Author Topic: RogueKiller Finds them, says it removes them but after reboot still there.  (Read 14748 times)

0 Members and 1 Guest are viewing this topic.

November 02, 2017, 10:08:09 AM

BrokenPerson

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
I5 - processor
Win 10 x 64; 8mb Ram

It is probably me, not RogueKiller.  Not sure what I am doing wrong.  I am not sure if the 2 problems are related.  The first problem Roguekiller finds things, but after I am told they are removed, they are still found - the same ones ("problems").  So, I run Roguekiller, delete the "stuff", reboot and rescan. All 16 problems are still there,

The second problem:

All of my computer resources feel like they are being used or drained.  Computer feels sluggish, slow or lagged.  When I look at task manager it says my disk use is 100%  this is a fairly frequent problem. 

I did all of these steps and none worked:
https://www.drivereasy.com/knowledge/fix-100-disk-usage-in-task-manager-improve-pc-performance-on-windows-10/

I contacted Microsoft Support, someone took control of my computer and they pretty much followed the same steps though informed me they did additional trouble shooting and solved the problem, they did not fix it.

I do not know if it is important to note but this is an official fix, I do not have this "Device"
https://support.microsoft.com/en-us/help/3083595/task-manager-might-show-100-disk-utilization-on-windows-10-devices-wit

ERRORS:
[Proc.Injected|Proc.RunPE] Wow-64.exe(10016) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found
12 "[PUP.Gen0]" errors
A firewall problem and another.

« Last Edit: November 02, 2017, 11:02:17 AM by BrokenPerson »

Reply #1November 02, 2017, 02:13:14 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: RogueKiller Finds them, says it removes them but after reboot still there.
« Reply #1 on: November 02, 2017, 02:13:14 PM »
Hi BrokenPerson,

Welcome to Adlice.com forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

Reply #2November 05, 2017, 11:32:48 PM

Akainu

  • Guest
Re: RogueKiller Finds them, says it removes them but after reboot still there.
« Reply #2 on: November 05, 2017, 11:32:48 PM »
Sorry not my post but wanted to provide some input on the World of Warcraft part of this. My scans today also flagged this file the same way but only when the game was open in the background. When it is closed and I run another scan everything comes back clear each time. It's got me a bit edgy since I'm not sure what exactly it is or why it's marking it as a threat since it hasn't in the past.

¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected|Proc.RunPE] Wow-64.exe(6376) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found
¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected|Proc.RunPE] Wow-64.exe(4780) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found
¤¤¤ Processes : 1 ¤¤¤
[Proc.Injected|Proc.RunPE] Wow-64.exe(4804) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found

Reply #3November 06, 2017, 12:27:21 AM

BrokenPerson

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: RogueKiller Finds them, says it removes them but after reboot still there.
« Reply #3 on: November 06, 2017, 12:27:21 AM »
Could it be detecting warden?

So that was my problem. When WOW was closed, it detected nothing.  When running  RKK detected the files the other person mentioned.  My problem....  When I load wow it instantly hijacks my resources now (100% disk - Task Manager).  WHY ME?  Though, I do not know if this is related to something else as it happens when I am not playing. However, the launcher is up 7/24/365 mostly. 

Warden is very invasive and does a lot of stuff. There is no way it is not spy/malware.  However we all knowingly and openly sign our lives away (if ya read the fine print)
https://www.schneier.com/blog/archives/2005/10/blizzard_entert.html <---- good old article.

I wonder how the Warden has evolved?  In their anti-cheat agreement which was updated not too terribly long ago, not too much before I started having endless problems.  WOW openly says they will make your computer their zombie.  To play that is the price you pay.  I just confirmed the problem only exists when the game is running.  Warden is a threat, tits if RKKrew flags it.  (Tits as in "good", just clarifying - keeping it PG-13).   It is one of those potentially necessary threats.  Like keeping a gun when you are really drunk.
In process
•Signature checks
•Game specific checks
•Hook detection
•Pointer chain
checks
•Call stacks periodic checks
•Debug related
detections
•Out of process
•Signature based detection
•Pattern searching in all processes address space
•Scanning for game process handles
•Scanning files for signatures (offline)
•Send suspected programs to server for analysis
•Check DNS history for cheat update servers
« Last Edit: November 06, 2017, 12:36:05 AM by BrokenPerson »

Reply #4November 06, 2017, 02:32:07 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: RogueKiller Finds them, says it removes them but after reboot still there.
« Reply #4 on: November 06, 2017, 02:32:07 PM »
Hi Akainu, BrokenPerson,

This process structure is unusual, probably linked to anti-cheat, but it does not contain malware.
We will whitelist it as soon as possible.

As a side note, Warden client use dubious methods but it's not detected by RogueKiller because of the requirement to have it running for playing Blizzard games.

Regards.

Reply #5March 30, 2019, 07:32:52 AM

jaydnbright

  • Newbie

  • Offline
  • *

  • 1
  • Reputation:
    0
    • View Profile
I5 - processor
Win 10 x 64; 8mb Ram

It is probably me, not RogueKiller.  Not sure what I am doing wrong.  I am not sure if the 2 problems are related.  The first problem Roguekiller finds things, but after I am told they are removed, they are still found - the same ones ("problems").  So, I run Roguekiller, delete the "stuff", reboot and rescan. All 16 problems are still there,

The second problem:

All of my computer resources feel like they are being used or drained.  Computer feels sluggish, slow or lagged.  When I look at task manager it says my disk use is 100%  this is a fairly frequent problem. 

I did all of these steps and none worked:
https://www.drivereasy.com/knowledge/fix-100-disk-usage-in-task-manager-improve-pc-performance-on-windows-10/

I contacted Microsoft Support, someone took control of my computer and they pretty much followed the same steps though informed me they did additional trouble shooting and solved the problem, they did not fix it.

I do not know if it is important to note but this is an official fix, I do not have this "Device"
https://support.microsoft.com/en-us/help/3083595/task-manager-might-show-100-disk-utilization-on-windows-10-devices-wit

ERRORS:
[Proc.Injected|Proc.RunPE] Wow-64.exe(10016) -- C:\Program Files (x86)\World of Warcraft\Wow-64.exe[7] -> Found
12 "[PUP.Gen0]" errors
A firewall problem and another.

Actually, I am also getting the same issue this is not working in my PC also My Pc specs are:

Intel Core i5-6600K @ 3.5 GHz.
Memory: 8 GB RAM.
Graphics: NVIDIA GeForce GTX 1070 8GB

Reply #6March 30, 2019, 05:24:53 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Hi jaydnbright,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.