section 1     : x86/x64 Processor Specific
-------------------------------------------------------------------------------
Descriptor    @ fffffa8011fbe9c0
Section       @ fffffa8011fbeb10
Offset        : 536
Length        : 128
Flags         : 0x00000000
Severity      : Fatal

Local APIC Id : 0x0000000000000000
CPU Id        : c3 06 03 00 00 08 10 00 - ff fb fa 7f ff fb eb bf
                00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
                00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00

Proc. Info 0  @ fffffa8011fbeb10

===============================================================================
Section 2     : x86/x64 MCA
-------------------------------------------------------------------------------
Descriptor    @ fffffa8011fbea08
Section       @ fffffa8011fbeb90
Offset        : 664
Length        : 264
Flags         : 0x00000000
Severity      : Fatal

Error         : Internal unclassified (Proc 0 Bank 1)
  Status      : 0xbf80000000200401
  Address     : 0x00000000fee00000
  Misc.       : 0x0000000000000086
_________________________________________________________________________
So is this indicating an issue with my CPU? I'm now worried!

By the way, the BSOD occurs on random process scans, not just the one I mentioned earlier. so that taskeng.exe is unrelated.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: cinder on June 25, 2015, 09:01:08 am
I have removed the offending software, which turned out to be Gigabyte utilities for my motherboard. FYI for future reference if anyone else is having this issue.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on June 25, 2015, 10:21:25 pm
Hi Natalie,

Thanks for the heads-up.
RogueKiller's driver is currently refactored. We will do our best to ensure compatibility with Gigabyte software in the future.

Thanks again.
Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: fred3 on July 16, 2015, 09:23:10 pm
RK won't run.
procdump failed when trying to capture the RK crash.
Here is the error:[img][img]
NOTE: the failing program is called "anti~mal~ware tool" instead of RogueKiller!!  ??
This on Windows XP Home 32 on AMD 32.  Panda running.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 16, 2015, 10:20:55 pm
Hi fred3,

Welcome to Adlice.com Forum.
Could you please repost the image showing procdump failling attempt ? You didn't include the link in your previous post.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: fred3 on July 17, 2015, 01:44:04 am
Here they are:
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 18, 2015, 12:54:27 am
Hi fred3,

That's problematic.
Is your system up-to-date ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: fred3 on July 18, 2015, 05:20:46 am
Yes, the system is completely up to date....
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: fred3 on July 19, 2015, 05:36:27 pm
I'm beginning to think that there's an incompatibility with this hardware and the most recent RogueKiller.
A very similar issue exists with the latest Malwarebytes.
See:
https://forums.malwarebytes.org/index.php?/topic/170525-malwarebytes-anti-malware-version-2181057-is-not-working/
Note that they have developed a workaround (I"ve not tested it yet).

On this system:
Google Chrome (the latest) will not install and the installer says it's incompatible with the hardware.
Firefox will install.  Bitdefender will install.  They both work fine.
Malwarebytes, in an older version will install and run but not the latest version.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Tigzy on July 21, 2015, 09:36:53 am
Hello Fred3, could you say if you see the same crash happening with OLD RogueKiller interface?
Can you tell me what Processor is your machine?
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: fred3 on July 21, 2015, 06:55:21 pm
The processor is an AMD 32 bit.  Something like an AMD XP 3200+ I believe.

I'm not sure what the "old interface" is.... ?

Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 22, 2015, 04:31:32 pm
Hi fred3,

The old interface is not using the QT Toolkit but the Win32 API.
Could you please download this version (http://www.adlice.com/download/roguekiller-oldgui-32/?wpdmdl=2500) and give it a try ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: fred3 on July 23, 2015, 01:49:06 am
Yes.  The old one works on this computer.
Thanks.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 23, 2015, 11:57:22 am
Hi fred3,

I'm glad to read this.
Could you please stick to the version with the old interface until we troubleshoot the problem you encountered with the new one ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: fred3 on July 23, 2015, 04:48:38 pm
Yes.  Thank for the help!
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 23, 2015, 06:27:24 pm
Hi fred3,

You are very welcome.
I will let you know of the outcome of our investigation.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: graphixillusion on July 27, 2015, 03:37:59 pm
Hi there. I'm running the last version of roguekiller x64 under windows 8.1 pro wmc x64 and i'm receiving bsod. I always used roguekiller and i never got this stuff. I'll upload the minidump in here. Thank you!
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 28, 2015, 12:35:44 am
Hi graphixillusion,

Welcome to Adlice.com Forum.

Thanks for bringing this problem to our attention.
We will proceed to the analysis of the minidump you provided as soon as possible.


Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Tigzy on July 30, 2015, 11:54:17 am
Hello,
Just to let you know (I'll update the main post as well) that every BSOD issue will not be fixed now, for a very good reason:
We are in the process of redoing the driver from scratch for better performance and stability.

The driver is the thing that would cause 99% of the BSOD you encounter with (and caused by) RogueKiller, so hopefully once the new version of the driver is out the problem will be gone. Please be patient.

As a workaround you can switch driver off with -nodriver command line, or for Premium users by unchecking the Kernel driver in settings.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: WD-40 on September 04, 2015, 05:16:47 pm
running windows 10
I can run RogueKiller_DEBUG previous version.
I can run RogueKiller newest version in 32bit
I can't run RogueKiller 64bit any version.
64bit versions crash (blue screen) within seconds of starting the app, so there is no dmp from RogueKiller.
windows minidump included
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on September 07, 2015, 01:49:08 pm
Hi WD-40.

Welcome to Adlice.com Forum.

According to the minidump you provided, the crash is caused by a driver issue.
However, we won't be able to correct it since we are in the process of redoing the driver from scratch for better performance and stability.

You can still use the 64-bit version of RogueKiller using the "-nodriver" switch.
If you need help with the tool, please refer to the official tutorial (http://www.adlice.com/softwares/roguekiller/roguekiller-official-tutorial/).

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Ammako on April 26, 2016, 03:14:55 am
Latest version of RogueKiller

What if I am -not- getting a BSoD, but my entire computer is freezing?
Granted, I never let it sit there for several minutes before seeing if it would blue screen, but every time, it consistently freezes my entire computer when it gets to Antirootkit Scanner and I have to hit the reset button.

Scan completed fine in Safe mode, but driver was off when in safe mode.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on April 26, 2016, 01:54:38 pm
Hi Ammako,

Could you please give me the name and full path of the process displayed when the system hang ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: rarson on May 11, 2016, 12:47:38 am
I am using the old version of Roguekiller (I don't really care for the new interface) and I'm having a problem with it on most computers. It usually gets to around 50% before the interface freezes. I can open up Task Manager and see that Roguekiller is still doing something, I can move the Roguekiller window around as well. But I can't get the Stop button to work.

If I leave it sit for a while (>10 minutes), the stop button eventually functions. If I leave it sit even longer, Roguekiller will eventually finish its scan. It usually takes longer than 30 minutes for it to "snap out of it." This happens on 32- and 64-bit versions of Windows 7, 8, and 10. Task Manager shows Roguekiller's CPU usage, RAM usage, and disk usage changing the entire time, so like I said, it still appears to be doing something even when the interface is frozen.

I never had this problem with the versions of Roguekiller prior to the interface change, nor with the new interface, but as I stated, I don't like the new interface so I switched over to using the "old" versions shortly after the new interface was released. I just updated to 12.2.0.0 and I'm still having this problem on pretty much every computer.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on May 11, 2016, 04:16:05 pm
Hi rarson,

Welcome to Adlice.com Forum.

I was able to reproduce the issue on my end.
However, the old interface is not really updated anymore, so I can't promise we will be able to fix it.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: rarson on May 19, 2016, 05:54:42 pm
Okay, thanks. So only option is to use the new interface then?   :(

Edit: the "old interface" version numbers are still increasing along with the new interface version numbers. Why is the old interface being updated if it's not supported?
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on May 20, 2016, 02:05:12 pm
Hi rarson,

The bug has been fixed in RogueKiller latest release.
Quote
V12.2.1 05/16/2016
=================
- Added detections
- Fixed transfer progress reset
- Updated translations
- Fixed UI hangs bug in old GUI
You can continue to use the old interface.  :)

Quote from: rarson
Edit: the "old interface" version numbers are still increasing along with the new interface version numbers. Why is the old interface being updated if it's not supported?
Version numbers are linked to RogueKiller's core, not the interface used.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: rarson on May 24, 2016, 08:26:21 pm
Awesome, thanks so much!
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on May 24, 2016, 08:51:17 pm
Hi rarson,

You are very welcome.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: graphixillusion on June 10, 2016, 09:33:47 pm
Hi there. I'm still suffering the bsod. Last current version used. Win10 1511 x64 up to date. The scan is ok until the "scanning disk" phase, then bsod. Memory dump in the attachment. Thank you!
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on June 12, 2016, 11:26:33 pm
Hi graphixillusion,

The driver has been entirely rewritten. I'm really sorry you are still experiencing BSODs.
We will investigate this issue as soon as possible.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: rarson on June 24, 2016, 02:52:42 pm
I am having a new problem recently using the old interface. It doesn't seem to be hanging, but after the scan completes, none of the results show. Attached is a picture of the problem. Each tab displays blank underneath it like shown.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on June 24, 2016, 03:24:16 pm
Hi rarson,

Thanks for your feedback.
We will investigate this issue.

Edit : Could you please tell me if any infection is detected ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: graphixillusion on July 02, 2016, 05:14:45 am
Hi graphixillusion,

The driver has been entirely rewritten. I'm really sorry you are still experiencing BSODs.
We will investigate this issue as soon as possible.

Regards.

So any news about it? Thank you!
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 04, 2016, 02:11:15 pm
Hi graphixillusion,

The dump didn't provide any useful infomation.
Could you please download RogueKiller latest version and run it using the -nodriver command line argument ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: graphixillusion on July 04, 2016, 09:18:35 pm
Hi graphixillusion,

The dump didn't provide any useful infomation.
Could you please download RogueKiller latest version and run it using the -nodriver command line argument ?

Regards.

I just did a test as you said. The scan with the "-nodriver" flag is ok and the scan complete successfully. With the normal behaviour the program crash the system when the scan reaches the "scanning disk" phase at the end. I upload the log about the disks with the "-nodriver" option active.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 04, 2016, 10:01:36 pm
Hi graphixillusion,

There is probably a component on your system that is messing with the rootkit scan.
Unfortunately, this is really difficult to troubleshoot since this occurs very rarely.

Since we cannot fix this, I will advice you to only run RoguKiller with the -nodriver switch. This will limit the scan, but stay powerful enough for most of the malware.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: graphixillusion on July 04, 2016, 10:39:44 pm
Ok, thank you for support!
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 04, 2016, 11:35:13 pm
Hi graphixillusion,

You are welcome,
I'm sorry, I was not able to make it working, though.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Acetronics on March 21, 2017, 02:00:57 pm
Hi,

I have a strange issue with Win7 ( up to date ):

I wanted to scan PC just after having downloaded a " suspicious " file. ( not having run it )

so, I tested it first with AVG and malwarebytes : nothing found

I then launched Roguekiller, and caught a WIN7 severe alert ( the green tab on the low right ) telling me win found something and cares for.

so, win made its job and asked me to restart the machine.


so far, so good, I restarted and relaunched Rogue.

Here is the issue : after some times, Win7 detects "something " and cares for it - no need to restart.

but 3 or 4 seconds later Roguekiller stops, without any report shown. It also disappears from the task manager screen.

I uninstalled rogue and reinstalled it ( one never knows ) but the issue is still here @ the same moment.

Now, ... about me , just consider me as a gentle idiot : ask me what you want BUT you'll have to explain how to do it and where to find it.
I'm just a computer user ...
so, please be very clear and patient.

Thanks for the help

Alain
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on March 21, 2017, 02:34:29 pm
Hi Alain,

Welcome to Adlice.com Forum.
Is your native language french ? If that's the case, no need for translation. :)

Which version of RogueKiller are your running (current version is 12.10.1) ?
Could you please tell me if you are running Windows 7 32-bit or 64-bit version ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Acetronics on March 21, 2017, 04:40:21 pm
Hi, Curson

merci pour l'accueil , pour le langage, c'est au choix ... en bon Auvergnat de souche ... on peut essayer le patois local ???
naaann ... je plaisante.

bon, il s'agit de win 7 64 bits et roguekiller est la derniere version soit la 12.10.1.0

au cas où tu souhaiterais vivre dangereusement, je pourrai te donner le site où l'on trouve ça ... un site bien innocent de bidouilleur d'électronique Espagnol ...

Regards
Alain
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on March 21, 2017, 05:27:25 pm
Bonjour,

Téléchargez ProcDump64 (http://live.sysinternals.com/procdump64.exe) et enregistrez-le sur votre bureau.
Lancez une "Invite de commandes" en tant qu'administrateur et copiez/collez la commande ci-dessous et validez :
Quote
"%USERPROFILE%\Desktop\procdump64.exe" -e -h -l -ma -accepteula -t -w RogueKiller64.exe "C:\RogueKiller.dmp"
Laissez la fenêtre ouverte.

Relancez un scan avec RogueKiller.
Lorsque le logiciel va crasher, l'Invite de commandes va se fermer et un nouveau fichier nommé RogueKiller.dmp va apparaître à la racine de votre disque système (C:\).

Uploadez-le sur Google Drive/Dropbox et postez le lien dans votre prochaine réponse.

Meilleures salutations.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Acetronics on March 21, 2017, 08:33:56 pm
Bonsoir,

ce ne fut pas de la tarte ...

bon, j'ai bien exécuté ce qui était dit, mais il y a eu un truc bizarre dans la fenètre de commande.

ça m'a indiqué que le fichier de 128 M avait été rempli en 0.4s ...

ensuite, c'est revenu à l'invite de départ

j'ai laissé tourner et ça s'est encore arrèté vers le mème point (+/- 12mn)

je comprends que le dump soit indiscret : y'a plein de trucs confidentiels, là dedans ...

voici le lien donné par google drive :

RogueKiller.zip (file://AURORE-PC/Users/Aurore/Google%20Drive/RogueKiller.zip)

Alain
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on March 21, 2017, 09:21:41 pm
Bonjour,

Il s'agit d'un lien local (file://AURORE-PC).
Pouvez-vous me donner le lien publique ?

Meilleures salutations.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Acetronics on March 22, 2017, 08:49:30 am
Bonjour Curson

en cherchant un peu j'ai trouvé ça ... apparemment va falloir que je me recycle: l'ère des modes d'emploi papier semble révolue  ::) .

https://drive.google.com/file/d/0B8lXJOWQlhLURTZxWXE5YjlqTDA/view?usp=sharing

je laisse l'ordi suspect à l'arret au maximum ...

un truc me revient : il apparaît - pas à tous les coups - une fenètre Windows -semblant authentique - qui me dit qu'il aimerait bien examiner un fichier, avec un bouton pour passer en mode admin et visualiser le nom du fichier à envoyer ...
le premier coup c'était un vieux driver de carte son soundblaster live, alors j'ai pas trop tiqué vu l'âge ( +/- 20 ans de la bète ) ...
je vous donnerai le second quand je rallumerai.

mais bon ... la paranoïa gagne du terrain ...

j'ai déjà un ordi au tapis très probablement à cause à cause de ce f...u fichier ( que j'avais malheureusement ouvert ). celui-là sera remonté à zéro ( c'était le mien ): une carte graphique qui affiche des pointillés, puis 2 belles barres verticales jaunes + BIOS de CM pourri.
et je ne tiens pas à réutiliser le HDD qui y était ... un formatage LL arriverait il à le nettoyer ???

voilà pour les nouvelles et merci encore de votre soutien.

Alain

Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on March 22, 2017, 03:07:14 pm
Bonjour Alain,

Merci pour le dump.
Nous allons l'analyser et vous donneront les résultats dès que possible.

Quote from: Acetronics
un truc me revient : il apparaît - pas à tous les coups - une fenètre Windows -semblant authentique - qui me dit qu'il aimerait bien examiner un fichier, avec un bouton pour passer en mode admin et visualiser le nom du fichier à envoyer
Pouvez-vous réaliser une capture de cette fenêtre et l'attacher avec votre prochaine réponse ?

Quote from:
mais bon ... la paranoïa gagne du terrain ...
j'ai déjà un ordi au tapis très probablement à cause à cause de ce f...u fichier
et je ne tiens pas à réutiliser le HDD qui y était ... un formatage LL arriverait il à le nettoyer
Le comportement de RogueKiller est causé par un bug et non par une infection.
Oui, un formatage supprimera l'intégralité des données présentes sur le HDD.

Meilleures salutations.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Acetronics on March 27, 2017, 09:59:55 am
Bonjour Curson

quelques nouvelles : j'ai laissé tourner le PC tranquillement : pas de détections ni d'écran de demande de la part de windows.
- lancé windows essentials : il m'a trouvé quelques bricoles: win32 Poweressere.D, Virgof.A, Orsam!rts,bumat , Dynamer et a déclenché AVG qui m'a demandé un redémarrage.
dommage, il ne m'a pas gardé le nom des coupables ( présumés ... )

par contre je n'ai pas refait tourner Roguekiller.

Bonne journée
Alain
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Ufdah on May 15, 2017, 11:28:09 pm
I have a Windows 7 machine that RK portable x64 keeps crashing on. I'm a little confused with creating a process dump... I'm probably wrong here but my thinking is if the process crashes, how can I make a dump of something that's no longer running? It takes about 15-20 minutes+ as I haven't been sitting there waiting for it to crash, it just crashed about 5 or 6 times before I figured I'd reach out.

Original issue has to do with dns failing to resolve when Malwarebytes is installed (this is the 8th machine I've seen since last Thursday presenting this issue). We set static IP addresses and removed Malwarebytes and the computers can load a web page again. I can connect using a backup RAT, once I set static dns I can get in with TeamViewer again but the web pages aren't loading until I run JRT and RK (I wasn't really paying attention to which one seems to have resolved the issue), I think JRT but I'm not certain.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on May 16, 2017, 12:15:53 am
Hi Ufdah,

ProcDump monitors the targeted process and interrupts its execution when certain system calls are made. At this point, the dump of the process is made, then the process execution is resumed, leading to the crash.
If you need any help with the process dump creation, don't hesitate to ask.

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Ufdah on May 18, 2017, 12:13:43 am
Thanks, learned something!

Here's the output from our elevated command prompt (attached image).
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on May 20, 2017, 11:16:07 am
Hi Ufdah,

According to the output you provided, ProcDump succesfully found RogueKiller process, but the process exited succesfully, that's why the dump wasn't created.
Could you please retry ?

Regards.
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: kram on July 13, 2018, 03:21:14 pm
Hi! Here's my dmp (BSoD)
Title: Re: ==> Crash/Hang/Block, please come here <==
Post by: Curson on July 13, 2018, 08:20:47 pm
Hi kram,

Welcome to Adlice.com Forum.
Your computer is infected. Could you please open a new thread in the Malware Removal section (http://Malware Removal section) of the forum ?

Regards.