Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - Tigzy

Pages: [1] 2
PEViewer / ==> Crash/Hang/Block, please come here <==
« on: March 14, 2017, 09:26:05 am »
If you have a problem of PEViewer crashing, please do the following:


1. Application crash:
  • Restart the application
  • If it asks for sending crash information, please upload them. If not, follow 1.1
  • That's all you need to do

1.1 Application crash, manual dump:

2. Application is blocked/hangs on something:
  • Download Process Hacker or Process Explorer, and install it. Start it.
  • Restart PEViewer
  • When it hangs, make a full dump of the process with Process Hacker/Explorer with a right click.
  • Zip it, upload it on


UCheck / Translations!
« on: February 28, 2017, 04:40:33 pm »
Hello :)

EDIT: 02/28/2017
Current complete translations are: EN, FR. All others are YET TO BE DONE! :)

We are now offering FREE LIFETIME licenses for our translators, because we know the amount of work it's needed for the new version (12). This only works for past translators, and for a full translation (If you update an existing file that won't work).

We need translators!

Actually, we already have several languages available, but due to many updates and improvements, those translations are outdated.
If you willing to help and you are bilingual, please help use to improve those translations.

The files needed are available here:

- .ts files are the translations themselves.
- QTLinguist is the program needed to update the files

Dropbox tries to open them as audio file. First, toggle the list view instead, that's better to see the file names. You have to click on the file, then when it says "cannot read the audio file", click on download. Put it on the desktop if you want.

Here's the way to translate files:

1.If you didn't find your language, and you want to start a new one
- Pick the lang_template.ts file
- Rename it as lang_<your_language>.ts
- Download and extract QTLinguist
- Open the .ts file with it
- "Edit" menu, "Translation file settings" => Select your language in Target language and validate.

2.If you want to update an existing translation
- Pick the lang_<your_language>.ts file
- Download and extract QTLinguist
- Open the .ts file with it

3.Common part
- Use the "Go next unfinished" button to go to first item
- Translate it
- Use the "Mark as finished" button to validate the translation and go to next item
- Redo that until everything is translated and save

(See attached image)

- Please try to make the sentences (if any) the shortest as possible
- Submit your translation on the forum, in this thread :)

If you want more information about QTLinguist, here's the official documentation:


UCheck / ==> Crash/Hang/Block, please come here <==
« on: February 28, 2017, 02:24:39 pm »
If you have a problem of UCheck crashing, please do the following:


1. Application crash:
  • Restart the application
  • If it asks for sending crash information, please upload them. If not, follow 1.1
  • That's all you need to do

1.1 Application crash, manual dump:

2. Application is blocked/hangs on something:
  • Download Process Hacker or Process Explorer, and install it. Start it.
  • Restart UCheck
  • When it hangs, make a full dump of the process with Process Hacker/Explorer with a right click.
  • Zip it, upload it on


UCheck / UCheck launch, BETA program
« on: January 30, 2017, 02:52:13 pm »
Hey :)

EDIT (22 Feb, 2017): UCheck V1 has been launched. BETA program is now over and you can buy a Premium version if needed here:

I'm pleased to announce UCheck V0.9 (BETA) is finally live! Yay!

What is UCheck?
UCheck is a software updates manager. As of now, it will replace the old WIGI software, that will be deprecated and removed soon.

To keep it short, you launch the program, start a "scan" and it will tell you what software are outdated.
It also give the ability to install updates in a fast fashion (download, install: 2 buttons).
It also give the ability to install software NOT PRESENT YET, which can be useful in case of a clean, new machine.
And last but not least you can list and uninstall programs present on your machine.

Later we plan to add more features like automatic notifications and persistence in the tray, and why not (if feasible) bulk updates.

Where do I download?
Here: ==> <==

Is it FREE?
YES. Some options will be part of a Premium license later (as of V1) but the essential part of the program (Updates!) will remain free to use for everyone.

Is there a documentation somewhere?
YES, here:==> <==

Bugs? New Features?
If you find a bug, need something you believe can be useful for the program, just TELL US.

How many software do you monitor?
For now, *only* about 40. But it's really easy for us to add more, and we plan to support about 100 soon. Of course we decided to start with the very common and useful software as part of our launch package, like web browsers (Firefox, Chrome, Opera) and most downloaded software (VLC, Itunes, ...). Also, unlike some of our competitors we don't use humans for updates, but an army of bots :) They are fast, reliable... and cheap also (!). Expect to get notified within a day of the new updates.

I hope you will enjoy it :)

General Discussion / Test
« on: April 05, 2016, 05:56:32 pm »

News/Updates / RogueKiller 12
« on: February 03, 2016, 04:40:16 pm »

EDIT, now in production.
I close the thread.

We are currently in BETA stage, current version is BETA 3.

Version 12 will be a UX/UI (User Experience/User Interface) release.
No core features should be expected.
However, it will be kickass, see announcement link :)

Download links are on the announcement link too.


RogueKiller / RogueKiller 11 beta
« on: October 01, 2015, 01:38:03 pm »

RogueKiller 11 is right behind the door :)
We need you to test it before it replaces the official version (currently 10.X.X).

It's quite critical because the only major change is about the Kernel Driver. We have re-coded all the driver from scratch, following best practices to ensure it's compatible with all operating systems (from Windows XP to Windows 10, 32 and 64 bits) and with all environments.

Why is it critical? Because a bug in the Kernel Driver means Blue Screen Of Death, which is not particularly a good thing. Yeah, that's annoying.
So we need as much tests as possible to ensure no bug is left before it's moved in production.

You will find the binaries here:

What's new?

  • Rewritten all kernel code. From scratch.
  • Kernel Hooks detections are now made on userland side, in common with IAT hooks detection. Easier to maintain, more efficient.
  • Minified amount of code on Kernel side for safier code.
  • Driver is now aware of Windows 8/8.1/10.

No big change in the flow, nor in the UI.
The most important occurs while Antirootkit scan => SSDT, Shadow SSDT, IRPs, Filters. IAT scan isn't affected.

I have a BSOD, what do I do?

  • Go in C:/Windows/minidumps, find the file that has been generated (blabla.dmp).
  • Send it to us:, or attach in comments (it's a small file).

Thanks for your help  8)

If you encounter this issue, please download and run this:

On a normal PC, it looks like the attached.
Please attach a screenshot like I did, that will help (hopefully) to resolve the issue.

News/Updates / RogueKiller FP Database restarting from scratch
« on: February 18, 2015, 04:40:32 pm »

As of 10.4.0,
we are dropping old badly defined FP detections, and you should see a massive increase of false detections

Please report them into the False Positive thread:
And they will be fixed in the next update which will be quick.

We are also actively monitoring to fix a lot of them on our own.
Thanks for your support! :)

RogueKiller / ==> Crash/Hang/Block, please come here <==
« on: November 24, 2014, 09:50:25 am »
If you have a problem of RogueKiller crashing, please do the following:


Note on July, 30th 2015:
Just to let you know (I'll update the main post as well) that every BSOD issue will not be fixed now, for a very good reason:
We are in the process of redoing the driver from scratch for better performance and stability.

The driver is the thing that would cause 99% of the BSOD you encounter with (and caused by) RogueKiller, so hopefully once the new version of the driver is out the problem will be gone. Please be patient.

As a workaround you can switch driver off with -nodriver command line, or for Premium users by unchecking the Kernel driver in settings.


1. BSoD (Blue Screen), this is a driver crash:
  • Go to C:/windows/minidumps
  • Find the latests dump file, and upload it here (zipped please)

2. Application crash:
  • Restart the application
  • If it asks for sending crash information, please upload them. If not, follow 2.1
  • That's all you need to do

2.1 Application crash, manual dump:

3. Application is blocked/hangs on something:
  • Download Process Hacker or Process Explorer, and install it. Start it.
  • Restart RogueKiller
  • When it hangs, make a full dump of the process with Process Hacker/Explorer with a right click.
  • Zip it, upload it on


RogueKiller / ==> Proc.Injected <==
« on: November 14, 2014, 09:51:58 am »
If you encounter this detection, this can mean several things:

- A real infection (like Zeus, Carberp, Poweliks, they are all using that thing)
- Your antivirus injecting your processes to protect you (in theory).

To know what's going on, and possibly whitelist the cases where it's a legit injection, please do the following:
Let's say you have [Proc.Injected] some_process.exe -- C:/path_to_parent_some_process.exe

- Download Process Hacker:
- Install it, launch it
- Find the process above
- Right click on it => Create dump (on the desktop)
- Zip the file (winzip, winrar, 7zip)
- Host it anywhere you want (Google Drive, Dropbox, ...) Make sure it's public.
- Put the link here.

We will analyse what is really injected, and whitelist if needed.

Malware removal help / ==> Poweliks [Unique Thread] <==
« on: October 31, 2014, 08:49:07 am »
Many people are infected with this one these days.

The original infection page is here:
Here's the way to get rid of it:

- Download Process Explorer and RogueKiller
- Start RogueKiller, do the Prescan and the Scan. It must detect the registry keys/values related to Poweliks.
- Launch Process Explorer with admin rights (right click, start in admin), and kill tree on the parent dllhost process
- Do the removal.
- Reboot immediately

EDIT: Some users reported it's easier in Safe Mode.

RogueKiller / ===> False Positives <===
« on: October 20, 2014, 11:44:25 am »
This is a common thread to report all false positives.
Please put the entire line of the text report, no screenshot as much as possible.

Thanks :)

VT.Unknown specific case:
VT.Unknown means the file was unknown on Virus Total, and normally it has been uploaded at the same time.
So, after the file is uploaded, it's analysed by Virus Total. It can take a few hours.

If you redo a scan later enough, there's a high chance that the Virus Total report is available.
RogueKiller will grab it and not see it as unknown anymore (and not flag it).
Then depending on the VirusTotal results, if it's malware it will be flagged and you will see a VT.Something detection.

So, please when you see a VT.Unknown detection, it's because the file is quite new on the web.
Be patient, and redo a scan an hour later to check if it has changed. You can also upload it on VirusTotal by yourself to know if it's legit or not.

News/Updates / RogueKiller V10 Beta
« on: September 09, 2014, 01:32:37 pm »
Hello :)

I'm very pleased to announce that version 10 of RogueKiller is finally in public beta stage! Yay!  8)
After the version 9 which was a major update about the core (with new SDK), the version 10 is only about UI. We basically rebuilt the same program with Qt, but with small changes and UI fixes.

Please, download it, test it, but keep in mind it's still in beta. Though most of the bugs were fixed during the alpha stage, some may remain.
We are waiting for your feedback, tell us what's good, what's wrong, and provide as much information as possible (if you encounter a crash, please provide a full dump).

Please provide feedback on that thread, or if you won't register to the forum, use the contact form.

Download it here (that's a temporary link, don't rely on it):

No more beta links.

Known issues (to be completed):
  • Translations not updated
  • Binaries not signed

Please read this carefully before to post in this section for an issue.  ;)

1/ Please read the tutorial
You'll find many information about what can be considered as suspicious, legit, information about detection colors, etc...

2/ Please read the FAQ
Commonly asked questions.

3/ Please read the Known issues
Bugs already known. No need to ask again we are working on them.

If after that you still need to report something, or ask some help, please read the following.

========== If you need help

- Please provide enough information. The minimum is a text report. You can have one by clicking on "report" after a scan/removal in RogueKiller. If you missed it, reports are stored in %programdata%/RogueKiller/logs.

- You can provide screenshots as well.

- Please don't encapsulate images into docx files, or zip, or whatever. It takes time to open, and not very convenient to use.

- Please don't provide screenshot to show something that could be explained with the report (like a false positive). A report is better because we can copy/paste the detection instead or rewrite it (and avoid mistakes by doing so...).

- Please don't host images on websites, use the attachements instead (we don't wanna wait 30+ seconds to open each file).

========== If you report a bug/crash

- In case of a BSoD: Attach minidump (can be found after the reboot in C:/Windows/minidumps)
- In case of RogueKiller crash. Usually, after restarting the application, it's prompted to upload the crash dump. If you did it, nothing more to report. If you didn't, please open a thread a describe where it crashes. If you know how to use procdump, please provide a dump with it.

Pages: [1] 2