Adlice forum

Software feedback => RogueKiller PREMIUM => Topic started by: sambud on December 23, 2018, 12:54:37 pm

Title: Real Time Protection?
Post by: sambud on December 23, 2018, 12:54:37 pm
Hi, I am a new user and purchased the premium version of this product, and have malwares being detected and quarantined. 

But Just right after I remove them and quarantined.

Another multiple similar names would re-appear just right after I scan after another as if they are being cloned or copied/pasted or by an encoded script.

Is there a real-time protection.  I have also purchased Malwarebytes where it has a real-time protection feature and it automatically blocks trojans, and PUPs, etc.  How can I do the same for this product so I don't have to manually run this software product again every 3 hours or so?

Thank you.
Title: Re: Real Time Protection?
Post by: Curson on December 23, 2018, 04:47:43 pm
Hi sambud,

Thanks for supporting our product and welcome to Adlice.com Forum.
RogueKiller doesn't feature real-time protection features.

However, if your computer is infected, we can help you to get rid of the infection.
Could you please attach latest RogueKiller and Malwarebytes reports with your next reply ?

Regards.

Note : This thread has been moved to the "RogueKiller PREMIUM" section for clarity.
Title: Re: Real Time Protection?
Post by: sambud on December 25, 2018, 12:02:39 am
Apparently my computer is key logged and root kitted.

This remote hacker keeps changing my settings, stealing files.  A criminal in the internet.

I have probably done over 20+ scan and quarantine one after another, and it keeps on regenerating.
I believe this is automated.
Title: Re: Real Time Protection?
Post by: sambud on December 25, 2018, 12:10:06 am
This has to be stopped.  Cyber harassment, trolling, stalking, bullying, cyber thieves must be put to an end.

And here is from MalwareBytes.

Appreciate the reply.
Title: Re: Real Time Protection?
Post by: Curson on December 25, 2018, 05:59:30 pm
Hi sambud,

Your system is clean.

The [PUM.StartMenu] detection means that the value of a Registry key is not the default one, but it's not necessarily malicious.
In your case, App Launch Tracking is disabled (Start_TrackProgs value set to 0), it's legit.

Since, this is a Windows settings, the value is automatically restored on reboot, thus RogueKiller detecting it again.
Regarding Malwarebytes, it seems it detected someting on your system HOSTS file, but it was succesfully restored.

Regards.
Title: Re: Real Time Protection?
Post by: sambud on December 26, 2018, 05:24:48 am
Hi,

Thanks for the feeback.

There are some applications that is hidden for sure that is not being detected.

I have a remote hacker who is actively changing my settings, disabling my firewalls, crashing my computer to force restart, next thing I know my settings are changed again and have to change them back.  Just now, crashed an app I was running, deleted a file I can' t run it on again because of a missing file..  Unfortunately

This been happening, a remote hacker is stalking, and harassing me, which is why I began searching for these things, and Rogue and Malwarebytes came up the top of the list.  I've had enough
Title: Re: Real Time Protection?
Post by: Curson on December 26, 2018, 06:50:45 pm
Hi sambud,

The causes of all these are mostly a damaged system. However, we are going to check your system for rootkits.
Please attach the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically C:\) in your next reply.

Regards.
Title: Re: Real Time Protection?
Post by: sambud on December 28, 2018, 01:58:12 am
I am absolutely certain that is not through damaged system.  This all being done intentionally, how do I know?  Because remote hacker contacts me and lets me know in a sadistic manner that "I've been hacked"  "I'm getting hacked"  or that he's "hacking!" and after that continues to troll and actively mess around with my settings.

The psychopath kept on changing my settings even though I am the only account in this computer who is administrator, no other guest settings, none else yet perpetrator was able to change my settings so I won't be an admin to some files/folders/or any changes but he will only have control over them, and not me as if he owns the computer.  Interfering with what I'm doing, force restarting, crashing my apps, etc.  To avoid me finding fixes, IE:  updating the Windows 10 to the fullest version because I can't not being an admin. 

Anyways, I did everything from that previous post instructed, scanned and found no threats.  (see first attachment)
Update:  I can no longer find any threats or any other suspicious tracks with even malwarebytes and rogue.

The perpetrator is sophisticated and very sneaky, who has learned how to bypass through these apps systems and remain undetected.  On my scan history, after the 26th of December there were no more traces of his illegal online remote hacking activity..  None appearing in malwarebytes and rogue.  Yet is still there silently.. maliciously.. to further exploit harass, stalk, troll.. etc

1andahalf - 2 days ago, I was able to update this windows version w/o the need of admin privileges.  I was able to scan with Windows scanner thankfully through updating to the latest version, so I did a full scan and discovered many of the infections.  There may be more that remains undetected.  I did some action already, and quarantined them yet it says they are still "active".  Restarted/shut down computer but Just like in the pictures still "active".  How do I remove them all permanently for good?  And find other undetected threats as there possibly may be more??
Title: Re: Real Time Protection?
Post by: Hycotuss on December 28, 2018, 07:19:14 am
@Sambud Sorry to hear about your situation.

Have you tried to harden your network (i.e., Changing login password, Updating Firmware, Access Control Lists, MAC filtering, etc..)?
Locking down your network should take priority over client/host machines or segregating infected computers, as that can be a never ending battle.
If possible don't access your router firmware from the infected PC use a smartphone or laptop.
Title: Re: Real Time Protection?
Post by: sambud on December 28, 2018, 07:46:28 am
@Sambud Sorry to hear about your situation.

Have you tried to harden your network (i.e., Changing login password, Updating Firmware, Access Control Lists, MAC filtering, etc..)?
Locking down your network should take priority over client/host machines or segregating infected computers, as that can be a never ending battle.
If possible don't access your router firmware from the infected PC use a smartphone or laptop.

As far as all of those things mentioned.  I've tried changing the login password and wifi passwords, still nothing. 
If the network is the core of all of things, then I should focus on that area.
The rest I have not yet tried.  No idea how to do those yet.  I'm not familiar with Firmware.  I'll search things up to get an idea and learn.
Should I invest in a new router or change internet service provider?  I am using a router provided by internet service provider. 

If there is such thing as evil, this perpetrator is.
Title: Re: Real Time Protection?
Post by: Curson on December 28, 2018, 06:35:46 pm
Hi sambud,

Quote
Because remote hacker contacts me and lets me know in a sadistic manner that "I've been hacked"  "I'm getting hacked"  or that he's "hacking!" and after that continues to troll and actively mess around with my settings.
Interfering with what I'm doing, force restarting, crashing my apps, etc.  To avoid me finding fixes, IE:  updating the Windows 10 to the fullest version because I can't not being an admin.
Could you please send screenshots of these ?

Please download Farbar Recovery Scan Tool (x64) (http://download.bleepingcomputer.com/farbar/FRST64.exe) and save it to your Desktop.
Regards.
Title: Re: Real Time Protection?
Post by: sambud on January 02, 2019, 05:11:39 am
Hi Curson,

Scanned and files are attached.

There are tons of details. 

Is there anything wrong, and can it be fixed?
If not what are the possible solutions beside having to further investigate about the network as Hycotuss mentioned??

Would like to fix this to rid of exploits.

Happy New Year
Thanks.
Title: Re: Real Time Protection?
Post by: Curson on January 04, 2019, 10:42:35 pm
Hi sambud,

Please uninstall the following applications :
You are using other cracked games that may contain malware. Please be aware of it.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is your computer running ?

Regards.
Title: Re: Real Time Protection?
Post by: sambud on January 05, 2019, 06:28:50 am
Hi Curson,

I have been uninstalling. 

The adversary is manually poisoning my files.  I had Fortnite running well for months and months consistent, no problem.

Until the perpetrator changed the settings, now I can't even run the game.   It says "may not have the appropriate permissions to access the item."

Sometimes when I scan again, a healthy regular file ran for months and months and months will be detected even when before it wasn't infected, and the anti-malware/virus w/e will want me to delete it, and then the apps won't function properly no longer or will be deemed to be destroyed.

Totally messing up computer system, and not just for games.

Even when I am no longer connected to the internet, the adversary is able to remotely control my computer. 



P.S.

How to REMOVE hidden user accounts in Windows 10??

I discovered this when I am trying to make changes in my system, and this account wasn't in my control panel  Users list, nor I created it.
There is only 1 account for this device.
- It is asking me password, and none of my security passwords worked for this account, so it's the Adversary's remote hacker's account disguised and hidden inhibiting me to make this one system change.  And possibly how is able to access and change system settings undetected.
Title: Re: Real Time Protection?
Post by: Curson on January 06, 2019, 06:04:32 pm
Hi sambud,

Could you please attach the fixlog.txt report with your next reply ?

Quote
Until the perpetrator changed the settings, now I can't even run the game.   It says "may not have the appropriate permissions to access the item."
Your system seems damaged.

Quote
Even when I am no longer connected to the internet, the adversary is able to remotely control my computer.
I'm sorry, but that's not possible.

Quote
How to REMOVE hidden user accounts in Windows 10??

I discovered this when I am trying to make changes in my system, and this account wasn't in my control panel  Users list, nor I created it.
There is only 1 account for this device.
There is five accounts registered on your computer :

Code: [Select]
Administrator (S-1-5-21-2967969622-1393707293-1905837764-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2967969622-1393707293-1905837764-503 - Limited - Disabled)
Guest (S-1-5-21-2967969622-1393707293-1905837764-501 - Limited - Disabled)
User (S-1-5-21-2967969622-1393707293-1905837764-1002 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-2967969622-1393707293-1905837764-504 - Limited - Disabled)

As you can see, only the "User" account is enabled and it's yours. Please don't try to delete it.

Regards.
Title: Re: Real Time Protection?
Post by: sambud on January 08, 2019, 12:28:50 pm
Hi Curson,

Where to find the fixlog.tx ?

It's not damaged, it is being damaged with malicious, exploitative ill intent.  I've been trying to figure out how all this works to increase the thickness and layering of cyber security.. One day it'll end permanently

It is very possible unless you're actually experiencing being actively and presently remotely hacked yourself..  My theory the adversary poisoned the network and was able to install the keylogger, root kit programs and so whether there would be internet or not, device would be accessible.  I installed and searched for these anti-virus, malware applications too late when the perpetrator already instilled the programs.

Sick perverted stalking adversary can see everything and anything that I'm doing in this device and what I'm typing is being recorded by key logging software, and so is able to anticipate and sabotage apps and w/e

Then who is TrustedInstaller (see attached) who is preventing me from making or reverting app's changes back to default normal settings, and I'm not even the grandest admin, that account is higher than me as an admin.


EDIT:  See I searched around, and it's not only me over 850+ people has the same thing with over 25,000 views who were probably trying to find solutions:  https://answers.microsoft.com/en-us/windows/forum/windows_xp-security/my-computer-is-hacked-a-hidden-user-is-running-all/ed6f0ee5-0d78-e011-8dfc-68b599b31bf5

And I'm sure there are more, the majority of the population are just not aware and educated in this subject otherwise we will be able to prevent these breaches.  Most people don't know they've been hacked, some malwares are very covert and its purpose is to conceal itself and not being detected.  Heard stories other people were hacked for 2 years without even knowing it, they were being spied on and exploited, computers being used for DDos attacks and other purposes the adversary intends to do with it, w/e


In addition, maybe this is what happened all the way before this all even got started, It may have been the same case:  https://www.youtube.com/watch?v=Plxpjo8ujBk
Title: Re: Real Time Protection?
Post by: Curson on January 08, 2019, 09:30:50 pm
Hi sambud,

Quote
Where to find the fixlog.tx ?
It should be located on your desktop.

Quote
My theory the adversary poisoned the network and was able to install the keylogger, root kit programs and so whether there would be internet or not, device would be accessible.
Has anyone else physical access to your computer ? If not, it can't be accessed from remote if not connected to the network.
Besides, no rootkits are installed on your computer and FRST did not show the presence of keyloggers.

Quote
Then who is TrustedInstaller (see attached) who is preventing me from making or reverting app's changes back to default normal settings, and I'm not even the grandest admin, that account is higher than me as an admin.
Windows 10 changed the way permissions are granted and a "normal" Administrator account is limited. "Specials" accounts such as TrustedInstaller, SYSTEM, etc. are used to perform administrative tasks.

Quote
EDIT:  See I searched around[...]
It concerns Windows XP and as I said above, users management changed since then.

Quote
In addition, maybe this is what happened all the way before this all even got started[...]
It your computer was compromised this way, there will be a clue with the FRST reports. By the way, the "Open with Application Issue" problem reported by CCleaner is not malicious.

Regards.
Title: Re: Real Time Protection?
Post by: sambud on January 11, 2019, 02:10:06 am
Has anyone else physical access to your computer ? If not, it can't be accessed from remote if not connected to the network.
Besides, no rootkits are installed on your computer and FRST did not show the presence of keyloggers.

I guess you don't understand Root Kits purpose and how they've been designed.

None of this is helping me at all.

Gonna find other solutions.
Title: Re: Real Time Protection?
Post by: Curson on January 11, 2019, 02:53:56 am
Hi sambud,

Quote from: Curson
Has anyone else physical access to your computer ?

The file you attached is not the fixlog.txt file. Could you please attach it with your next reply ?

Regards.