Rouge removal guide

[Guest]

IF YOU ARE ALREADY INFECTED DONT READ THIS PART

 

Now, if you already don't have a PC infected with malware, YOU WILL. I am a professional with this stuff, believe me, i once got 60 trojans, and got rid of 'em.

Now, how do you protect your self?

 

Install a Web plugin called WEB OF TRUST.

 

In 99 percent of cases, 1 percent visited the malicious site before you did, and if they get rid of malicious things, mostly they do, they will vote the website, so you and the 1 percent of poor unlucky guys never get there again, basically, WOT is a plugin which connects to its database and kick you out of websites with poor ratings. And believe me, that's all you mostly need.

 

BUT, If you are a nice guy who goes on the 100th page of google search, where other people don't go to vote on malicious stuff, you should get a protection. Nice one is avast free version, download it at www.avast.com ....

 

 

 

Now here's the "fun" part, if you were infected by a rouge program, you are in bad trouble. So what ARE ROUGE programs? Those are programs that diguise themselves into a useful program, even antiviruses. The irony. That is a really popular type of malicious software and malicious software types out there. So what do you do when you get infected? Just follow me.

 

First step: KNOWLEDGE

 

You need to KNOW, do you even have malicious software, that is kinda obvious.

 

Some side effects of having a rouge are:

 

• You may receive the error “Internet Explorer could not display the page” when attempting to access certain websites
• Your web browser (e.g., Microsoft Internet Explorer, Mozilla Firefox, Google Chrome) freezes, hangs or is unresponsive
• Your web browser’s default homepage is changed
• Access to security related websites is blocked
• You get redirected to web pages other than the one you intended to go to
• You receive numerous web-browser popup messages
• Strange or unexpected toolbars appear at the top of your web browser
• Your computer runs slower than usual
• Your computer freezes, hangs or is unresponsive
• There are new icons on your desktop that you do not recognize
• Your computer restarts by itself (but not a restart caused by Windows Updates)
• You see unusual error messages (e.g., messages saying there are missing or corrupt files folders)
• You are unable to access the Control Panel, Task Manager, Registry Editor or Command Prompt.

 

Second step: The safe MODE

 

Now, on windows seven devices you can normally go and boot your computer up and press f8 repeadly (while booting) and you will see the screen saying

 

1. Start windows in normal mode

2. Start windows in safe mode

3. Start windows in safe mode with command prompt

4. Start windows in safe mode with networking.

 

Press the forth option.

 

Third step: NEUTRALIZE THE ROUGE

 

If you are in safe mode, you are now a happy person, safe mode usually blocks every single app from booting except your basic drivers and windows services. Now you won't be fucked up with the pop-ups. 

 

 

Download RKILL. If your searches for RKILL get redirected, just use another browser, if you live in the 80's here is a trick for explorer. Go to internet options, go to tab Connections go to LAN settings and uncheck anything related with proxy's. This will stop redirecting your searches. If your searches get redirect just download the RKILL utillity on USB, place it in your desktop, name it something else if it already isn't named iExplore.exe, This name is used to trick the rouges into thinking that you don't have a loaded antivirus.

 

Run the Rkill utillity as administrator and let it end all the damn processes that are still malware related. DO NOT RESTART YOUR COMPUTER

 

Now you need to download  TDSSKILLER. The link: http://support.kaspersky.com/downloads/utils/tdsskiller.exe

This will scan your bootsectors and repair any damage done.

 

Now you're safe.

 

If the process doesn't fully end, end it with task manager. If it isn't blocked, good, end a process that usually has a extremely long no sense name. If it is blocked unblock it by going to regedit. Find taskmgr or tskmgr, by pressing ctrl+f and typing in the those names. 

If regedit doesn't find a folder named taskmgr search it yourself, i think it is located somewhere in hkey_localmachine folder. Find the taskmgr folder and rename it to taskmgr1. Now you should be able to open task manager and disable the process manually

 

FORTH STEP: Clear up the JUNK

 

Download malwarebytes from malwarebytes.org to remove all the junk for you. Use some other tools for rootkit checking, and as i said, delete the crap, delete the folders, use CCLEANER and delete more crap. DELETE ALL THA CRAP. To be sure press WINDOWSKEY+ R and type in the run box: msconfig and go to startup tab, if there are suspicious files still starting up, uncheck them. ADD MORE antiviruses and SCAN, until you remove all the damage caused by the rouges. If you are infected right now, and are under special conditions just PM me ;D

[StingBull]

I used to use WoT but then I realised I ignore the warning when I really want to take a look at a unsafe site anyway. Yeah, it will be totally my fault when my computer get infected and email all my porn to my grandma.

[Guest]

I used to use WoT but then I realised I ignore the warning when I really want to take a look at a unsafe site anyway. Yeah, it will be totally my fault when my computer get infected and email all my porn to my grandma.

Lol, happens to me too. I always think something is a false positive

[Benjio]

Really the best option to start out with is going through the program list and uninstalling any foreign programs, that usually solves the main problem easily and quickly (best to use a program like Revo Uninstaller to delete extra registry keys and files). CCleaner, Malwarebytes, TDSSKiller, and Avast Anti-virus are all great programs to run after.

[Akolyte]

I'm a volunteer for AVG and have dealt with rouges before, your guide is great but I've seen plenty of rouges that start in safe mode and still stop you from using your system.  Most times, I just reinstall windows but on the average user's systems they dont want that.  Most cases I use Kaspersky Rescue CD to find the rouge or ESET Rouge Removal Tool, and then run Malwarebytes. 

 

I also find Malwarebytes Chameleon is a good way to get malwarebytes running on an infected system.  Most times after rouge removal I run not only Malwarebytes, TDSS killer, AVG as well as Comodo Cleaning Essentials but I also check the filesystem for suspicious files and folders on an Ubuntu USB bootable enviroment, as thats the only way to really get it red handed. 

 

On systems without secureboot I'll often also check the Master Boot Record and if it needs repairing ill repair it.  Yet when I'm removing malware for a friend, I just download hitman pro and run a scan then say done... Even though I'm an AVG guy, I'm not paranoid about malware.

 

I think the biggest thing to prevent this stuff is for people to understand, my friends just torrent whatever they think looks cool.  And then I go to his place and see the registry cleaning rouge on his system... 

[Guest]

I'm a volunteer for AVG and have dealt with rouges before, your guide is great but I've seen plenty of rouges that start in safe mode and still stop you from using your system.  Most times, I just reinstall windows but on the average user's systems they dont want that.  Most cases I use Kaspersky Rescue CD to find the rouge or ESET Rouge Removal Tool, and then run Malwarebytes. 

 

I also find Malwarebytes Chameleon is a good way to get malwarebytes running on an infected system.  Most times after rouge removal I run not only Malwarebytes, TDSS killer, AVG as well as Comodo Cleaning Essentials but I also check the filesystem for suspicious files and folders on an Ubuntu USB bootable enviroment, as thats the only way to really get it red handed. 

 

On systems without secureboot I'll often also check the Master Boot Record and if it needs repairing ill repair it.  Yet when I'm removing malware for a friend, I just download hitman pro and run a scan then say done... Even though I'm an AVG guy, I'm not paranoid about malware.

 

I think the biggest thing to prevent this stuff is for people to understand, my friends just torrent whatever they think looks cool.  And then I go to his place and see the registry cleaning rouge on his system... 

I love hitman pro, you can forcefully start it and it will stop your rouge, so it doesn't matter if rouge starts in safe mode, yes, your post could be a nice addition to my guide

[Akolyte]

I love hitman pro, you can forcefully start it and it will stop your rouge, so it doesn't matter if rouge starts in safe mode, yes, your post could be a nice addition to my guide

Thanks,