Based on generic ways to find malwares by their behaviour (heuristics), on classic anti-malware analysis (signature finding) and on undocumented hacks, RogueKiller can find/remove most of the basic malwares (rogues, trojans, …) and some advanced threats like ZeroAccess or TDSS that behave more like rootkits.
RogueKiller is a tiny anti-malware maintained by a small team, and thus new detections are based on “most spread threats“. RogueKiller react quickly to integrate detection and removal of what think can be a global threat and affect a big amount of users across the world.
Here’s a little summary of what RogueKiller is able to do:
- Kill malicious processes
- Stop malicious services
- Unload malicious DLLs from processes
- Find/Kill malicious hidden processes
- Find and remove malicious autostart entries, including: Registry keys (RUN/RUNONCE, …), Tasks Scheduler (1.0/2.0) and Startup folders
- Find and remove registry hijacks, including: Shell / Load entries, Extension association hijacks and DLL hijacks
- Read / Fix DNS Hijacks (DNS Fix button)
- Read / Fix Proxy Hijacks (Proxy Fix button)
- Read / Fix Hosts Hijacks (Hosts Fix button)
- Restore shortcuts / files hidden by rogues of type “Fake HDD“
- Read / Fix malicious Master Boot Record (MBR), even hidden behind rootkit
- List / Fix SSDT – Shadow SSDT – IRP Hooks (Even with inline hooks)
- Find and restore system files patched / faked by a rootkit