========================================================= === === === RogueKiller Changelog === === === ========================================================= ------------------- - Adlice Software - ------------------- V15.19.2 11/06/2024 ================= - Updated to core 7.4.4 * Fixed last scan display - Fixed last scan display - Fixed missing Chinese translation V15.19.1 10/28/2024 ================= - Updated to core 7.4.3 * Fixed an issue in IPC scan leading to high CPU consumption V15.19.0 10/28/2024 ================= - Updated to core 7.4.2 * Fixed potential crash in Toast notifications lib * Fixed potential crash in Compression lib * Preparing for IPC scan (Phase 2) * Rules serialization * Detections serialization * Preparing for IPC scan * Async scanner * Scheduled scan serialization * IPC rtp refactoring * Comswitch fixes for cloud upload and script engine - Minor UI fixes V15.18.3 09/10/2024 ================= - Updated to core 7.3.2 * Scheduled scans IPC helpers * Fixed issue with clear cache IPC not clearing everything * UCheck regex exclusions * Fixed an issue where web addons where whitelisted by path * UCheck outdated type * Badge can now take full text * Badge optimizations * MalPE default enabled * New notifications architecture (still using old style) - Fixed UI preventing shutdown V15.18.2 08/23/2024 ================= - Updated to core 7.2.4 * Fixed an issue where MalPE was used without CloudScanning mitigation due to internal limitation V15.18.1 08/22/2024 ================= - Updated to core 7.2.3 * Fixed minor issues with cloud scanning * Fixed an issue where some UNC paths were not properly parsed * Fixed an issue where Task commands were not properly parsed * Fixed an issue where empty items were sent to cloud scanning * Fixed an issue where suspicious detections were not properly re-aligned * Fixed an issue where cloud mitigation wasn't showing file missing detections * Fixed service creation vulnerability with spaced-path * Added more Cloud mitigation for "Suspicious" detections * Added threat level alignment in scanner * Now supporting "Suspicious" threat level * Fixed UCheck issue where downloaded files had invalid extension - Fixed an issue where UI was preventing Windows from rebooting V15.18.0 08/01/2024 ================= - Updated to core 7.1.0 * Added themes color config parsing * Migrated themes to new system. Preparing for new themes * Added EICAR signatures to ExtChecker * Fixed issue where config writing was failing the first time * Fix for UCheck program download with unauthorized characters in filename * Fixed possible crash during modules creation in RKCore V15.17.4 06/26/2024 ================= - Fixed potential crash on IPC reconnect V15.17.3 06/19/2024 ================= - Fixed issue where some settings were not properly applied V15.17.2 06/18/2024 ================= - Fixed issue where version check was not refreshing properly V15.17.1 06/18/2024 ================= - Fixed issues with licensing IPC V15.17.0 06/11/2024 ================= - Updated to core 7.0.0 * MalPE no longer in BETA * RTP now killing processes on DocLock request * IPC refactoring * UCheck serialization * Winget truncation detection * Winget filtering empty sources * Now using rule threat level for classification * Encrypted quarantine * Fixed UTF8 serialization on sdk config * Fixed file encryption open flags * Minor fixes V15.16.1 04/12/2024 ================= - Updated to core 6.19.3 * Fixed missing Technician form in Account tab * Fixed missed rules integration V15.16.0 04/10/2024 ================= - Updated to core 6.19.1 * UCheck: Internal Name support * Reporting unserialize fix * Fixed issue where Review notification was not properly shutdown by config * Added Winget support for UCheck * UCheck program refresh fixed issue where status was not Updated * UCheck compression support for programs sending * UCheck compression support for community manifest * Added registry data scanning for firewall rules * Disabled cloud upload retry logic * Better logging on detections * Fix for exclusions matching * Fixed issue where detections could not be removed after a scan * Minor fixes V15.15.3 03/11/2024 ================= - Updated to core 6.18.3 * URLEncode search paramters * UTF8 encoding for Curl parameters * UCheck: Internal Name support * Multiple scheduled scans implementation * Scan cloud config for malpe * Scanners cloud config implementation * Mutiple threat names implementation - Added ability to have multiple scheduled scans V15.15.2 02/19/2024 ================= - Updated to core 6.18.1 * fix for UCheck exclusions * fixed un-needed remove at reboot of drivers * fixed potential app lock during crash dump upload V15.15.1 02/14/2024 ================= - Fixed potential crash in account page V15.15.0 02/14/2024 ================= - Updated to core 6.18.0 * Removed unneeded ACL reset * Replaced folder ACL reset by "Add World ACE" * Added IsInstalled verification in core * Now using current directory's subdir for non-installed core instances * Modular core, preparing for core optimizations * Added UCheck bitness detection algorithm * Added UCheck existence verification * Removed potential crashing logs * Added AsyncWorker for smoother UI experience * Theme fixes * Report UI refactoring * Minor fixes - Disabled shell replacement in installer ("Black screen" issue on update) - Now opening UCheck instead of website if installed - Consolidated Tech portable available features - Added "fully portable" feature, if not installed will work from a current dir's subdir V15.14.0 01/18/2024 ================= - Updated to core 6.17.2 * Themes colors changes * Registration page performance fixes * Error management in UCheck APIs * UI lib update * Fixed issue with json decoding from array * Better progress count * Fix for cloud config (proxy not applied) * Fixed potential crash in filesystem scanner * Fixed possible hang in scan worker * Minor fixes - Contrast improvements - Theme changed refreshes - Minor color fixes - Fonts improvements - Now saving window geometry and restoring it at launch - Added translator name display - Added theme name (translation) - Minor UI/UX changes V15.13.1 12/05/2023 ================= - Updated to core 6.15.1 * Rkfl 0.10.6 (fixed potential handle leak) * Better RTP logging * Minor fixes - Fixed possible crash on initialization V15.13.0 11/03/2023 ================= - Updated to core 6.14.0 * Fixed notification not opening links * Truesight 3.4, fixed vulnerabilities * Truesight 3.4, fixed possible handle leak * Now avoiding killing protected processes * Minor Fixes - Fixed minor UI issues V15.12.2 10/19/2023 ================= - Updated to core 6.13.3 * Fixed possible crashes on logging * Fixed potential crash on exiting core with a scan running * Fix for explorer path parser * Minor Fixes - Fixed issue where signatures were not loading using import button V15.12.1 09/19/2023 ================= - Updated to core 6.12.2 * Fixed performance issue in UCheck engine * Fixes for UCheck portable detection * Updater 4.1.1, fixed some download links for portable versions * Truesight 3.3 (fixed security issue) * Rkflt 0.10.5 (fixed security issue / fixed potential crash) * Doclock added new services to allow list * Minor Fixes - Minor fix for settings revert to default V15.12.0 08/29/2023 ================= - Updated to core 6.12.0 * First launch UI config * Fixed shell extension removal during uninstall * Fixed backup config removal during uninstall * Cloud config * Cloud scanning no increment on rescan * Minor Fixes - Added Welcome page - Now showing UI on first launch - Removed thanks page opening - Minor changes for marketing page V15.11.0 06/22/2023 ================= - Updated to core 6.11.0 * Fixed possible crash when opening EULA * Deployed cloud config * Added cloud config for MalPE * Fixed potential crashes in DirectoryCounter * Fixed issue where files removed at reboot were not triggering user notice * Added SearchScope (Bing) search rules * Fixed issue where ACLs protected registry keys could not be read/deleted * Fixed minor issues for URL scanning * Fixed issue were Cloud mitigated detections were not showing in Diag * Minor Fixes V15.10.0 05/24/2023 ================= - Updated to core 6.10.0 * Ability to login to shop account to retrieve license keys * Registration page re-designed * NTFS module * FileScanner fast enumeration during scan * Now showing progress during filesystem scanning * Minor Fixes V15.9.0 04/24/2023 ================= - Updated to core 6.8.0 * Now uploading unknown files using dedicated cloud API * Fixed an issue where directores with specific ACLs were not removed * Minor Fixes - Fixed an issue where exiting after a certain scenario would lead to error message in a loop V15.8.2 03/22/2023 ================= - Updated to core 6.7.2 * Fixed an issue where volatile licenses were eating activations * Fixed encoding issue in installer translations * Fixed file types filtering in archives scanning * Minor Fixes V15.8.1 03/06/2023 ================= - Updated to core 6.7.1 * Added client tagging on signatures check/update * Added scheduled scan type in config * Update checks task only executing on Premium * RTP task not exeutes every 60 mns (prior, 15mns) * RTP task disabled when RTP not enabled * Minor Fixes - Moved scheduled scans to its own settings tab - Added ability to choose between Standard/Quick type for scheduled scan V15.8.0 01/26/2023 ================= - Updated to core 6.7.0 * Updated libraries (libyara) * Updater translations * Fixed issues on Windows XP * Fixed an issue where Powershell was slow to open with Clipboard protection * Fixed issue in exclusions where sometimes wrong target was set * Fixed minor issue in Cloud scanner * Minor fixes - Removed wizard button - Now outdated notice has an hyperlink V15.7.0 01/16/2023 ================= - Updated to core 6.6.0 * Fixed multiple issues with cloud scanning * Minor Fixes V15.6.5 01/04/2023 ================= - Updated to core 6.5.8 * Fixed an issue with Curl network check * Minor Fixes V15.6.4 12/15/2022 ================= - Updated to core 6.5.7 * Fixed an issue where link open may fail under LocalSystem account * Fix for obtaining default browser path * Fix for Pipe exit * Abortable scan report * Moved some links opening to more secured method * Minor Fixes - Moved some links opening to more secured method - Dynamic translations V15.6.3 11/15/2022 ================= - Updated to core 6.5.5 * Fixed download issue in UCheck module * Minor fixes - Translations update V15.6.2 10/13/2022 ================= - Updated to core 6.5.4 * Moved URL protocol to installer * Rkflt version 0.10.4 - Fixed possible BSOD at driver Load * Fixed possible altitude collision on Windows 11 * Minor fixes V15.6.1 09/13/2022 ================= - Updated to core 6.5.1 * NEW! Protocol URLs: Ability to register license from an URL * Fixed issue where scanning whitelisted folders' content was not honored in custom scan * DLP no longer in BETA - Translations updated - Fixed an issue where scan was not stopped on session log out, leading to a crash V15.6.0 08/22/2022 ================= - Updated to core 6.5.0 * NEW! Process injection (rkmon32 & rkmon64) [BETA] * NEW! Clipboard protection module [BETA] * Fixed an issue where RTP cleanup routine was not executed * Fixed an issue where RTP signatures were not updated automatically * Fixed an issue where RTP cache was not limited in Size * Optimization for RTP cache on process termination V15.5.3 06/13/2022 ================= - Updated to core 6.4.3 * Fixed a critical issue in signatures engine (some signatures were not working) V15.5.2 06/07/2022 ================= - Updated to core 6.4.2 * Truesight 3.1 (Win10+) - Fixed memory leaks - Fixed missing allocations tagging * Added -excluded-paths CLI switch - Removed Wizard (better UX) - Fixed a bug where update could launch during a scan - Fixed missing label in Web addons exclusions - Added refresh button on Account tab V15.5.1 05/16/2022 ================= - Updated to core 6.4.1 * Fixed Rkflt version 0.10.3 for 32 bits V15.5.0 05/04/2022 ================= - Updated to core 6.4.0 * Rkflt version 0.10.3 (Win10+) - Fixed memory leaks - Fixed missing allocations tagging * Windows 11 official support * Logs reduction * Minor fixes - Added/Updated translations * NEW: Japanese * NEW: Dutch * NEW: Portuguese * NEW: Brazilian * NEW: Polish * NEW: Italian * NEW: Arabic * NEW: Japanese V15.4.0 03/07/2022 ================= - Updated to core 6.3.3 * Fixed potential memory leak in zip module * Fixed issue in cloudscanner where empty batches were sent for analysis * MalPE mitigation: Unknown cloud files are no longer considered malicious * Added background scanner configs * Command scanner is now able to retrieve current process directory and use it for path resolution - Added setting to revert full scan performance (on demand + scheduled) - New dashboard page V15.3.0 02/17/2022 ================= - Updated to core 6.3.2 * Added first cloudscan config * Fixed an issue where detection was added even with a cloudscan invalidation * Fixed an issue where Windows backup history svchost was detected as DLP * Curl timeout increase * Redesigned all command line arguments * Minor fixes * Redesigned UIs to better resize * Background scan enabled by default V15.2.0 01/20/2022 ================= - Updated to core 6.3.0 * Cloudscanner (new module, BETA) * New detection design (Pipeline, BETA) * Minor fixes * New scan progress design * New marketing page design * New settings page design * New history page design V15.1.5 12/15/2021 ================= - Updated to core 6.1.8 * Fixed potential crash * Fixed infinite reload loop in scheduler causing UI to hang / having performance issue * Fixed possible crashes (log formatting) * Fixed possible crash (CLSID scanner) * My Account UI redesign * Registration UI redesign - Fixed potential crash on exiting for update - Settings redesign V15.1.4 11/18/2021 ================= - Updated to core 6.1.7 * Fixed issue in scheduler where monthly scan was not working - Fixed numerous UI / UX issues across the app - Opened Exclusions to free version - Fixed an issue where switches where slow to update - Better wording in settings descriptions - Added UCheck link in miniscan banner - Fixed missiing translation on signatures download link - Fixed refresh issue where driver was showing unloaded after registration - Fixed refresh issue where secured storage was showing unavailable after registration - Removed setup registration (now all inside the software) V15.1.3 11/09/2021 ================= - Updated to core 6.1.6 * Fixed potential crash * Fixed infinite reload loop in scheduler causing UI to hang / having performance issue V15.1.2 11/03/2021 ================= - Updated to core 6.1.5 * Fix for scheduler (fixed time not starting after sleep) * Fixed an issue in common report view * Fixed an issue in path parser (task scheduler) * Fixed an issue in DLP where prefetch service was blocked * Minor fixes - Setup: Always force desktop icon - UI lib update (button padding issue) V15.1.1 10/11/2021 ================= - Updated to core 6.1.4 * Fixed an issue with scheduled scans not starting * Added ability to cancel scan during archive scanning * New scheduler * Added EDGE scanner * Minor fixes - Added Next Scan date on dashboard - Removed scan notifications if UI is shown V15.1.0 09/06/2021 ================= - Updated to core 6.1.1 * New reporting * Fixed an issue when adding exclusions * Fixed a false detection on explorer / DocLock * Fixed an issue with scheduled scans not starting * Added ability to cancel scan during archive scanning V15.0.9 08/05/2021 ================= - Updated to core 6.0.11 * Fixed self folder scanning issue * Asynchronous logging * Fixed possible deadlock * Fixed possible infinite loop in config migration * certificate update - Fixed possible issue with information update at startup - Re-enabled thanks page opening - Deactivated Cloud Upload windows (later integrated into own worker) - Added Proxy authentication settings V15.0.8 07/13/2021 ================= - Disabled temporarily "thanks page" opening (will be reworked later) - Updated to core 6.0.10 * Fixed possible crashes when stopping V15.0.7 07/08/2021 ================= - Updated to core 6.0.9 * Quarantine delete all * Minor fixes - Fixed issue where UI was showing inconsistent state during long initialization - Added locks during engine initialization - Added banner when there's too many quarantine items to display (> 1000) V15.0.6 07/01/2021 ================= - Updated to core 6.0.8 * Fixed possible crash in pipe communication - Fixed issue when checking for updates (signatures state not refreshed) - translations update V15.0.5 06/30/2021 ================= - Updated to core 6.0.7 * Fixed possible deadlock (SecuredIPC) between scheduler / signatures_changed callback V15.0.4 06/28/2021 ================= - Updated to core 6.0.6 * Fixed another issue where dates are not saved properly in config file * Fixed service scan request (scheduler) * Fixed service signatures status update V15.0.3 06/15/2021 ================= - Updated to core 6.0.5 * Fixed potential crash getting username from session ID * Updater 4.0.1 * Fixed crash on certain cases (double download worker thread) * Fixed crash issue when old config is present (Config migration) * Fixed an issue where dates are not saved properly in config file - Fixed potential crash on Initialization V15.0.2 06/14/2021 ================= - Fixed potential crash on exporting portable config V15.0.1 06/14/2021 ================= - Fixed potential crash on startup V15.0.0 06/14/2021 ================= - Updated to core 6.0.4 * Fixed an issue where context menu scan was not working when UI is started by the service * Fixed potential crash in getting computer name * Fixed issue with Windows Updates status * Fixed issue with ucheck progress counters * Refactored using safer memory management (smart pointers) * Refactored with asynchronous initialization (faster to start) * Updater 4.0 * RK DLL 4.0 * Minor fixes - Fixed an issue where some settings in combobox where changing on page scroll (lang, theme) - Minor UI fixes V14.8.6 03/24/2021 ================= - Updated to core 5.3.5 * Fixed potential stack overflows * Reducing Cloud.Generic FPs by ignoring some 3rd parties * Translations update * Minor fixes - Augmenting contrast on detections results page V14.8.5 02/15/2021 ================= - Updated to core 5.3.4 * Fixed possible hang on Zip * Fixed bad licensing error message in some cases - Now opens Update form if clicked on "new version" notification - Now all notifications honor the "no notification" user setting V14.8.4 01/13/2021 ================= - Fixed wrong rkflt version (0.10.0 => 0.10.1) for x64 V14.8.3 01/12/2021 ================= - Updated to core 5.3.3 * Fix for XP compat (CancelSynchronousIo) * Fix for disk enumeration hang * Fix for network file resolution hang * rkflt 0.10.1 (fixed a potential crash on USB device plug) V14.8.2 12/28/2020 ================= - Updated to core 5.3.2 * Fixed a possible crash in scan worker V14.8.1 12/14/2020 ================= - Updated to core 5.3.1 * Fixed licensing issue with XP * Fixed issue in VTScanner on exit (submit on exit) * Fixed possible memory leak in scan items * Fixed possible memory leak in zlib module * Fixed possible memory leak in zip module * Fixed possible memory leak in COM module * Fixed possible memory leak in Event module * Fixed possible memory leak in SigCheck module * Fixed possible stack overflox in Time module * Fixed possible hang in Drives enumeration (async file opening) * Added hash in event history * Fixed an issue where filemon event took time resolving process path and could hang on certain programs (WoT block) * Minor fixes V14.8.0 11/17/2020 ================= - Updated to core 5.3 * Fixed possible issue (small buffer) in filter com * Fixed VTScanner cache, not working in some conditions * Fixed FileMemoryScanner, archive not scanning in some conditions * Fixed DigisigScanner, suspicious CAs * Fixed multiple crashes in PE module * Fixed possible crashes (SO) in registry, path modules * Fixed possible crashes (except) in string, buffer, curl modules * Minor fixes - Added Chinese translation V14.7.4 10/22/2020 ================= - Updated to core 5.1.4 * Fixed potential issue with broken Shell extension (explorer context menu) * Fixes for DocLock DLP FP mitigation * Minor fixes - Added Archives scan configuration V14.7.3 09/15/2020 ================= - Updated to core 5.1.3 * Fixed several memory leaks * Leverage AME cache for DocLock classification * Disabled RTP for portable config * Minor fixes - Fixed refresh issue on dashboard V14.7.2 09/01/2020 ================= - Updated to core 5.1.2 * Fixed potential crash in digisig module for x86 V14.7.1 08/31/2020 ================= - Updated to core 5.1.1 * Fixes for Data Leak Prevention (BETA) * Fix for digisig module (check file from cert store) * Minor fixes V14.7.0 08/24/2020 ================= - Updated to core 5.1.0 * RKFlt 0.10 * RogueKillerSVC 1.5 * Added Data Leak Prevention (BETA) * Deferred Kill to post-processing * Fixes for MalPE pre-filtering * Minor fixes V14.6.3 08/10/2020 ================= - Updated to core 5.0.4 * Fixed crash in PE parser * Fixed crash in config Migration * Minor fixes V14.6.2 07/27/2020 ================= - Updated to core 5.0.1 * DocLock: Mixed protection (FP mitigation) * DocLock: Now preventing to add system folders * Fix for Bad.Extension on files disguised as PE - Fixed scheduled updates / button updates V14.6.1 06/16/2020 ================= - Fixed Truesight digital signature - Updater 3.5 * Bigger and better * Added cancel button V14.6.0 06/15/2020 ================= - Updated to core 5.0.0 * Added more logs for Curl * Proxy validation * Truesight 3.0 (refactored with HLK validation) * Antirootkit module re-integrated (silent mode as a 1st step) * RogueKillerSVC: 1.4 * Minor fixes V14.5.0 05/27/2020 ================= - Updated to core 4.3.4 * MalPE AI 0.6 * DocLock: Blocking suspicious NETSH * DocLock: Blocking suspicious WMIC * Added default printer location * Added ability to scan files with context menu * Added ability to scan network paths with context menu * Added Browser extension type for exclusions * Minor fixes - Added white-circled icon - Updater 3.4.1 * Fixed a possible crash at exit V14.4.2 04/29/2020 ================= - Updated to core 4.3.3 * Fix for crash upload (limitation by dump is present) * RKSvc 1.3.1 V14.4.1 04/29/2020 ================= - Updated to core 4.3.2 * Fixed pipe disconnect (retry logic) * Fixed pipe security * Fixed IPC cache * Added config auto-backup/restore * Fixed self-update task * Fixed crash reports upload V14.4.0 04/01/2020 ================= - Updated to core 4.3.0 * Fix for XP (libzip, openssl rebuilt) * Added scan warnings * Added filescanner warning on abnormally long folder scan * Added scan warnings JSON reporting * Size optimizations * Removed warnings * New advert payload * Added some logging * Minor fixes V14.3.0 03/23/2020 ================= - Updated to core 4.2.0 * Libraries update (libzip / sqlite) * New version manager (network failure proof) * Flush DNS cache on network domain resolve error * Fix for XP (libcurl rebuilt) * Fixed a possible crash in PE parser (VersionInfo) * [DocLock] Added suspicious digisig filtering => Mitigation against signed Ransomware * [DocLock] Allowing more explorer processes * Fixed an issue where process termination was not properly detected * Update to rkflt 0.9.4 * Update to rksvc 1.3.0 * Update to roguekillerdll 3.2.0 * Update to roguekillerupdater 3.4.0 * Fixes for early logging * Minor fixes - My Account links V14.2.1 02/24/2020 ================= - Updated to core 4.1.3 * Fixed url for signatures download V14.2.0 02/24/2020 ================= - Updated to core 4.1.2 * Updated libraries (openssl / libssh2 / libcurl /libyara) * Fixed an issue in Path parser * Update to rkflt 0.9.3 * Update to rksvc 1.2.0 * Fixed an issue where certain command lines could hang until timeout in rkflt * Improved performances for scanning filesystem network resources * Fixed scheduled version check - Updated translations V14.1.1 01/28/2020 ================= - Updated to core 4.1.1 * Service: Defer crash upload in a worker thread * Fixed potential issue with hanging processes (including web browsers) - Fixed EULA showing in installed mode V14.1.0 01/20/2020 ================= - Updated to core 4.1.0 * Fixed a possible crash in Buffer module (implicitcasts) * Fixed an issue where threat name wasn't properly parsed * Reduced API calls frequency * Update to rkflt 0.9.2 * Update to rksvc 1.1.0 * Fixed possible crash at exit * DockLock: Prevent RW from rebooting * DockLock: Prevent RW from using shadow copy removal * DockLock: Fixed an issue where renaming whas not fully detected * DockLock: Added RIPlace detection and blocking * Updates libraries (jansson / cryptopp) * Driver loading sanity check - Added gamer mode (no notifications during full screen) V14.0.4 01/06/2020 ================= - Updated to core 4.0.5 * Fix for getting username from SYSTEM account * Fixes for scheduler engine * Fixed FP remediation for Proc.Svchost detections * Fixed exclusions when path have spaces * Minor fixes - Added "refresh" button for custom scan paths directories tree (to use on external drives (un)plugged) - Fixed laggy UI at startup V14.0.3 12/23/2019 ================= - Updated to core 4.0.4 * Fixed Bad.Extension on Zero-filled * Fixed heuristics in command-line scanner * Fix for telemetry * Fixed bad reference decrement in Yara scanner * Fixed initialization order in worker threads * Fixed ACLs removal in Debug module * Fixed potential crash in Exclusions and History Events modules * Minor fixes - Added button to export RTP history - Added button to export service log - Added button to clear RTP cache - Fixed warning about modules disabled when explicitely turned off by config - Fixed an issue with exit warning not showing - Updated German translation - Updated Turkish translation V14.0.2 12/16/2019 ================= - Updated to core 4.0.2 * Fixed possible crashes in logging * Fixed an issue with processes CLI exposing pipe names (some VPN softs) * Fixed an issue where DocLock reset was not removing old entries * Now displaying full command line instead of process path in history/events * Cloud upload (async) when needed * New telemetry data * Minor fixes - Updated German translation V14.0.1 12/12/2019 ================= - Updated to core 4.0.1 * Added ability to reset doclock folders to default * Improved doclock remove all folders call * Fixed possible crashes * MalPE model 0.5 (fast) * New telemetry data * minor fixes - Fixed an issue where self-exit displayed a warning - Added ability to reset doclock folders to default V14.0.0.16 12/10/2019 ================= - Updated to core 4.0.0 * Real Time Protection * Malware Protection module * Documents Protection module * Real Time Protection settings and UI changes * Minor fixes V13.5.7 11/20/2019 ================= - Updated to core 3.2.17 * Added Background scan * Fixed possible crash at scanner destroy * Minor fixes * Added background scan (low CPU usage) setting for scheduled scans * Icons refactoring V13.5.6 11/07/2019 ================= - Updated to core 3.2.16 * Fixed possible crash when exiting during a scan * Minor fixes V13.5.5 10/23/2019 ================= - Updated to core 3.2.15 * Fixed common folders/files ACLs * RogueKillerDLL 2.4 * Using Restart Manager whenever possible * Added registry setting to force debug logging * Fixed an issue where folders were not properly quarantined and removed * Added Critical flag manipulation before processes termination * Fixed an issue where exclusions were not working with shortcuts * Minor fixes - Fixed an issue with licensing button notifications V13.5.4 10/14/2019 ================= - Updated to core 3.2.13 * Fixed a possible deadlock and crash in scheduler/advert V13.5.3 10/10/2019 ================= - Updated to core 3.2.12 * Fixed an issue where Marketing request wasn't properly processed (notifications loop) * UCheck engine duplicates handle * Minor fixes V13.5.2 10/07/2019 ================= - Updated to core 3.2.10 * Fixed an issue where advert tasks were re-added (and cleared) on network issues V13.5.1 10/07/2019 ================= - Updated to core 3.2.9 * Fixed a handle leak when scanning big files * Minor fixes - Fixed an issue in Scheduled scan settings (impossible to set minutes value) V13.5.0 09/24/2019 ================= - Updated to core 3.2.8 * MalPE model 0.4 * Minor fixes - Improved binaries replacement in installer V13.4.4 09/16/2019 ================= - Updated to core 3.2.6 * Minor fixes - Fix for notifications (bug: under taskbar) - Fixed possible crash at startup V13.4.3 08/20/2019 ================= - Updated to core 3.2.4 * Fixed an issue in WinTrust (part 2) * Fixed possible deadlock while enumerating processes * Fixed SearchStrings method * Signatures 20190819_114745 * Added new Scan locations * Fixed an issue with ACLs where config files may not be properly saved * Fixed portable_license CLI parameter * Fixed low privilege Shell extension registration V13.4.2 08/09/2019 ================= - Updated to core 3.2.3 * Fixed scheduler reload - Fixed a possible deadlock in scheduler V13.4.1 08/08/2019 ================= - Fixed an issue with Shell extension on x64 V13.4.0 08/08/2019 ================= - Updated to core 3.2.2 * Fixed MalPE threshhold * Fixed Wintrust scan (slow) * Added signatures package integrity check * Fixed MalPE detection name (negatives values sometimes) * Fixed issue with Bad.Extension detection - Added Shell extension (Explorer context menu entry) - Added Shell extension setting V13.3.2 07/15/2019 ================= - Updated to core 3.2.0 * Signed files are whitelisted by default * Fixed an issue in scheduler * MalPE V2 - Added AI score to reports V13.3.1 07/01/2019 ================= - Updated to core 3.1.1 * Minor fixes V13.3.0 07/01/2019 ================= - Updated to core 3.1.0 * Fixed an issue where GetErrorMode API isn't present on XP * New machine ID (less prone to changes on Windows install) * Technician trial (if applicable) * Scheduler V2 * Reviews notifications - Better notifications - Added Machine ID on Account page V13.2.2 06/10/2019 ================= - Updated to core 3.0.11 * Fixed startup registration issue when laptop on battery * Fixed warning message at startup when floppy drive exists * Fixed file not closing after zip operations - Added automatic updates setting - New Automatic update system (silent with notifications and scheduler) - Fixed last scan date (taken from config and not history) V13.2.1 05/22/2019 ================= - Updated to core 3.0.10 * Bug fixes * Fixes for scheduler (grace period) - Added button to cleanup crash information - New registration form - New account form - Fixed issue with dashboard not reflecting scan status V13.2.0 05/14/2019 ================= - Updated to core 3.0.9 * Bug fixes * Updated signatures * UCheck engine update - Fix for hidden.proc - Free users can now download signatures package automatically V13.1.10 04/24/2019 ================= - Added notifications setting - Updated to core 3.0.8 * Bug fixes * Updated signatures V13.1.9 03/27/2019 ================= - Fixed marketing notification, now won't show at startup after first time - Updated to core 3.0.7 * Fixed crash in notifications engine * Fixed COM initialization in real time services * Fixed Scanner queue initialization * MSHTA and WScript detections * Minor Bug fixes V13.1.8 03/11/2019 ================= - Updated to core 3.0.6 * Bug fixes V13.1.7 03/05/2019 ================= - Updated to core 3.0.5 * Fixed WebScanner mitigation * Disabled PUM.StartMenu for RogueKiller * Fixed Appdata scan duplicate * Fixed LocalAppdata scan duplicate - Fixed an issue with renewal links V13.1.6 02/25/2019 ================= - Updated to core 3.0.4 * Added Firefox registry addons search * Fixed registry items duplicates on scan - Fixed translations - Removed tray icon in portable version - Fixed freeze on custom scan selection - Fixed autostart minimize on Free version - Fixed autostart initial state - Minor fixes V13.1.5 02/18/2019 ================= - Updated to core 3.0.3 * Added ability to read encrypted signatures packages (AV detection mitigation) V13.1.4 01/30/2019 ================= - Updated to core 3.0.2 * Fixed a crash in ZIP module * Fixed an issue in Folder creation (preventing creating working directory when executing from non system drive) * Now VT.Unknown is not treated as a threat anymore * Now updater runs installer with /silent - Updated shop links to use download API - Updated marketing notification from every 1 hour to every 3 hours V13.1.3 01/24/2019 ================= - Improvment: Installer now kills existing processes before replacing the files - Fixed: Support form not sending proper Program name - Updated: Signatures, package 20190121 - Improvment: Pricing table is clearer - Improvment: Exit button icon - Fixed: Renewal link for FR V13.1.2 01/23/2019 ================= - Fixed: Translations (French, Spanish, German) - Fixed: notifications showing under taskbar in certain conditions - Refactored notifications (removed useless ones) - Added marketing table (easier to understand Premium features and differences with Free version) - Hiding filters in report view (useless for RogueKiller) V13.1.1 01/22/2019 ================= - Updated to core 3.0.1 * Fixed: a crash in PE parser when file is driver protected - Fixed: renewal link for Technician - New: Added better notifications - Fixed: Translations (French, Spanish, German) - Fixed: Custom filesytem locations selection - Fixed: Notifications on multiple monitors V13.1.0 01/21/2019 ================= - Updated to core 3.0.0 * Ability to download signatures from YED server * Now using Scheduled task to run as admin at startup * Now ignoring excluded items from scanner - New: Added Scheduled scans (Premium) - New: Added Automatic signatures updates from adlice.com YED server (Premium) - New: Added Manual signatures packages loading - New: Added setting to run at startup - New: Added exclusions settings and option V13.0.22 01/14/2019 ================= - Added service detection by name - Added signatures V13.0.21 01/07/2019 ================= - Improved support for high DPI screens (V2) - Added signatures - Added support for .lic file (registration) V13.0.20 12/31/2018 ================= - Updated to core 2.2.2 * Fixed an issue with installer and updater/DLL - Part 2 * Fixed possible crash on File IO operations V13.0.19 12/26/2018 ================= - Updated to core 2.2.1 * Fixed an issue with installer and updater/DLL V13.0.18 12/24/2018 ================= - Added signatures - Updated to core 2.2.0 - Added link to threat page on Quarantine items - Added buttons to quarantine / report page - Fixed multiple dates - Added dashboard shortcuts - Minor themes fixes - Improved support for high DPI screens (V2) V13.0.17 12/17/2018 ================= - Added signatures - Updated to core 2.1.0 V13.0.16 12/10/2018 ================= - Added signatures V13.0.15 12/03/2018 ================= - Updated to core 2.0.25 - Fixed a issue in Filescanner where LNK arguments were not expanded for variable environment - Added signatures V13.0.14 11/27/2018 ================= - Updated to core 2.0.24 - Fixed a crash in scanner engine when scanning a file locked by driver V13.0.13 11/26/2018 ================= - Added signatures V13.0.12 11/21/2018 ================= - Updated to core 2.0.23 - Fixed an issue in Curl, leading to download aborts on file sharing issue - Improved Curl file download, now retaining file handle on write (Windows Defender slow download fix) - Added UCheck mini-scan setting (Premium) - Improved support for high DPI screens V13.0.11 11/19/2018 ================= - Updated to core 2.0.22 - Added UCheck mini-scan - Added Registry heuristic scanner - Added signatures V13.0.10 11/14/2018 ================= - Updated to core 2.0.21 - Fixed an issue in the path parser - Minor fixes and enhancements - Added signatures V13.0.9 11/12/2018 ================= - Updated to core 2.0.20 - Added German translation - Minor fixes and enhancements V13.0.8 11/06/2018 ================= - Updated engine to Yara 3.8.1 - Updated to core 2.0.18 - Added Spanish translation - Minor fixes and enhancements V13.0.7 11/05/2018 ================= - Fixed a potential crash in yara engine - Updated to core 2.0.17 - Added signatures V13.0.6 11/01/2018 ================= - Fixed a potential crash in VirusTotal engine - Updated to core 2.0.16 V13.0.5 10/31/2018 ================= - Minor fixes - Updated to core 2.0.15 V13.0.4 10/30/2018 ================= - Fixed a crash in Unzip engine - Fixed a crash that occured at startup with Agent enabled - Fixed installer UUID (reverted to RK12 UUID) - Fixed telemetry setting - Fixed premium settings - Updated to core 2.0.14 - Added: Activations manager screen (List/Remove) V13.0.3 10/29/2018 ================= - First official release - Added signatures V13.0.2 10/25/2018 ================= - Added Comments and Forum Url fields for CloudRemoval - Updated scan rules - Updated CloudRemoval payload - Updated to core 2.0.13 - Updater 3.1 (fixes an issue in Config file readonly) - RKDLL 2.2 (fixes an issue in Config file readonly) - Added detections V13.0.1 10/19/2018 ================== - Update to core 2.0.12 - Fixed minor bugs V13.0.0 10/12/2018 ================== - Update to core 2.0.11 - Fixed minor bugs V12.99.11 10/05/2018 ================= - Fixed a potential crash in FileScanner (COM) - Fixed detection color for PUP/PUM - Fixed FileScanner path scan for folders - Updated documentation link - Added detections V12.99.10 10/03/2018 ================= - Technician license compatibility - Trusight cleanup at exit - Setup gives the ability to clean license/data at uninstall - Fixed issue where Filescanner was detecting Folders with suspicious path - Backported V12 missing settings (Proxy, Agent) - Backported V12 support form - Now detecting and migrating V12 config file and license - Added Scan mode information in report view and scan progress - Fixed report view for RogueKiller V12.99.9 09/20/2018 ================= - Adlice Diag project backport - Rewritten engine from scratch - Rewritten UI from scratch - Scanner is now multithreaded, optimized for speed. - Scanner has new modules: Digisig scanner, Webconf scanner, V12.13.6 10/22/2018 ================= - Added detections V12.13.5 10/15/2018 ================= - Added detections V12.13.4 10/08/2018 ================= - Added detections V12.13.3 10/01/2018 ================= - Added detections V12.13.2 09/24/2018 ================= - Added detections V12.13.1 09/17/2018 ================= - Added detections V12.13.0 09/10/2018 ================= - Fixed a critical memory leak in core (buffer) - Added detections V12.12.34 09/03/2018 ================= - Added detections V12.12.33 08/27/2018 ================= - Added detections V12.12.32 08/20/2018 ================= - Added detections V12.12.31 08/10/2018 ================= - Added detections V12.12.30 08/06/2018 ================= - Added detections V12.12.29 07/30/2018 ================= - Added detections V12.12.28 07/23/2018 ================= - Added detections V12.12.27 07/19/2018 ================= - Added detections V12.12.26 07/09/2018 ================= - Added detections V12.12.25 07/02/2018 ================= - Added detections V12.12.24 06/25/2018 ================= - Added detections V12.12.23 06/18/2018 ================= - Fixed a crash in Curl module - Fixed Win32 API usage that broke XP compatibility V12.12.22 06/18/2018 ================= - Added detections V12.12.21 06/11/2018 ================= - Added detections V12.12.20 06/04/2018 ================= - Added detections V12.12.19 05/28/2018 ================= - Added detections V12.12.18 05/22/2018 ================= - Added detections V12.12.17 05/14/2018 ================= - Added detections V12.12.16 05/04/2018 ================= - Added detections V12.12.15 04/30/2018 ================= - Added detections V12.12.14 04/23/2018 ================= - Added detections V12.12.13 04/16/2018 ================= - Added detections V12.12.12 04/09/2018 ================= - Added detections V12.12.11 04/03/2018 ================= - Added detections V12.12.10 03/26/2018 ================= - Added detections V12.12.9 03/19/2018 ================= - Added detections - Update Korean translation V12.12.8 03/12/2018 ================= - Added detections V12.12.7 03/05/2018 ================= - Added detections V12.12.6 02/26/2018 ================= - Added detections V12.12.5 02/19/2018 ================= - Added detections V12.12.4 02/12/2018 ================= - Added detections V12.12.3 02/05/2018 ================= - Added detections V12.12.2 01/29/2018 ================= - Added detections V12.12.1 01/22/2018 ================= - Fixed possible crash in PE parser - Added detections V12.12.0 01/15/2018 ================= - Fixed possible hang while processing file MD5 - Fixed Chrome extension removal - Fixed Chrome configuration removal - Added detections V12.11.32 01/08/2018 ================= - Added detections V12.11.31 01/02/2018 ================= - Added detections V12.11.30 12/26/2017 ================= - Added detections V12.11.29 12/18/2017 ================= - Added detections - Fixed Windows Defender FP V12.11.28 12/11/2017 ================= - Added detections V12.11.27 12/04/2017 ================= - Fixed potential issue with "device not found, insert disk" messages - Added detections V12.11.26 11/27/2017 ================= - Added detections V12.11.25 11/20/2017 ================= - Added detections V12.11.24 11/13/2017 ================= - Added detections V12.11.23 11/06/2017 ================= - Added detections V12.11.22 10/30/2017 ================= - Added detections V12.11.21 10/23/2017 ================= - Added detections - Updated translations - Fixed a bug in JSON export V12.11.20 10/16/2017 ================= - Added detections V12.11.19 10/09/2017 ================= - Added detections V12.11.18 10/02/2017 ================= - Added detections V12.11.17 09/25/2017 ================= - Added detections - Updated translations V12.11.16 09/18/2017 ================= - Added detections V12.11.15 09/18/2017 ================= - Added detections V12.11.14 09/11/2017 ================= - Added detections V12.11.13 09/04/2017 ================= - Added detections - Added msiexec handler to pathparser V12.11.12 08/28/2017 ================= - Added detections V12.11.11 08/21/2017 ================= - Added detections - Dutch translation update V12.11.10 08/14/2017 ================= - Added detections - Fixed issue with uploader (please note this will apply to next update) V12.11.9 08/03/2017 ================= - Added detections - Fixed POST requests with proxy - Fixed Upload timeout (crash upload/support form) V12.11.8 07/24/2017 ================= - Fixed proxy persitence in Free mode - Fixed a bug in MalPE - Added detections - Updated translations V12.11.7 07/17/2017 ================= - Added detections - Added Proxy configuration V12.11.6 07/10/2017 ================= - Added detections V12.11.5 07/03/2017 ================= - Added detections V12.11.4 06/26/2017 ================= - Added detections V12.11.3 06/19/2017 ================= - Added detections - Minor fixes V12.11.2 06/12/2017 ================= - Added detections V12.11.1 06/04/2017 ================= - Added detections - Fixed possible bug in MalPE scanner - Forced VT mitigation for MalPE scanner to avoid FPs V12.11.0 05/29/2017 ================= - Added detections - NEW! MalPE module (BETA) - NEW! RogueKillerAdmin V2 compatible - DEPRECATED: RogueKillerAdmin V1 V12.10.10 05/22/2017 ================= - Added detections V12.10.9 05/15/2017 ================= - Added detections V12.10.8 05/08/2017 ================= - Added detections - Fixed a bug in settings where Offline registry setting wasn't saved V12.10.7 05/01/2017 ================= - Added detections - Fixed a possible crash in COM module - Fixed a possible crash in Path parser V12.10.6 04/24/2017 ================= - Added detections - Updated translations V12.10.5 04/18/2017 ================= - Added detections V12.10.4 04/10/2017 ================= - Added detections V12.10.3 04/03/2017 ================= - Added detections V12.10.2 03/27/2017 ================= - Added detections V12.10.1 03/20/2017 ================= - Added detections V12.10.0 03/13/2017 ================= - Added detections - Now using common translations - Fixed UI error where the "Pause" button was not reset after a scan - Fixed a bug in the MBR scan - Fixed minor bugs V12.9.9 02/27/2017 ================= - Added detections - Added warning when no element is selected prior to removal - Fixed a bug in detection labels - Fixed a bug in VT module V12.9.8 02/21/2017 ================= - Added detections V12.9.7 02/06/2017 ================= - Added detections - Updated translations V12.9.6 01/30/2017 ================= - Added detections V12.9.5 01/23/2017 ================= - Added detections V12.9.4 01/16/2017 ================= - Fixed FP on Mozilla Maintenance Service V12.9.3 01/16/2017 ================= - Added detections - Fixed licensing machine ID V12.9.2 01/09/2017 ================= - Added detections - Fixed critical bug in File module leading to a crash when scanning big files (> 2GB) V12.9.1 01/02/2017 ================= - Added detections - Various fixes V12.9.0 12/26/2016 ================= - Added detections - Signatures reorganization with YaraEditor database - Donation text rewording - Fixed big files scan - Switched Yara fast mode ON - Fixed tasks working dir recognition V12.8.6 12/19/2016 ================= - Added detections V12.8.5 12/12/2016 ================= - Added detections V12.8.4 12/05/2016 ================= - Added detections - RogueKillerDLL 1.0.3 - Fixed a bug in licensing, where it was impossible to remove license if about to expire V12.8.3 11/28/2016 ================= - Added detections V12.8.2 11/21/2016 ================= - Added detections - Updated translations V12.8.1 11/14/2016 ================= - Added detections - Fixed update page translations - Fixed eula page translations - Fixed machine identification method V12.8.0 11/07/2016 ================= - Added detections - NEW! Chrome configuration scanner - Added Print Providers scanner V12.7.5 10/31/2016 ================= - Added detections - Fixed COM crash on some machine at initialization - Added Svchost path parser and service scanner - New telemetry - Fixed hidden tasks not being scanned V12.7.4 10/24/2016 ================= - Added detections - Fixed COM init/close implementation, that led to a hang on Windows XP - Improved path parsing security - Now path parser is able to scan for powershell EncodedData payloads V12.7.3 10/17/2016 ================= - Added detections - Updated translations - Fixed bugs in task scanner prenventing from scanning entirely and removing tasks - Fixed a bug with exit button - Now installer has complete version number V12.7.2 10/15/2016 ================= - Emergency fix for ADS false positive V12.7.1 10/10/2016 ================= - Added detections V12.7.0 10/03/2016 ================= - Added detections - Improved filesystem scanner - Improved telemetry - Added winsock scanner - Fixed a bug in installer - Fixed installer error messages translations V12.6.4 09/26/2016 ================= - Added detections - Fixed a bug in disk serial read V12.6.3 09/19/2016 ================= - Added detections - NEW! Firewall rules scanner V12.6.2 09/12/2016 ================= - Added detections - Fixed a bug in LNK cleanup - Added powershell path parser V12.6.1 09/06/2016 ================= - Fixed missing resources (leading to a crash) V12.6.0 09/05/2016 ================= - Added detections - Updated translations - Fixed a bug where patched files were not fixed on removal - Added warning when license is expired or about to expire - NEW! WMI Scanner V12.5.2 08/29/2016 ================= - Added detections - Updated translations V12.5.1 08/22/2016 ================= - Fixed a bug in Yara module V12.5.0 08/22/2016 ================= - Added detections - Added file exclusion for forged files - Fixed a bug where big files were detected as VT.Unknown - Updated scanner to use Yara 3.5: https://github.com/VirusTotal/yara/releases/tag/v3.5.0 - Fixed (Yara 3.5): Processes scan doesn't use all memory/cpu - Improvements (Yara 3.5): Scan is faster V12.4.4 08/16/2016 ================= - Added detections - Updated translations V12.4.3 08/08/2016 ================= - Added detections V12.4.2 08/01/2016 ================= - Added detections V12.4.1 07/28/2016 ================= - Added detections - Shortcuts scanner now cleans them instead of removing V12.4.0 07/18/2016 ================= - Added detections - Added Feed fallback (no more blank thing when website is slow) - Added Shortcuts scanner - Added Tasks scanner (by name/path) - Updated translations - Moved IRP scan to expert mode - Fixed a bug where LNK pointed by tasks where not resolved - Added registry Classes scanner - (Premium) Added -noremove switch, to ignore detections V12.3.8 07/11/2016 ================= - Added detections - New feed version, with licensing filtering - Registry scanner enhancement: Now stops the service before removing a service key - Fixed a bug where Processes files were marked as missing - Fixed VT score display V12.3.7 07/04/2016 ================= - Added detections - Updated internal links - Updated translations V12.3.6 06/27/2016 ================= - Fixed a bug leading to app being quit when a message is closed while in tray. - Now displaying warnings on "Expert settings" turned on. V12.3.5 06/22/2016 ================= - Fixed all links, now using a file provider API. V12.3.4 06/20/2016 ================= - Added detections - Added folder children exclusion scanner rule - Signatures normlization - Fixed a bug leading to hosts file not being scanned V12.3.3 06/13/2016 ================= - Added detections - Updated translations - Fixed a bug where HTML reports were'nt readable on Chrome V12.3.2 06/06/2016 ================= - Added detections - Fixed possible crash on Intel files scan - Refactor of marketing page - Fixed a bug in VirusTotal upload leading to files not being sent for analysis - Minor UI improvments V12.3.1 05/30/2016 ================= - Added detections - Updated translations V12.3.0 05/22/2016 ================= - Added detections - NEW! (Premium) Themes - NEW! Clear theme - NEW! Naked theme - NEW! Dark theme - Modified stats payload - Update form: Now displays a warning when Updater is not present - Update form: Now opens direct link to setup for Premium user in case Updater not present V12.2.1 05/16/2016 ================= - Added detections - Fixed transfer progress reset - Updated translations - Fixed UI hangs bug in old GUI V12.2.0 05/10/2016 ================= - Added detections - Updated translations - Fixed a bug preventing from starting the scan on machines with 1 CPU - Added a Quit button (useful when you want to skip close to tray) - Fixed links in About tab - Fixed check for updates (was not showing outdated when update arrives after the program is started) V12.1.6 05/09/2016 ================= - Added detections - Updated translations - Improvement of path parsing module, added "cmd start x" method. V12.1.5 05/02/2016 ================= - Added detections - Update form now shows changelog - Fixed RKAdmin link in updater V12.1.4 04/25/2016 ================= - Added detections - Fixed forged files dump to VT - Now displays a warning when using wrong bits version - Now shows GeoIP results - Fixed an issue in updater where RogueKillerCMD wasn't recognized V12.1.3 04/18/2016 ================= - Added detections - Updated translations - Fixed default check state in installer - Fixed a bug that allowed check state modification of non-removable items - Updater now uses cloud link - Feed now uses cloud link - Fixed a bug in GeoIP module - Fixed a potential crash in MBR reading V12.1.2 04/11/2016 ================= - Added detections - Updated translations V12.1.1 04/04/2016 ================= - Added detections - Updated translations - Now file replacements are made with sfc.exe on Vista+ - Added button to remove trial - Fixed a bug in Chrome scanner preventing the scan from starting V12.1.0 03/29/2016 ================= - Added detections - NEW! Tools menu - NEW! Hosts File Tools menu (Premium) - Updated translations - Fixed a bug in context menu actions V12.0.3 03/21/2016 ================= - Added detections - Added indonesian language - Added more translators names - Fixed a bug in AutoStart/AutoDelete - Fixed a bug preventing to quit on Update - Added a link to Lost license form V12.0.2 03/14/2016 ================= - Added detections - Added crash dump form - Fixed a bug that showed steps not supposed to run - Updated translations / Fixed typos - Added Data column in scan results - Fixed Autoscan - Fixed Autoremove - Now scan progress live detection shows in red when an item is detected - Fixed a bug that led to driver state being wrong in reports V12.0.1 03/07/2016 ================= - New user interface - Added detections V11.0.14 02/29/2016 ================= - moved driver loading at the beginning of the scan - introducing expert mode - processes no longer killed during scan (killed at removal, on demand) - moved IAT scanning into expert mode - core preparation for V12 - Added detections V11.0.13 02/22/2016 ================= - moved signatures loading at the beginning of the scan - core preparation for V12 - Added detections V11.0.12 02/15/2016 ================= - Added detections - Fixed a bug in Files module - Fixed a bug in Web module V11.0.11 02/08/2016 ================= - Added detections V11.0.10 02/01/2016 ================= - Added detections - Updated translations V11.0.9 01/25/2016 ================= - Added detections - Updater 2.1 - Updater can now serves installable version - Updater can now skip licensing page if already registered V11.0.8 01/19/2016 ================= - Added detections - TrueSight v2.0.2 (fixed digital certificate for SHA1) - Added Turkish language - Updated translations V11.0.7 01/11/2016 ================= - Added detections - Added ADS whitelisting/blacklisting V11.0.6 01/04/2016 ================= - Added detections - Using new licensing API V11.0.5 12/28/2015 ================= - Added detections - Now setup will verify license key when entered V11.0.4 12/20/2015 ================= - Added detections V11.0.3 12/14/2015 ================= - Added detections - Added translations in setup - Updated translations V11.0.2 12/07/2015 ================= - Fixed a bug in Buffer search V11.0.1 12/07/2015 ================= - Added detections - Fixed a possible bug in scanner - Fixed a possible issue in COM module V11.0.0 11/30/2015 ================= - Added rating link in marketing window - Now detects ADS (Alternate Data Streams) - Qt 5.5 - Moved Prescan into Scan - Now IAT scan is able to scan Microsoft Edge - Better hooks report for kernel hooks - Truesight v2 - Now kernel hooks are scanned on userland - Fixed a bug in COM module - Added software keys detection - Added registry path signatures - Added detections V10.11.7 11/23/2015 ================= - Added detections - Fixed a possible hang issue on HTTP calls (timeout broken) - setup improvments, ability to deploy both version (32/64 bits) - setup improvments, banner and translations - fixed a possible crash in junctions data parsing V10.11.6 11/16/2015 ================= - Added detections - Fixed a bug that closed the app when closing child window when minimized in tray - added -reportpath command line parameter - UI tweaks V10.11.5 11/09/2015 ================= - Added detections V10.11.4 11/02/2015 ================= - Added detections - Fixed a bug in licensing engine, leading to a lost of configuration sometimes. - Fixed a bug in processes module where main module was not good - Fixed a bug in processes module where Updater was crashing if a very long command line was passed V10.11.3 10/26/2015 ================= - Added detections - Added warning when driver is not loaded - Fixed Microsoft Security Client as legit parent for svchost - (Premium) Added Premium label in reports - Updated translations - (Premium) Added information for external scanner (tab in settings) - (Premium) Now application closes in tray and persist - (Premium) Now able to start a scan from the tray icon - Fixed a bug where services/windows were not scanned - Fixed a bug where filesystem was not properly scanned V10.11.2 10/20/2015 ================= - Fixed a crash in Buffer module - Moved rebranding to Premium Technician V10.11.1 10/19/2015 ================= - Added detections - Moved rebranding to Premium documented features - Fixed an issue with IAT scan progress (progress reset after process scan) - Updated translations - NEW! (Premium Technician) Added an option to limit time validity of portable config files - Improved performance of filesystem scanner (scan is now much faster) - Whitelisted Chrome sandbox IAT hooks - Added timeout for file shortcut resolution (improves performance of filesystem scanner) V10.11.0 10/12/2015 ================= - Added detections - Added filter on VirusTotal internal submit (no user file) - Improved shellcode module detection in inline hooks module - Fixed memory growth while scanning filesystem - IAT scan is now much faster because only scanning windows DLLs table - Table-based hooks have cleaner display in logs (module!export) - Fixed a bug in modules enumeration on 64 bits - Excluded wow64cpu enter from inline hooks detection - Now inline hooks architecture detection relies on import module architecture instead of process - RogueKillerCMD: Added -dont_ask switch (to eliminate all user interactions and use default actions) V10.10.9 10/05/2015 ================= - Fixed bug in Disk module - Fixed bug in IAT parser V10.10.8 10/05/2015 ================= - Added detections - Now Updater restarts application using same command line parameters V10.10.7 09/28/2015 ================= - Added detections V10.10.6 09/21/2015 ================= - Added detections - Fixed bug in Disk module - New social icons - RogueKillerCMD: Added build number, licensing state V10.10.5 09/14/2015 ================= - Added detections V10.10.4 09/04/2015 ================= - Added detections - Updated links - (Premium) Added notification when license is about to expire - Fixed bug in Disks module V10.10.3 08/31/2015 ================= - Added detections - Now all legit antirootkit entries are hidden - fixed a bug in Process module - internal reorganization V10.10.2 08/24/2015 ================= - Added Detections - NEW! Added Processes list to json report - NEW! (Premium) Added -vtupload yes/no command line parameter - Updated EULA to reflect licensing terms - Updated translations - Added help button in "?" menu - Fixed way of reading disk serial - Fixed a bug in VT scanner V10.10.1 08/17/2015 ================= - Added detections - (Premium) Added message when Updater is not present and program is outdated - Updated translations - Added link to public Trello board - Added version check in about form - NEW! VirusTotal choice for upload - NEW! (Premium) VirusTotal choice setting - Fixed automatic updates when Updater is not present - NEW! EULA will show up again if a new version is present - Extended injection signature search to 4 sections (instead of 1), to better identify injection code. - Now infection urls for antirootkit point to non technical posts - Resized main and about forms - (Premium) Added more information in licensing server check - (Premium) Prepared for annual subscription switch V10.10.0 08/11/2015 ================= - Added detections - Compatibility with Windows10 - Added error message when key has wrong pattern - Updated translations - NEW! File Scanner is more aggressive, and will search in a lot more locations - Fixed a bug in honey module - Fixed a bug in logging module V10.9.4 07/30/2015 ================= - Added detections - Fixed file scan when path contains unicode characters - Fixed offline licensing issue (License was not recognized when no internet available). Now once registered (with internet on) it works offline. - NEW! (Premium) Tray icon phase 1. V10.9.3 07/21/2015 ================= - Fixed a crash when scanning Digital Certificate of some files - Fixed a FP when LNK files have unicode characters in path (OneNote 2010 - Capture d??cran et lancement.lnk) V10.9.2 07/20/2015 ================= - Added detections - NEW! HTML reports - NEW! HTML Open button - NEW! TXT Open button - NEW! HTML log setting + command line parameter - Fixed timeout for Curl operations (max 5 seconds) - NEW! signature database is now pre-compiled, will load much faster - Updated Yara engine to 3.4 - Refactored Digisig engine, better performances - Added more information in Json log for killed processes - Fixed a bug where x64 processes names are not found when using x86 version - Fixed path whitelist priority on VT blacklist (processes scanner) - Updated translations - Fixed an issue where Floppy drives become very noisy during scan V10.9.1 07/09/2015 ================= - Added detections - NEW! Added Open Text button in Json log viewer. - NEW! Korean language - Updated translations - Fixed Scan randomly performed. - NEW! Command line parameter: -reportformat [txt|json] - NEW! Report format setting - Merged Txt report generation with Txt export V10.9.0 07/06/2015 ================= - Separate database for RogueKillerCMD / Updater - NEW! Updater is now generic (cannot be used by double click anymore, takes command line) - NEW! RogueKillerCMD can now use automatic updates - NEW! RogueKillerCMD has now a version check - NEW! RogueKiller has now accessibility (JAWS compatibility) - Added detections - -autodelete implicit has been removed from -hide - Fixed a bug in RogueKillerCMD where command line isn't handled correctly - NEW! RogueKiller now uses JSON as root format for reporting - NEW! RogueKiller can open JSON logs into a new window - NEW! JSON logs can be exported in RAW text format - Updated translations - NEW! setup now embeds RogueKillerCMD - Fixed a bug in tasks scanner - Fixed certificate timestamp V10.8.7 06/29/2015 ================= - Removed AV.Killer definition (too many FPs) - Fixed a bug in mstring module, leading to infinite loop in certain circumstances - Now tasks scanner scans arguments too - Added detections V10.8.6 06/22/2015 ================= - Adjusted AV.Killer definition V10.8.5 06/22/2015 ================= - Added detections - NEW! External Scanner - Fixed a bug in Process Scanner - Fixed a bug in File Search - Fixed a bug in Registry Scanner - Now process paths are expanded - Fixed a bug in VT module - Fixed a bug in -autoscan V10.8.4 06/16/2015 ================= - Added Skype to exclusions for RunPE detections V10.8.3 06/15/2015 ================= - Added detections - NEW! RunPE heuristic detection - (Premium) Removed Paypal/Premium images - Refactored settings form - NEW! (Premium) -autoupdate command line parameter + setting - Updated translations - Fixed a bug in VT module - Fixed a bug in WebServer (Not starting sometimes) V10.8.2 06/09/2015 ================= - Using Licensing 2.0 - Added detections V10.8.1 06/03/2015 ================= - Fixed a bug in Licensing - Fixed a bug in VirusTotal module - Now portable license generated file is read-only - Added GUI indicators when using portable license - Added detections - Extension checker optimizations V10.8.0 06/01/2015 ================= - Updated database - Fixed a bug in reporting - Disabled PUM.DesktopIcons (too confusing, and not critical) - Disabled PUM.Orphan (too confusing, not critical) - Better unit testing - Initialization optimizations - Updated translations - NEW! (Premium) Web service - NEW! Web service /info url (get version info) - NEW! Web service /scan/new url (start new scan) - NEW! Web service /scan/status url (get scan status) - NEW! Web service /report/last url (get last report) - NEW! (Premium) -pupismalware command line parameter + setting - NEW! (Premium) -pumismalware command line parameter + setting - Reverted portable fixed location in rk_config.ini - Fixed error message when too many instances - Setup now adds RogueKiller bin folder to %PATH% - Updated userland certificate - NEW! Promotional nag. V10.7.0 05/25/2015 ================= - New configuration module, not compatible with old one. Able to use read-only medium for portable license. - NEW! no more rk_config.ini for technician license. - NEW! command line parameter: -portable-license - Updated languages V10.6.5 05/20/2015 ================= - Fixed a bug with KnownDLLs detection when value name starts with underscore (_) V10.6.4 05/18/2015 ================= - NEW! Preferred language is now saved - Added detections - Fixed processes scan aggressiveness - NEW! Logo can now be rebranded (Please contact us) - Fixed a bug in Extensions Checked - Fixed a bug in CLSID scanner - Fixed Orphan detection level + vendor name => PUM.Orphan - Fixed License fallback state - Added new autostart locations - Added Transfert progressbar V10.6.3 05/11/2015 ================= - Added detections - Fixed a bug in File Search module - Increased feed rotation time - Better UI information - Deactivated VT IP scan (too many FPs) V10.6.2 05/04/2015 ================= - NEW! Breaking news banner - External libs update + optimizations (Zlib, SQLite, udis86) - Fixed a bug in Tab navigation V10.6.1 04/27/2015 ================= - Now VT file scan has minimum/maximum size - Refactored PUP/PUM classification to be clearer and more consistent - Fixed VT file scanner scanning LNK files instead of target - Now VT unknown s classified as PUP - Now VT cache has outdated date (fixed to 5 days) - Now VT scanner rescans pending items at initialization - Added detections V10.6.0 04/20/2015 ================= - Added detections - Moved version check before Prescan - Fixed a bug in IAT scanner, where call stack was not recorded correctly - Fixed a bug in IAT scanner, where unknown module was not displayed - Fixed a bug in RogueKiller OLD GUI, where config file was not read properly - Fixed ShowLegitHooks command/setting - Fixed slow UI when a lot of entries are added to a table - Fixed a bad items insertion when sorting was enabled - Fixed a bug in MBR (GPT) module - Fixed missing Premium info when internet access is broken - Fixed a bug in libcurl library (X64) - Added new method to detect IAT inline hooks - NEW! VT Scan on registry, tasks, files, mbr, web browsers and antirootkit scans. - NEW! VT scan no more in beta - NEW! VT scan now scans all processes - NEW! VT scan has local caching V10.5.10 04/13/2015 ================= - Added detections - Now can register Premium with command line parameter: -register - Now displays remaining activations for Premium - All communications are now using SSL (HTTPS) - RogueKillerCMD: Added better colors - RogueKillerCMD: Now can recognize RogueKiller's command line parameters V10.5.9 04/07/2015 ================= - Added detections - Now logs are sorted by date - Now can attach last log even if a scan was not performed in the same session - Fixed a bug where registration form cannot upload last report - Removed Post Delete message asking for Premium buying when a user is already registered - Now file scanner shows unscanned files (for progression), so that software doesn't give an impress of being stuck V10.5.8 03/30/2015 ================= - Added detections - Fixed a bug where config isn't reset after removing the license. - Fixed NoPop configuration bug - Added all command line parameters in Settings - Updated translations - Now registration Id/Key are trimmed to avoid copying/writing spaces before/after them (and have wrong key error message) - Fixed updater now recognizing License on Windows 8 (now needs admin rights to be launched). - Updated EULA to reflect VirusTotal integration rules. V10.5.7 03/22/2015 ================= - Fixed a crash when starting the application V10.5.6 03/21/2015 ================= - Added detections - Fixed bug forbidding technician licenses to use command line - Added Persian translation - Fixed a possible hang on service termination - Added progress text on progressbar during the scan - NEW! VT scan on Processes (beta, only premium, disabled by default) - NEW! VT scan on Services (beta, only premium, disabled by default) - RogueKillerCMD : removed tutorial opening in case of an infection V10.5.5 03/16/2015 ================= - Added detections - PREMIUM: Added more settings options - Unhidden premium options, added Nag message - Updated translations - Moved Scan choices to settings V10.5.4 03/12/2015 ================= - Added detections - Added credits for translators (About) - Now service scanner is aware of ServiceDll path - Updated translations - Now Premium registration email is trimmed (remove spaces before and after the email) V10.5.3 03/10/2015 ================= - Fixed a bug in Path module where all shortened path were not properly expanded (Ex: LogMe~ => LogMeIn Rescue Applet) V10.5.2 03/09/2015 ================= - PREMIUM: Technician License can now use portable config file - Added Premium logo - Fixed a bug when opening website V10.5.1 03/05/2015 ================= - Using new licensing system - Added detections V10.5.0 03/01/2015 ================= - NEW! Now RogueKiller is available with an installer - PREMIUM: Separate updater - PREMIUM: Trial of 30 days per machine - Added detections - Fixed a crash in jansson library V10.4.3 02/23/2015 ================= - Added detections V10.4.2 02/23/2015 ================= - Added detections V10.4.1 02/19/2015 ================= - Added detections V10.4.0 02/18/2015 ================= - Uniformization of whitelists/blacklists (we dropped a lot of detections, this can lead to false positives... ...but they will be fixed as people report them) - Fixed a bug in LNK signature detection - Fixed a buf in Time module - NEW! Better CLSID scanner - NEW! Now MBR scanner is EFI compatible - Updated italian translation - Fixed a bug in Path module V10.3.0 02/16/2015 ================= - Added detections - New command line flag: -showlegithooks (Shows legit hooks that are normally hidden) - Big improvements in the IAT hooks engine; Preparation of refactoring for the kernel hooks. - Big improvements in Extension Checker module - NEW! Arabic translation - Updated translations - Updated Yara engine to 3.3 V10.2.0 01/19/2015 ================= - Added detections - Updated Italian translation - Added German translation - Added Chinese traditional translation - Fixed a bug in Registry scanner where .DEFAULT hive is not scanned - Added MBR signature for FinFisher - Added MBR signature for TDL4 - Added MBR signature for Rovnix - Fixed some bugs in MBR scanner - Improved low level disk access library - Added VBR (Volume Boot Record) scanner V10.1.2 01/06/2015 ================= - Added detections - Updated Spanish translation - Added Italian translation - Added hook signatures engine V10.1.1 12/23/2014 ================= - Added detections - PREMIUM: Added settings form - PREMIUM: Added MBR Scan setting - PREMIUM: Added Honey Scan setting - PREMIUM: Added Antirootkit Scan setting - PREMIUM: Added Open website setting - Added Dutch translation - Added Italian translation - Added sanity check for website opening V10.1.0 12/11/2014 ================= - Added detections - Fixed mbamservice false positive V10.0.9 12/08/2014 ================= - Fixed Xpaj false positive with DiskCryptor MBR - Added DiskCryptor MBR signature - Added detections - TrueSight 1.0.4: Better shellcode module detection - IAT Hooks: Better shellcode module detection V10.0.8 11/20/2014 ================= - Added detections - Fixed bug of processes not killed - Now process memory is scanned before path scan V10.0.7 11/20/2014 ================= - Now process pages are scanned for whitelist - Updated Yara engine - Added detections - Reverted some command line to free version: -nodriver -nokill -nopop -nothirdparty V10.0.6 11/12/2014 ================= - Fixed a bug in Process module (not enough rights to get process path) - Fixed a bug in AV whitelist detection - Added detections V10.0.5 11/11/2014 ================= - Now AV processes are whitelisted - Added language separator for "Your language here" - Added Injected process heuristic detection - Fixed bad Zeus signature - More aggressive against Poweliks processes - Added detections - Updated links V10.0.4 10/29/2014 ================= - Added link to translations in language menu - Added Delay IAT in PE module - Added Delay IAT hooks in antirootkit - Now IAT hooks are printed to UI as they are scanned - Removed ctfmon from sensitive processes - Now detects Zeus variants - Now informative texts are not elided - Better choices (currency/amount) for Paypal form - Removed unused resources - Improvements in quarantine module - Now DNS entries show country IP in text report - PREMIUM: Added quarantine handler - Added detections V10.0.3 10/22/2014 ================= - New user-agent: Now sends extended vendor names for real time monitoring - Added detections V10.0.2 10/16/2014 ================= - Added detection of services hidden from SCM and from registry - Dropped command line support in free version - Removed EAT hooks (useless) - Improved IAT hooks scanner (now scans all modules instead of main module) - Fixed a bug in driver library (driver could not load under certain circumstances) - Added Czech translation - Added tooltip with detection level (for colorblind people) - Added detections V10.0.1 10/10/2014 ================= - Improvements in Process library - Added COM integrity check to disable COM calls when server is corrupted (Poweliks) - Fixed Poweliks rule - Added detections - Fixed Bug in registry module - Fixed a bug in logging V10.0.0 10/08/2014 ================= - Major UI changes - Added support for future Premium version - Added support for ShellIconOverlayIdentifiers and ShellServiceObjectDelayLoad keys - Now CLSIDs are scanned for path and memory - Added detections V9.3.0 10/06/2014 ================= - New Rules engine. Easier to maintain, more robust. - Fixed a lot of bugs in Scanner engines. - Added detections V9.2.13 09/25/2014 ================= - Fixed a bug in registry module introduced in 9.2.12 - Fixed a bug in process engine that forbids svchost processes to be killed - Added detections V9.2.12 09/23/2014 ================= - TrueSight: 1.0.3: Fixed a Kernel stack overflow leading to a BSoD - Better handling of multistring registry value/key names (ZeroAccess/Poweliks) - Added Poweliks detections - Added detections V9.2.11 09/18/2014 ================= - Added detection to new Poweliks variant - Fixed a bug of infinite wait when COM objects are broken V9.2.10 09/09/2014 ================= - Fixed a bug in Yara scanner - Fixed a bug in language module - Fixed a crash dump uploader (due to surlatoile.org move to https) - Added service binary path in report V9.2.9 09/01/2014 ================= - Updated Yara to 3.1.0 - Added detections - Firefox PUM.HomePage is using domain whitelist V9.2.8 08/15/2014 ================= - Added detections V9.2.7 08/15/2014 ================= - Added scan of Search Page/Start Page for Internet Explorer - Added scan of Start Page for Firefox - TrueSight 1.0.2: Process Kill - TrueSight 1.0.2: Registry key Kill - TrueSight 1.0.2: File Kill - RogueKiller: Implementation of new Truesight features - RogueKillerCMD: Implementation of new Truesight features V9.2.6 08/07/2014 ================= - Removed a ZeroAccess false detection - Fixed a bug in registry module (introduced in 9.2.5) V9.2.5 08/07/2014 ================= - Fixed a bug in registry module (poweliks/zeroaccess trick) - Fixed a bug in command line parsing - RogueKillerCMD: Added registry value/subkey removal by index - Added detections V9.2.4 07/24/2014 ================= - Added detections - Added Key present rule - Added Value data rule - Updated Yara - Fixed a bug in file search module - Fixed a bug in honey file module - Fixed string limit in path module - RogueKillerCMD: Registry Kill V9.2.3 07/14/2014 ================= - Fixed a bug in file module - Added detections V9.2.2 07/11/2014 ================= - Fixed a bug in task scanner - Fixed a bug in path parser - Fixed a bug in registry module - Fixed a bug in install module - Unknown MBRs are dumped in %programdata%/RogueKiller/Debug - Added detections V9.2.1 07/09/2014 ================= - Fixed a bug in logging - Fixed unicode hosts file read/write - Fixed empty hosts lines scan - Truesight 1.0.1 - Truesight now suspends TDL4 threads before MBR fix - Removed debug messages from Truesight - Fixed pcalua detection in task scanner - Added links V9.2.0 07/07/2014 ================= - Truesight 1.0 (no more in beta) - Truesight loads in X64 - Truesight rewriten from scratch (increased stability, code compatibility) - Truesight now detects Filters (regular, reverse) - Added detections - Added translations - Fixed regression about vendor url opening - Fixed bug about duplicate registry entries on x86 V9.1.0 06/23/2014 ================= - Added detections - Fixed a problem of ProgramFiles/ProgramFilesX86/ProgrameFilesW6432 var env parsing - Binaries are now digitally signed. - updated translations V9.0.3 06/17/2014 ================= - Fixed encoding bug in quarantine handler - Fixed crash window opening when no dump is available - Fixed duplicated files in common startup folder on XP - Detection of WinPE. Now LivePE/LiveUSB scan is faster and more accurate. - Fixed reboot query - Improved replacement method - Fixed DNS whitelisting - Added Zekos signatures - Now file replacement engine looks for same file version before replacing. - Fixed a bug in startup honey module - Fixed a bug in mbr module - Added detections V9.0.2 06/04/2014 ================= - Fixed a bug in registry scanner - Fixed a bug in Buffer lib - Added chrome extensions removal - Fixed service repair - Added single instance mutex - Fixed a bug when trying to quit - Added detections - Added Necurs link - Added pathparser special rules (rundll32, wscript) - Fixed a bug in file parsing - Fixed a bug in Honey module V9.0.1 06/02/2014 ================= - Fixed a bug in logging - Fixed a bug in File lib - Fixed a bug in GUI - Optimizations in String parser - Added detections - Fixed a bug in addons detection - Fixed a bug in forged file detection - Fixed a bug in service scanner - Now malware hooks are Orange V9.0.0 05/29/2014 ================= - Fixed bugs V9.0.0 beta 3 05/26/2014 ================= - CLI commands -nodriver -autoscan -autodelete -autoquit -autoeula -hideui - Added detections - Fixed EULA - Added service repair - Added check for updates - Changed driver icon - Added reboot notification - Added pending detections notification on quit V9.0.0 beta 2 05/23/2014 ================= - Fixed a bug in MBR log - Fixed a bug in Service log - Fixed a bug in log (RTL characters removed, ZeroAccess) - Replaced SUSP PATH label by Suspicious.Path - Removed Chrome.exe IAT/EAT scan - Fixed 3 bugs in IEAT/EAT display (process is displayed / legit entries are hidden / fixed size of function in console display) - Now suspicious services registry keys are not prechecked (to avoid confusion with true malware) - Disabled Forged files removal (except if contains malware signature), due to some false positives - Fixed a bug in Registry subkey removal (ZeroAccess) - Fixed a bug in File replacement (added ACL copy before replace, Zekos) - Fixed a bug in ListView sorting (was too slow) - Added detections V9.0.0 beta 1 05/22/2014 ================= - Added crash handler window - Reports are now translated - Added missing translations - Added hover event for Facebook / Paypal links - Added fancy Facebook button - Replaced old icons by high res icons - Added detections - Fixed a bug in ComManager V9.0.0 alpha5 05/21/2014 ================= - Brand new high res icon! (thanks nfn678 from deviantart.com) - Now sending statistics to adlice.com webserver database - PUM color detection is now Dark Gray - Added web browser scan - Added stop button (during scan only) V9.0.0 alpha4 05/20/2014 ================= - Added context menu select/unselect all - replaced old MBR display by a listview - added MBR scan - fixed carriage return bug in reports - fixed bad driver decryption - added Hooks scanner V9.0.0 alpha3 05/19/2014 ================= - Fixed a bug when exiting with file menu - Added hosts fix button (hosts tab) - Fixed window names bug (massive false positive) - Added true version number comparison for version checker - Fixed elided text bug - Added report footer - Now general progressbar is used as progression - Now displays fine progression - Added file scanner V9.0.0 alpha2 05/16/2014 ================= - Fixed a crash in Yara scanner on some processes - Fixed a bug in Hidden processes detection - Fixed a bug in report module, prescan results were removed from reports - Fixed display bug (wrong X64 display in title) - Fixed crash handler, now crash dumps will be located in %ProgramData%/RogueKiller/Debug - Fixed display bug. After removal, status of items was not updated. - Added Hosts file support - Added Hosts file line removal - Removed Proxy, DNS and Shortcut buttons/tabs V9.0.0 alpha1 05/14/2014 ================= - Rewritten engine from scratch ( RKSdk V1 ) - Moved to Yara scanner - Fixed a lot of bugs V8.8.14 03/26/2014 ================= - Fixed a bug in PE parser - Optimizations - Added detections V8.8.13 03/25/2014 ================= - Optimizations - Prepare for 8.9.0 - NEW! Now scans IAT/EAT on x64 operating systems - NEW! Now scans non-PE files (example: .bat) - Addded detections V8.8.12 03/20/2014 ================= - Optimizations - Prepare for 8.9.0 - Added Thanks for Downloading Url at first use. - Fixed bug in MBR fix - Fixed progressbar behavior V8.8.11 03/14/2014 ================= - Optimizations - Added lot of PUP detections - file path are elided in console V8.8.10 02/28/2014 ================= - Added detections - Changed links - Fixed a bug in File library - RogueKillerCMD 0.1.3 * Added service list * Added service kill V8.8.9 02/24/2014 ================= - Added double check for current version - Added double post for autofeedback - Changed sur-la-toile.com domain for new one surlatoile.org (fixed statistics and version check) V8.8.8 02/19/2014 ================= - URL are now localized - Fixed tree process creation deadlock V8.8.7 02/11/2014 ================= - Fixed bugs in Hidden process detection - Added traces for killed processes check bug. V8.8.6 02/07/2014 ================= - ACLs management improvement - Fixed FP in hook module - NEW! Google Chrome extensions are listed [Removal not supported yet] - Fixed Zekos FP with Zanga.exe - Fixed forum link in report V8.8.5 02/03/2014 ================= - Added debug trace for dllhost issue - Added rogue detections - Fixed duplicates in Firefox Addons list - Added extensions.json / extensions.sqlite in the firefox watch list - Now kills firefox before removing extensions V8.8.4 01/27/2014 ================= - Added ACL module. - Fixed bug with ACLs when replacing patched file [Black Screen - Zekos] - Restored Zekos signatures V8.8.3 01/24/2014 ================= - NEW! Extension removal for IE / Firefox (context menu) - Neutralized Zekos signatures to avoid black screen at replacement. [To be fixed] V8.8.2 01/17/2014 ================= - NEW! Miuref detection and removal - Added Zekos x64 detection - Fixed a bug in honey module - Fixed a bug in core module - Fixed a bug in driver module V8.8.1 01/14/2014 ================= - Fixed bug in registry module - Fixed a bug in file module - NEW! Zekos detection and removal. V8.8.0 12/27/2013 ================= - NEW! web browser addons are listed (Internet Explorer | Firefox ) - NEW! Cryptolocker pattern - NEW! Killed process verifier. If some processes remain, they are killed by their whole tree. - Added detections V8.7.13 12/18/2013 ================= - Translated Paypal Icon - Fixed a bug in GUI lib - Added PUP pattern - Fixed a bug in File lib (ZeroAccess detection) - Added addons tab V8.7.12 12/16/2013 ================= - Windows 8.1 detection - Fixed bug in Shortcut mode - Refactoring of File lib - Added detections - RogueKillerCMD 0.1.2 * Added process list V8.7.11 12/04/2013 ================= - Fixed a bug in UI lib V8.7.10 12/04/2013 ================= - Added detections - RogueKillerCMD 0.1.1 * Fixed DLL dependencies V8.7.9 11/25/2013 ================= - Fixed a bug in regex parsing - Optimization of regex - Added 2 new methods for registry Read/Write - NEW! Honey module now uses the Win32 API Offline method (Safer) - Fixed a bug in script cleanup - Fixed a bug in mbr module - Added detections - Added Error code for MBR read - Removed ROGUE ST detection for registry values V8.7.8 11/14/2013 ================= - NEW! Added Zlib compression for crash dump sending - Improvement of args handler V8.7.7 11/11/2013 ================= - NEW! new banner - Fixed bugs in Registry module - Fixed bug in PeParser - Added progress window for crash report uploading - Now collecting FUll dumps [This can be long, be patient!] V8.7.6 10/28/2013 ================= - Changed crash feedback for sending crash dump instead of custom crash logs - Fixed bug in PeParser V8.7.5 10/22/2013 ================= - Added useragent in debug log sending - NEW! Geoloc for proxy / DNS IPs - Fixed bug on TaskMan value - NEW! -report_output and -hide switches - NEW! Stop button V8.7.4 10/16/2013 ================= - Added COUNTRY in user agent of statistic module V8.7.3 10/15/2013 ================= - NEW! Detection/Removal of generic name mismatches in registry key/values (API fool trick -Rootkit) - Fixed a bug in HiveReader module - Fixed a bug in Pattern module V8.7.2 10/10/2013 ================= - Fixed memory leak in sigcheck - Fixed bug in PeParser - Fixed bug in File module - Added RECYCLER suspicious path (DorkBot) - Added TaskManager key monitoring V8.7.1 10/03/2013 ================= - Fixed bugs in PeParser - Fixed bug in IAT/ETA hooks - NEW! Listview sorting V8.7.0 09/30/2013 ================= - NEW! Scan IAT/ETA of sensible processes - NEW! Filesystem userland antirootkit - Added colors to differenciate type of objects - Added Romanian language - Fixed bug in file deletion - Fixed bugs in Pe parser - Optimizations: Com library - Fixed bug in GUI library - Added detections V8.6.12 09/18/2013 ================= - Added detections - Added MBR infos - Added PUM label, and more consitent colors - Fixed a bug in MBR module V8.6.11 09/11/2013 ================= - Fixed a crash a startup on x64 OS V8.6.10 09/09/2013 ================= - Fixed a bug in PeParser - TrueSight 0.9.1 V8.6.9 09/03/2013 ================= - Fixed a bug in PeParser - Added Export parsing - Fixed a bug in SSDT parsing - Added detections V8.6.8 09/02/2013 ================= - Fixed a bug in peParser - Truesight v0.9 ----- Now Date in english format V8.6.7 27/08/2013 ================= - Fixed display issue - Fixed problem in Registry module - Added Rogue.AntiSpy-LSP pattern (Live Security Professional) - Added detections V8.6.6 19/08/2013 ================= - NEW! Ability to resize the application (but still flickering when resized...) - Fixed display issue in safe mode - Removed Hosts scan if file is bigger than 1MB - Added detections - Fixed bug in removal V8.6.5 04/08/2013 ================= - NEW! Added support for new ZeroAccess variant (RTL) - NEW! Added AutoRun value support in PE mode - Fixed bug for rebooting query - Fixed bug in file/folder deletion - Removed unauthorized characters in report - Updated links V8.6.4 29/07/2013 ================= - Fixed display bugs - Added tab icons - NEW! One scan can allow user to trigger each option once (Delete, HostsFix, DNSFix, ProxyFix) - Fixed bug in DLL module - Modified Honey display in report - Fixed bugs in PeParser - Fixed bug in file parser - Added detections - Database queries switched to UNICODE V8.6.3 17/07/2013 ================= - Added detections - Fixed bugs - Added crash feedback link into crash window V8.6.2 02/07/2013 ================= - Modified links - Fixed bugs - Added Turkish translation - Added switches -autoscan, -autoaccepteula, -autoquit and -autodelete for automation of the flow - NEW! Minidump writting for DEBUG version (in cas of crash) V8.6.1 17/06/2013 ================= - Fixed bugs - Improved filename parsing V8.6.0 14/06/2013 ================= - Changelog in English - Rewrited whole engine - NEW! Added icons in lists - NEW! Added colors for Hosts lines detection - Report: Splitted in object coherency (Tasks, Startup folders, registry) - NEW! Honey module (previous PE module rewriten from scratch) - NEW! .ini file for configuration storing - NEW! Firefox malware detection module - Added signatures - Added ZeroAccess infection => Windows Defender repair - Added disclaimer on Shortcut fix option - Added hosts malicious lines identification in report - Translations updated - Added drivers to the patched files list to check - Added service repair option (Tools/Repair services) - Added Aho-Corasick algorithm for fast signature matching. Improved signature finding speed. - NEW! Opera module - Added Proxy configuration V8.5.4 18/03/2013 ================= - D?tection de lignes malicieuses Hosts file - Ajout de signatures V8.5.3 13/03/2013 ================= - Correction de bugs - Ajout de signatures V8.5.2 23/02/2013 ================= - D?placement des signatures MBR dans la base de donn?es - Correction de bugs V8.5.1 12/02/2013 ================= - MAJ d?tection Necurs.A - MAJ base de donn?es - Correction d'un bug dans le module database V8.5.0 08/02/2013 ================= - Meilleure prise en charge de ZeroAccess V8.4.4 01/02/2013 ================= - Langue Italien - Langue Polonais - Langue Cor?en - Module PE: Correction de bugs - Module Reg: correction d'un bug - Detection ZeroAccess - Am?liorations V8.4.3 08/01/2013 ================= - Langue Russe - Module PE: Ajout des dossiers de d?marrage - Module PE: Am?liorations diverses V8.4.2 31/12/2012 ================= - Am?lioration du module PE V8.4.1 23/12/2012 ================= - Correction d'un bug dans le module PE - Correction d'un bug dans le module Files - Correction d'un bug dans le module Hive - Langue Spanish - Dell MBR V8.4.0 11/12/2012 ================= - Optimisations de code pour passage en x64 - Version x64 disponible - correction d'un bug dans le module Tasks - correction d'un bug dans le module Hooks V8.3.2 07/12/2012 ================= - correction d'un bug dans le module startup - correction d'un bug dans le module patched - Correction d'un bug dans le module ntreg - Possibilit? de d?senregistrer un service (ntreg) si impossibilit? de supprimer en mode RAW - Prise en charge du MBR Fix pour TDL4 (Thanks XdeadCode) - d?tection Root.MBR Alipop - D?tection Root.MBR Mebroot - D?tection Root.MBR Plite V8.3.1 20/11/2012 ================= - R?organisation du traitement V8.3.0 17/11/2012 ================= - Migration de la base de donn?es - Correction de bugs - Bouton facebook V8.2.3 07/11/2012 ================= - Preparation ? SQLite - Optimisation module parsing - Correction d'un bug de d?tection du chemin process x64 - WL dll HPStatusBL.dll - Correction d'un bug dans le module Crypt - WL Screenpresso.exe V8.2.2 03/11/2012 ================= - Window BL Micorsoft Essential Security Pro 2013 Windows 8 Defender 2013 - BL MESP.exe - Ajout d'une whitelist par chemin - Corection d'un bug dans le module blacklist - Modification du lien FR tutoriel - Traduction N?erlandais - Ajout de la date et du mode dans le nom du rapport - Executable pack? UPX - driver WL sbhips.sys */ SunBelt */ d347bus.sys /* Daemon tools*/ - WL Windir/VPro500.exe windir/*np325.exe - BL particular Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\@ Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\U Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\n Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\L V8.2.1 29/10/2012 ================= - DNS WL 24.222.0.95 - Driver WL avgtpx86.sys /*AVG*/ regguard.sys /*RegRun*/ - Whitelist cdloader2.exe magicJack.exe AmazonCloudDrive.exe V0220Mon.exe msnotif.exe LGMLauncher.exe Communicator.exe - Correction d'un bug dans le module debug - Modifications du module d'importance - Adaptation du driver pour Windows 8 - R?cup?ration des noms d'API SSDT en userland (compatibilit? Win8) V8.2.0 22/10/2012 ================= - Truesight v0.7 - Fix langue German - Divers corrections de bugs - Whitelist sys32/pcalua.exe LogMeInSystray.exe Dashlane.exe - DNS Whitelist 86.64.145.14* 129.250.35.251 - Driver WL SbFw.sys /*GFI Software*/ - Window BL File Restore (FakeHDD) V8.1.1 01/10/2012 ================= - Traduction Chinois traditionnel - correction de bugs mineurs - ajout de couleurs sur les listviews pour diff?rencier les type de d?tection - correction d'un bug dans le module Blacklist - Window BL XP Defender 2013 Vista Defender 2013 Win 7 Defender 2013 V8.1.0 28/09/2012 ================= - Support du changement de langue au runtime - correction d'un bug dans le module processes - ajout d'un bouchon MBR (pour les tests) - ajout d'un lien "website" dans l'ent?te du rapport V8.0.5 23/09/2012 ================= - gestion des switchs de lancement - ajout du switch "-nodriver" qui emp?che le chargement du driver - ajout du switch "-nokill" qui emp?che le kill de processus (certains processus provoquent un BSOD au kill, il vaut mieux attaquer leur cl? de registre) - ajout d'une cat?gorie "Extern Hive" dans le rapport => Listing des ruches externes trouv?es - correction d'un bug dans le module Extern hives - correction de bugs V8.0.4 19/09/2012 ================= - Encryption des fichiers en quarantaine (Utiliser Cryptonic avec la cl? "RogueKiller" pour d?chiffrer) - optimisation du module WEB - Ajout de la suppression hors API lorsqu'une cl? est prot?g?e - Correction d'un bug dans le module HiveReader - Suppression de la v?rification des cl?s LEGACY (pas utilis?) - Dll whitelist adawarebp.dll SkyDriveShell.dll V8.0.3 13/09/2012 ================= - Correction d'un bug dans le module HiveReader - Correction d'un bug dans le module Registry - Correction d'un bug dans le module File ASSO - Correction d'un bug dans le module Proxy FF - Prise en charge des rootkits maxSST (fix d?sactiv? car non test?) - Deactivation of "Patched" module (not really used, to many false positives) - Whitelist DLL tv_w32.dll - Whitelist %Windir%/HelpPane.exe TeamViewer.exe tv_w32.exe TeamViewer_Desktop.exe ibsvc.exe V8.0.2 31/08/2012 ================= - Fichiers particuliers \\RECYCLER\\[ANYFOLDER]\\$********************************\\n \\RECYCLER\\[ANYFOLDER]\\$********************************\\@ \\RECYCLER\\[ANYFOLDER]\\$********************************\\L \\RECYCLER\\[ANYFOLDER]\\$********************************\\U \\$recycle.bin\\[ANYFOLDER]\\$********************************\\n \\$recycle.bin\\[ANYFOLDER]\\$********************************\\@ \\$recycle.bin\\[ANYFOLDER]\\$********************************\\L \\$recycle.bin\\[ANYFOLDER]\\$********************************\\U - Incproc HJ {fbeb8a05-beee-4442-804e-409d6c4515e9} {5839fca9-774d-42a1-acda-d6a79037f57f} - Blacklist %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.exe V8.0.1 30/08/2012 ================= - Correction de bugs - Whitelist c2c_service.exe SkyDrive.exe procexp.exe - Driver WL RapportCerberus$ (trusteer) - Truesight v0.6 Surveillance de DriverEntryIO - Ajout patterns pour blacklist (GENDARMERIE) install_0_msi.exe hleo32.exe regsrv64.exe msconfig.dat hos32.exe V8.0.0 26/08/2012 ================= - [[Ramaniement de Code]] - Surveillance de la cl? HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters : DataBasePath (HOSTS) - Am?liorations diverses - Ajout d'un cartouche d'information sur l'infection - Refonte de certaines fenetres - Whitelist StatBar.exe %windir%\^^Service.exe %sys32%\iac25_32.ax V7.6.6 10/08/2012 ================= - Recherche de fichiers de remplacement en cas de fichiers patch?s. - Remplacement des fichiers patch?s en mode SUPPRESSION V7.6.5 03/08/2012 ================= - Correction d'un bug dans le module peParser (PE x64) - Ajout signature ZeroAccess (services.exe x64) - Windows BL Live Security Platinum V7.6.4 17/07/2012 ================= - Ajout d'une blacklist pour valeurs de registre - BlacklistValue Update (GENDARMERIE) - Ajout patterns pour blacklist (GENDARMERIE) fest0r_ot.exe Schnarch.exe - Whitelist DLL cleanup.dll (MBAM) - Windows BL File Recovery V7.6.3 08/07/2012 ================= - Correction d'un bug dans le module HiveReader (gestion valeurs de registre unicode) - Ajout patterns pour blacklist (GENDARMERIE) roper0dun.exe rasmxs.exe SCardDlg.exe TapiSysprep.exe 0_0u_l.exe glom0_og.exe V7.6.2 02/07/2012 ================= - Ajout d'un module de kill / relaunch de processus englobant la suppression de fichiers particuliers (explorer.exe est tu? / r?activ?) - Correction d'un bug dans la d?tection des fichiers particuliers - Surveillance de la cl? : HKCR\\CLSID\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InprocServer32 (ZeroAccess) - Blacklist sys32 / n - Part files blacklist windows\\Installer\\{********-****-****-****-************}\\L localAppdata\\{********-****-****-****-************}\\L sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\L sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\U sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\@ sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\n V7.6.1 28/06/2012 ================= - R?ctivation du module de recherche de signatures - Ajout d'un module de v?rification des fichiers syst?mes (ASLR + recherche de signatures) - V?rification du fichier services.exe - Ajout signature ZeroAccess (services.exe) - Correction de bugs (module Window) - Ajout patterns pour blacklist (GENDARMERIE) er_00_0_l.exe - Correction de bugs V7.6.0 26/06/2012 ================= - Ajout d'un contract utilisateur (EULA) - Modification du module Particular files pour prise en compte des raisons de suppression + comparaison par masque - Part files blacklist windows\\Installer\\{********-****-****-****-************}\\n windows\\Installer\\{********-****-****-****-************}\\@ windows\\Installer\\{********-****-****-****-************}\\U localAppdata\\{********-****-****-****-************}\\n localAppdata"\\{********-****-****-****-************}\\@ windows\\Assembly\\GAC\\Desktop.ini windows\\Assembly\\GAC_32\\Desktop.ini windows\\Assembly\\GAC_64\\Desktop.ini - Drivers WL avgidsshimx.sys (AVG) V7.5.4 07/06/2012 ================= - Surveillance de la cl? : HKCR\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32 (ZeroAccess) - Ajout programdata dans chemins sensibles - Ajout patterns pour blacklist (GENDARMERIE) pkg0u.exe pkg_0ll.exe WinzipArchiver.exe TarArchiver.exe Smoerrebroe.exe tpl_0_c.exe RarArchiverWin.exe V7.5.3 05/06/2012 ================= - Am?lioration de l'interface - Revue des traductions - Mise ? jour de la detection ZeroAccess (Sirefef) - Ajout patterns pour blacklist (GENDARMERIE) krussel3.exe AMD_cpx.exe Apple_Store.exe cs8v0k.exe V7.5.2 30/05/2012 ================= - Correction d'un bug faisant apparaitre une popup - Am?lioration du module de redirection des chemins - Whitelist SpotifyWebHelper %windows%/ALCMTR.exe - Ajout patterns pour blacklist (GENDARMERIE) ArchiverforWin.exe game_client.exe WinArchiver.exe V7.5.1 28/05/2012 ================= - Am?lioration du module de comparaison par masque - Surveillance de HKLM\\SYSTEM\\ControlSet001\\Control\\SafeBoot : AlternateShell - Surveillance du registre x64 pour la cl? SHELL - Ajout patterns pour blacklist (GENDARMERIE) k8h0pp.exe temp##.exe ServiceVBOX.exe %sys32%/%%%%%%%%%%%%%%%%%%%%.exe V7.5.0 24/05/2012 ================= - Ajout de la possibilit? d'utiliser RogueKiller sous environnement PE. - Possibilit? de scanner les ruches windows en branchement externe du DD. - Correction d'un bug dans ntreg - Ajout bureau dans suspect paths - Ajout patterns pour blacklist (GENDARMERIE) k8h00.exe VboxServs.exe V7.4.5 18/05/2012 ================= - Int?gration librairie ntreg - Ajout patterns pour blacklist (GENDARMERIE) ch8l0.exe p0j99p.exe spoolsrv.exe FSnapshot_x86.exe BSI.bund.exe GboxService.exe InfoServices_a.exe ksprskylabs1.exe V7.4.4 08/05/2012 ================= - D?tection de Xpaj (bootkit) - Ajout de patterns de d?tection GENDARMERIE ms.exe #{1}.#{12+}.exe wpbt#{1}.dl{2} hnszs#{1}.exe ms*****.bat ram_reserver64.exe itunes_service#{2}.exe syncservicex86.exe EPUhelpers.exe DNS_Servicex86.exe kitre#{1}.exe V7.4.3 04/05/2012 ================= - Mise en place des patterns pour d?tection des processus, cl?s RUN, SHELL, Startup - Correction d'un bug dans le module HiveReader - Optimisations de code - TrueSight : Securisation du code V7.4.2 03/05/2012 ================= - Correction d'un bug dans le module HiveReader V7.4.1 02/05/2012 ================= - Whitelist E_FATIHJL.EXE - Ajout du pattern GEMA - Ajout du pattern GENDARMERIE - Correction d'un bug dans le module readMBR - Correction d'un bug dans le module SSDT V7.4.0 01/05/2012 ================= - Correction d'un bug dans le module debug - Ajout du module ExceptionHandler => gestion automatique des plantages (en partie). Quand un crash survient, une fen?tre s'ouvre et propose ? l'utilisateur de l'envoyer automatiquement. - Window BL Data Recovery (FakeHDD) - Support des langues: Allemand V7.3.4 27/04/2012 ================= - Ajout du module SigCheck, permettant la recherche de signatures dans les fichiers binaires. => Recherche de signatures dans les processus - Correction d'un bug dans le module readMBR (r?organisation de la priorit? des signatures) - Correctifs dans les resources de langue. V7.3.3 22/04/2012 ================= - Prise en compte de la valeur Start_TrackProgs (Programmes r?cents menu d?marrer) - Correction d'un bug dans le module HiveReader - Modification des ACLs avant v?rification des cl? RUN (bug virus Gendarmerie) - Support des langues: Grec Portugais V7.3.2 20/03/2012 ================= - [13/04/2012] Correction de bugs - [03/04/2012] Window BL SMART HDD - [23/03/2012] Ajout lien vers Security Shield (blog) - [22/03/2012] Module Debug - Second ajout - [22/03/2012] Module statistique => Activation de plusieurs langages. - [21/03/2012] Ajout progressBar (permet de savoir si un scan est en cours) - [21/03/2012] Activation des styles visual - [21/03/2012] Module Debug - Premier ajout - [21/03/2012] Correction d'un bug - [21/03/2012] Window Blacklist System Shield Security Shield - Correction d'un bug dans le module startup - Ajout de la surveillance du dossier "Common Startup" - TrueSight v0.5 : Optimisations de code - MAJ langue Czech / Slovak - Ajout checkbox "AntiRootkit" qui d?sactive les fonctionnalit?s du module TrueSight V7.3.1 10/03/2012 ================= - Correction d'un bug dans le module faked - Ajout d'une checkbox pour d?sactiver le module faked (le scan prend du temps) - Whitelist Skype.exe FixCamera.exe firefox.exe plugin-container.exe - Driver WL Crypto.sys /*SafeNet*/ mfehidk.sys /*McAfee*/ wpsdrvnt.sys /*Symantec*/ V7.3.0 08/03/2012 ================= - TrueSight v0.4 - Possibilit? de fixer les hooks inline. - TrueSight : D?tection des hooks IRP (Major et Inline) sur un driver donn? -> Atapi.sys - Possibilit? de fixer les hooks IRP inline (peut g?n?rer un BSOD dans certains cas, cette fonction reste ? am?liorer. A utiliser uniquement en dernier recours). - Ajout d'un messagebox demandant confirmation si aucune suppression n'a ?t? effectu?e - TrueSight : Bypass des fonctions du driver pour Windows 8 (pas compatible pour le moment) - TrueSight : Optimisations de code - Detection de Windows 8 - Correction d'un bug dans le module HiveReader (valeur / cl?s avec accents) - Ajout d'un module de d?tection des fichiers FAKED (exp?rimental) -> Appliqu? sur sys32/drivers - Correction d'un bug dans le module SHELL - Correction d'un bug dans le module STARTUP - Correction d'un bug dans le module WEB - Module Startup : Possibilit? de voir les dossiers de toutes les sessions (au lieu de la courante) - Surveillance de la cl? HKCU\...\Advanced : Start_ShowRun V7.2.1 29/02/2012 ================= - TrueSight v0.3 - Detection des hooks inline (fonctions SSDT seulement) - Correction d'un bug dans le module HiveReader - Driver WL avipbb.sys /*Avira*/ avkmgr.sys /*Avira*/ - Window BL Smart Fortress 2012 Windows Shield Tool Windows PRO Scanner Windows Basic Antivirus Windows Stability Guard Windows Firewall Constructor V7.2.0 27/02/2012 ================= - Ajout d'une option FixMBR dans l'onglet MBR. Cette option devient disponible si une infection MBR est trouv?e. - Possibilit? de fixer le bootstrap MBR avec un MBR standard (XP, Vista ,Seven) - Ajout d'un module de lecture directe des ruches => d?tection cl?s / valeurs cach?es de l'API - d?tection MBR Toshiba - d?tection MBR Lenovo - d?tection MBR Standard - d?tection MBR KIWI Image system - Whitelist Spotify.exe jusched.exe (global) - Window BL Windows Functionality Checker Windows Smart Warden Home Malware Cleaner Windows Smart Partner Antivirus Protection Windows Telemetry Center Windows Perfomance Catalyst Strong Malware Defender V7.1.0 15/02/2012 ================= - Passage du code en logique UNICODE (au lieu de ANSI) - Correction de bugs - Ajout du support des langues: Czech Slovak - Mise ? jour des d?tections MBR whistler/sinowal - d?tection MBR myBIOS - D?tection des MBR flood?s par NOP - Blacklist window Security Scanner Internet Security Internet Security 2012 - Rogue ProgFile \\PCSpeed Service\\ \\everyclear\\ - Blacklist gema.exe V7.0.4 08/02/2012 ================= - Ajout d'une checkbox pour d?sactiver le scan MBR (choix utilisateur) - Correction d'un bug d'affichage faisant disparaitre les boutons dans certaines basses r?solutions d'?cran V7.0.3 06/02/2012 ================= - Modification du module LL2 => moins d'erreur d'acc?s, notemment sur les OS x64 - Correction d'un bug dans le workflow des modes secondaires - Blacklist InetAccelerator.exe (Gendarmerie2) V7.0.2 30/01/2012 ================= - Correction de bugs d'affichages (retours ? la ligne en trop) dans l'?dition du rapport - Correction dans le module MBR => taille des partitions actualis? (1ko = 1024 octets) - Whitelist adawarebp.exe DropBox.exe - Rogue ProgFiles \\BoanCatch\\ \\pcupgrade\\ \\best-pc\\ \\PCMaster Antispyware\\ \\InfoSeven\\ \\comdoumi\\ - Ajout pattern Rogue.ViusDoctor, Rogue.Zaxar - Window BL Antivirus Smart Protection Malware Protection Center V7.0.1 28/01/2012 ================= - Correction d'un bug dans le module MBR => Type de partitions actualis?s - Correction d'un bug dans le module MBR => Calcul des tailles de partition actualis? - Passage ? 5 PhysicalDrive Max - Ajout du nom des disques physiques V7.0.0 26/01/2012 ================= - Passage en mode GUI V6.2.4 12/01/2012 ================= [24/01/2012] - Ajout de cl?s Advance: Start_ShowMyDocs Start_ShowRecentDocs Start_ShowUser Start_ShowMyPics Start_ShowMyGames Start_ShowMyMusic Start_ShowControlPanel Start_ShowDownloads Start_ShowVideos Start_ShowHelp Start_ShowPrinters Start_ShowSetProgramAccessAndDefaults [23/01/2012] - Correction d'un bug dans le module MBR [23/01/2012] - Correction d'un bug dans le module TASKS [23/01/2012] - Window BL : Smart Protection 2012 [16/01/2012] - Prise en charge des dlls lanc?es depuis un raccourci startup (virus Gendarmerie) [16/01/2012] - Correction d'un bug dans le module checkPath - Ajout HKEY_USERS\\Software\\Classes\\pezfile\\shell\\open\\command - Ajout HKEY_USERS\\Software\\Classes\\.exe\\shell\\open\\command - Ajout HKEY_USERS\\Software\\Classes\\exefile\\shell\\open\\command - Correction d'un bug dans le module de sauvegarde REG - Ajout de l'option a : WhyIGotInfected? => ouverture de la page de WIGI - Ouverture de liens vers les manips du blogspot en fonction de l'infection detect?e (ZeroAccess, FakeRean) V6.2.3 09/01/2012 ================= - Whitelist smad.exe - Whitelist Dll BatInfEx.dll BatLogEx.dll - Driver Whitelist hookcentre.sys /*Gdata*/ - Window Blacklist System Check - Rogue ProgFiles \\InfoSafe\\ \\CleanerCom\\ \\MicroVaccine\\ \\PC-Spider\\ \\CYAK\\ \\PcVirusDoctor\\ \\VDoctor Professional\\ \\CheckSpeed\\ V6.2.2 31/12/2011 ================= - Detection MBR Code TestDisk - Detection MBR Code HP tatou? - Detection MBR Code Whistler - Distinction entre Vista / 7 MBR Code - Detection MBR Code Linux - Correction d'un bug dans le module de backup REG V6.2.1 28/12/2011 ================= - Detection MBR codes XP et Vista/7 - Detection MBR codes MaxSS / TDL4 / PiHar - Modification du module MBR (prise en compte de plusieurs PhysicalDrive) - Whitelist DLL %sys32%/LogiLDA.dll panda_url_filtering.dll nsMouselib.dll msconf.dll - Whitelist B2CNotiAgent.exe HpSAUpgrade.exe HPSFUpdater.exe panda_url_filtering.exe MpSigStub.exe dplaysvr.exe realplayerent_config.exe - rogue ProgFiles \\info-manager\\ - Window BL Security Monitor V6.2.0 12/12/2011 ================= - Ajout d'un module de d?tection des screensavers : HKEY_CURRENT_USER\\Control Panel\\Desktop : SCRNSAVE.EXE - Mise ? jour du pattern ZeroAccess (d?tection du FS $NtUninstallKB / consrv.dll) - Ajout de mot-cl?s d'importance dans les rapports (redirection des logs au niveau du serveur PHP) - Ajout du pattern statistique Root.MBR - Ajout check du MBR (LL2) + activation du module - Dump des MBR trouv?s dans la quarantaine - Modification de la fin du script => possibilit? de garder le notepad ouvert - Correction de bugs - Rogue ProgFiles \\datasave\\ \\sweeperlab\\ \\virussecurity\\ \\ProtectCop\\ \\HomeBoan\\ \\SmartSafer\\ - Whitelist pccntupd.exe pull.exe RapportService.exe HWDeviceService.exe windir\v0330mon.exe - Driver Whitelist uphcleanhlp.sys /*WinXP (?)*/ FireTDI.sys /*Mac Afee*/ fslx.sys /*Symantec*/ savonaccesscontrol.sys /*Sophos*/ ShldDrv.sys /*Panda*/ bdrsDrv.sys /*BitDefender*/ - WhitelistDLL rooksbas.dll - Blacklist %sys32/sysrunc.exe V6.1.12 02/12/2011 ================= - Ajout check du MBR (User / LL1) --> d?sactiv? pour tests - Ajout pattern Rogue.AntiSpy-AH - Window Blacklist XP Antispyware 2012 XP Antivirus 2012 XP Security 2012 XP Antispyware 2012 XP Home Security 2012 XP Internet Security 2012 Vista Antispyware 2012 Vista Antivirus 2012 Vista Security 2012 Vista Home Security 2012 Vista Internet Security 2012 Win 7 Antispyware 2012 Win 7 Antivirus 2012 Win 7 Security 2012 Win 7 Home Security 2012 Win 7 Internet Security 2012 V6.1.11 30/11/2011 ================= - Ajout d'un module de chargement direct du driver (plus efficace) - d?sactivation du module "LOCKED" - Window Blacklist BlueFlare Antivirus Wolfram Antivirus OpenCloud Security Malware Protection Spyware Protection Cloud Protection Guard Online AV Guard Online Cloud AV 2012 - Rogue ProgFiles \\NDoctorCom\\ \\perfectcare\\ \\privacyup\\ \\PowerPC\\ \\CleanCatch\\ - blacklist Cloud AV 2012v121.exe V6.1.10 18/11/2011 ================= - Ajout d'un module de r?cup?ration des donn?es des pr?c?dents scans (PREVRUN) - Rogue ProgFiles sweeperlab VirusSecurity - Blacklist AV Protection 2011v121.exe - Window Blacklist AV Protection 2011 V6.1.9 16/11/2011 ================= - Ajout d'un module de v?rification des fen?tres windows ouvertes - Ajout d'un module de r?sidu des process (pour registre) - Correction de bugs - Window Blacklist System Fix Privacy Protection AV Security 2012 System Restore System Security 2011 AV Protection Online Security Sphere 2012 - Driver WL pxrts.sys /*PrevX real time scanner*/ guard.sys /*AVG 7*/ - Whitelist %windows%\wanmpsvc.exe %windows%\*snpstd$ %windows%\sttray.exe %windows\lclock.exe %windows\ATKKBService.exe MessageCheck.exe %windows\UpdReg.EXE uUACTokenSvc.exe GameXNGO.exe - Whitelist DLL LC.dll npSkypeChromePlugin.dll - Whitelist DNS 4.2.2.$ V6.1.8 14/11/2011 ================= - Ajout Pattern: PrivacyProtection - Correction de bugs - Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowMyComputer - Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowSearch - Whitelist netsession_win.exe SetWallpaper.cmd TUAutoReactivator32.exe %windows%\VM_STI.EXE %windows%\ZSSnp211.EXE %windows%\Domino.EXE FacebookUpdate.exe googletalkplugin.exe %windows%\SiSUSBrg.exe lsnfier.exe %windows%\Imgtask.exe mediaget.exe %windows%\AutoKMS.exe %windows%\mixer.exe - Driver WL SandBox.sys /*Sandboxy*/ RapportPG.sys /*Trusteer (Report)*/ sbaphd.sys /*Sunbelt*/ PavProc.sys /*Panda antivirus*/ PavSRK.sys /*Panda antivirus*/ - Dll WL KeyboardOnlineTray.dll mcdvd_32.dll - Blacklist AV Security 2012v121.exe V6.1.7 05/11/2011 ================= - Am?lioration du module statistique (Patterns ZeroAccess, Fake HDD, Rogue ProgFiles) - Correction de bugs - Ajout d'un module de gestion de la reflection du registre (x64) - am?lioration du backup en .reg (prend en charge les cl?s au lieu des valeurs seulement) - Rogue ProgFile \\PatchUp_Plus\\ \\NVirusKorea\\ \\ProtectCode\\ \\CoreScan\\ \\AntiAvoid\\ \\IPRIVACY\\ \\ProtectKeep\\ \\AnyCop\\ \\windowpc\\ - Whitelist arservice.exe supprim? kmservice.exe (crack pour Office 2010) - Whitelist DLL IadHide5.dll V6.1.6 01/11/2011 ================= - Ajout d'un module statistique (connexion base de donn?e SLT) - DNS whitelist: 8.8.4.$ - Correction de bugs - Whitelist : windows\BCMSMMSG.exe windows\*snp2***.exe windows\stsystra.exe windows\qmc.exe windows\cthelper.exe windows\ALCXMNTR.EXE sys32\ANIWConnService.exe sys32\PSDrvCheck.exe rnupgagent.exe googletalk.exe E_FATICDL.EXE - Drivers WL: OADriver.sys /*Online armor*/ sp_rsdrv2.sys /*Spyware terminator*/ cmdguard.sys /*Comodo IS*/ SYMEVENT.SYS /*Symantec*/ SASKUTIL.SYS /*SUPER Antispyware*/ PSINProc.sys /*Panda Security*/ - Whitelist DLL migrate.dll OIExt.dll BthAuthenticationTime.dll NativeHelpNotifier.dll V6.1.5 29/10/2011 ================= - Ajout d'un module de v?rification en ligne du num?ro de versio - Ajout d'un module d'envoi automatique des rapports ? l'adresse du d?veloppeur (pour am?lioration de l'outil) - Drivers WL: fshs.sys /*F-Secure Orange AV*/ - Rogue ProgFiles \\boankorea\\ \\FastScan\\ V6.1.4 22/10/2011 ================= - Rogue ProgFiles \\VirusScan\\ \\pcspeedup\\ - Drivers WL: ehdrv.sys /*ESET Helper Driver*/ - Whitelist AVGIDSMonitor.exe - Ajustement de la d?tection dans le module RANDOMNAME V6.1.3 14/10/2011 ================= - TrueSight v0.2 - Correction de bugs - R?arrangement du code - Ajout backup des suppressions registre en .reg - Ajout d'un module de d?tection des noms al?atoires - Blacklist sys32\lvvm.exe crss.exe (Cloud Protection) - Rogue ProgFiles \\realcleaner\\ V6.1.2 07/10/2011 ================= - Drivers WL: PCTCore.sys /*PCTools*/ bdselfpr.sys /*Bitdefender*/ - Kill des processus v?rouill?s - WellKnown processes audiodg.exe - Rogue ProgFiles \\vaccinecom\\ \\PCPlusSecurity\\ - WellKnown WL sys32\ctfmon.exe sys32\lsm.exe sys32\SearchIndexer.exe sys32\sppsvc.exe sys32\SearchProtocolHost.exe sys32\SearchFilterHost.exe sys32\mctadmin.exe sys32\dllhost.exe sys32\alg.exe sys32\wscntfy.exe sys32\notepad.exe sys32\wuauclt.exe sys32\userinit.exe sys32\msdtc.exe windows\agrsmmsg.exe - Whitelist dll nvsysrot.dll V6.X.X XX/XX/XXXX (Version repous?e) ================= - Module de suppression de cl?s (recursif) par appel direct - chargement du driver en mode BOOT antagoniste si bloqu? - Detection de cl?s de registres cach?es du SCM - Ajout chemin sensible %sysroot% pour processus - Ajout d'un module de detection des noms long -processus et cl?s- (Guard Online / OpenCloud / ...) V6.1.1 28/09/2011 ================= - Correction d'un bug dans le chargement / d?chargement du driver - Supprim? messages debug - TrueSight v0.1 - Ajout driver Whitelist avec masque - Ajout blacklistPath dans recherche des services - Drivers WL: unknown /*Unknown*/ vsdatant.sys /*ZoneAlarm*/ procguard.sys /*ProcGuard*/ aswSP.sys /*Avast*/ aswSnx.sys /*Avast*/ PCTAppEvent.sys /*PCToolsFirewallPlus*/ sp**.sys /*Daemon tools*/ AVGIDSShim.Sys /*AVG*/ - Rogues progFiles \\HelpPrivacy\\ \\InfoBoan\\ \\windowsliveprotect\\ \\DrBoan\\ \\Privacyi\\ \\Micropop\\ - Service Blacklist MPopService V6.1.0 22/09/2011 ================= - R?cup?ration des vrais adresses de la SSDT - Ajout option 7 (restauration de la SSDT par index) : OPTION CACHEE car dangereuse. A utiliser sur demande d'un helper - module TrueSight : Restauration SSDT - module TrueSight : Kill par appel direct aux APIs NT (DrvNtTerminate) V6.0.0 21/09/2011 ================= - Ajout d'un driver embarqu? dans les ressources - Chargement du driver TrueSight (x86 seulement) - Recherche des Hooks SSDT - Recherche des Hooks Shadow SSDT V5.3.5 21/09/2011 ================= - WhitelistDLL LVPrcInj01.dll - Whitelist kmservice.exe - Rogues ProgFiles \\BoanCop\\ \\cleancert\\ \\VIHunter\\ V5.3.4 30/08/2011 ================= - Correction d'un bug dans la detection de la whitelist (masque) - Ajout module de restauration des icones du bureau (SHELL) - Ajout module de restauration de la barre des t?ches (SHELL) - Ajout d'un mutex pour emp?cher le lancement de plusieurs instances - Rogues ProgFiles \\PrivacyBoho\\ \\SafePrivacy\\ \\BoanClear\\ - Whitelist BR040286.exe V5.3.3 18/08/2011 ================= - Ajout d'un module de d?tection de fichiers / dossiers particuliers - Blacklist Particular: %Appdata%\Adobe\shed %Appdata%\Adobe\plugs - Dll Whitelist rpchrome$ MSVC^71.dll - Rogue ProgFile \\errordoctor\\ - GUID {19090308-636D-4E9B-A1CE-A647B6F794BF} //Wolfram antivirus V5.3.2 18/08/2011 ================= - Meilleure prise en charge du x64 --> Ajout des variables d'env SysWow64 / Program Files (x86) --> Ajout de la restauration de Program Files (x86) dans le mode 6 - Optimisation de code - WellKnownProcess: varEnv.syswow64\\svchost.exe - Whitelist: nclaunch.exe V5.3.1 06/08/2011 ================= - Ajout d'un module de surveillance des cl?s manquantes - Ajout des cl?s manquantes: HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command" => default : "%1" %* - Rogue ProgFile: \\PrivacyCode\\ \\InfoGuard\\ \\DefenseVirus\\ \\PatchUp_Plus\\ - Whitelist dll: btmshell.dll mkil.dll V5.3.0 01/08/2011 ================= - Detection des d?tournements des noms syst?me - Le programme est maintenant capable de tuer un process de 6 mani?res diff?rentes Cel? permet de contourner les protections de pas mal de malwares - Service Blacklist: wxpdrivers srvsysdriver32 srvbtcclient srviecheck - Rogue progFiles \\MacroVirus\\ \\DualVaccine\\ \\CodeScan\\ V5.2.9 31/07/2011 ================= - Service Blacklist: Windows_Update - Dll Whitelist MSVCP71.dll - Whitelist alcwzrd.exe PLFset^.exe V5.2.8 23/07/2011 ================= - Ajout v?rification des .exe dans dossier d?marrage - Dll Whitelist Dropbox$ PLFSet.dll -Whitelist vsnp2uvc.exe - Rogue progFiles \\Clear2PC\\ \\PCMedic\\ \\boanking\\ - ajout BlackList \startupFolder\csrss.exe V5.2.7 30/06/2011 ================= - Correction de bugs (RegCloseKey) - Correction de bugs provoquant un ?cran noir apr?s passge de OTL (au reboot) V5.2.6 23/06/2011 ================= - Ajout de la surveillance de la ligne: HKEY_CLASSES_ROOT\.exe => default V5.2.5 23/06/2011 ================= Correction de bugs majeurs faisant planter l'appli V5.2.4 22/06/2011 ================= Rogue ProgFiles: -\\privacyalpha\\ -\\basicprivacy\\ -\\MicroPC\\ -Whitelist Bginfo.exe PLFsetL.exe - Ajout suppression ACL pour les cl?s Shell V5.2.3 16/06/2011 ================= - Blacklist %ProgramFiles%\csrss.exe %ProgramFiles\conhost.exe - Service blacklist QTUpdate - Rogue ProgFiles -\\Milestone Antivirus\\ V5.2.2 05/06/2011 ================= - Ajout d'infos sur les lecteurs pour le mode 6 - Correction de bugs faisant planter les modes 6/1/2 V5.2.1 02/06/2011 ================= - Correction de bugs faisant planter le module Task Scheduler 2.0 - Raports sur le bureau quelque soit le repertoire de lancement de l'application V5.2.0 01/06/2011 ================= - Blacklist service cdfss wcscd - Prise en charge des cl?s Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\ShellServiceObjectDelayLoad HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats - V?rification et kill des DLL malicieuses charg?es sous explorer.exe - Ajout du kill des dll explorer.exe dans les r?sidues - Ajout d'un module d'exploration des GUID (Si un GUID est connu, on retrouve le chemin de la DLL malicieuse et on l'ajoute ? la BlackList dynamique) - Prise en charge du dossier Common Startup V5.1.9 29/05/2011 ================= - Rogue ProgFile: \\vaccineu\\ - Affichage des icones User / Poste de travail / Corbeille sur le bureau Hijack : WarnOnHTTPSToHTTPRedirect - Whitelist soundman.exe - Blacklist wuaucldt.exe V5.1.8 27/05/2011 ================= - Correction de bugs dans le mode 6 - Ajout des librairies dans la mode 6 V5.1.7 26/05/2011 ================= - Correction de bugs dans le mode 6 - Whitelist: mhotkey.exe mmkeybd.exe dit.exe LxrAutorun.exe sw2#.exe Screenpresso.exe V5.1.6 21/05/2011 ================= - Rogue ProgFile \\\Error Fix\\ - Whitelist OEM0#Mon.exe vVx#000.exe V5.1.5 20/05/2011 ================= - Correction d'un bug majeur du mode 6 - Whitelist RtHDVCpl.exe V5.1.4 16/05/2011 ================= - Prise en charge de la sauvegarde effectu?e par Windows Recovery (Option 6) - Whitelist: RtHDVCpl.exe googlecrashhandler.exe megakeyupdater.exe zHotkey.exe ASScrProlog.exe ASScrPro.exe V5.1.3 13/05/2011 ================= - Ajout de chemins dans les repertoires sensibles: %SystemDrive% / Windows %System Drive% / Documents and settings / - Policy: HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer -> NoDesktop - Rogues PF: \\Ifkpr\\ \\AntiDefend\\ - WhiteList: vVX1000.exe regedit.exe V5.1.2 13/05/2011 ================= - Correction d'un bug dans le module rundll32 - Rogue progFile \\selfprivacy\\ \\PrivacyKey\\ V5.1.1 05/05/2011 ================= - Correction de bugs faisant planter le module Task Scheduler 2.0 - Correction d'un bug de fausse d?tection dans le module RUNDLL32 (RUN) -> report? dans 4.3.12 V5.1.0 02/05/2011 ================= - Prise en charge du Task Scheduler 2.0 (Vista / Seven) - Rogue progFile \\PrivacyView\\ V5.0.0 30/04/2011 ================= - Migration d'IDE V4.3.12 30/04/2011 ================== - Ajout ACCESS_DENIED dans rapports - Ajout date p?remption de l'ex?cutable, avec message d'avertissement si > 3 jours - Whitelist RockMeltUpdate.exe V4.3.11 25/04/2011 ================== - Grosses optimisations (Rapidit? du scan x4) - Whitelist OctoshapeClient.exe - Rogue progFile \\PC2Safe\\ V4.3.10 24/04/2011 ================= - Rogue progFile \\Boan119\\ \\VaccineCore\\ \\Antivirus Clean 2011\\ - Ajout cl? : FIREFOX.EXE\\shell\\safemode\\command - Ajout whitelist: ereg.$ (Dragon naturally speaking) - Correction bug module Shell - Whitelist DNS: 62.251.229.237 - Blacklist sys32\\windupdt\\winupdate.exe - Whitelist: Rsystems Support.exe - DllWhitelist: bthprops.cpl -WellKnownProcess: dwm.exe wininit.exe V4.3.9 16/04/2011 ================= - DllWhitelist: "csnp2uvc.dll" "gcswf32.dll" "rpchromebrowserrecordhelper.dll" - Ajout whitelist: OrangeInside.exe - Rogue progFile \\Error Repair Professional\\ - Correction bug module WhitelistDLL - Ajout de la date de la version - Ajout d'un mode (0) pour quitter. Le programme se relance automatiquement ? la fin. Il convient donc de choisir le mode 0 pour fermer le programme V4.3.8 09/04/2011 ================= - Ajout d'un module de reconnaissance de processes connus (explorer.exe, etc..) - Optimisations - Ajout d'un module de reconnaissance des dlls charg?es en 04 sous rundll32 - Rogue progFile \\HomeClean\\ \\BoanSupport\\ - DllWhitelist: "oobefldr.dll" "nvsvc.dll" "NvCpl.dll" "NvMcTray.dll" "nview.dll" "srclient.dll" "dr25svc.dll" "cmicnfg.dll" "ksrun.dll" "sbavmon.dll" "dlbttime.dll" "ftutil2.dll" "nvclock.dll" "nvhotkey.dll" "nvmctray.dll" "p17.dll" "spirun.dll" "p17rune.dll" "ptipbmf.dll" "ulutil2.dll" "sispower.dll" "wf2kcpl.dll" "zsscheduler.dll" "apphelp.dll" "advpack.dll" "sti_ci.dll" "ASTSVCC.dll" "LXBUtime.dll" "p0**0pin.dll" - Purge rogues ProgFile - Correction bugs (Language anglais, kill svchost.exe) - Ajout module de restauration des param?tres du centre de s?curit? - Ajout whitelist: clavier.exe V4.3.7 04/04/2011 ================= - Ajout d'un module de reconnaissance MD5 pour les process, les dll et les cl?s RUN - MD5 Blacklist: 2eb8bf9d3fad4cb9e26a1ae184a65816 //AntivirusPlus "random.dll" V4.3.6 29/03/2011 ================= - AJout module Association de fichiers StartMenuInternet (Firefox, IE, Opera) - Rogue Program files \\ADSTOP\\ \\SystemDefender\\ - DNS Whitelist 90.0.0.38 V4.3.5 29/03/2011 ================= - Ajout du disque local syst?me dans l'option 6 - Ajout du repertoire CurrentUser dans l'option 6 - Am?lioration de l'algorithme, gain de rapidit? (option 6) - Ajout des modules de surveillance UAC: "ConsentPromptBehaviorAdmin" , "ConsentPromptBehaviorUser" , "EnableLUA" - Ajout de module de r?paration du fond d'?cran. - Rogue Program files \\vaccinescan\\ - Whitelist DNS 199.243.213.* (Canada) V4.3.4 26/03/2011 ================= - Ajout des removable devices dans l'option 6, sauf lecteur disquette. - Ajout des repertoires Ma musique, Mes videos, Mes images - Correction bug sur la r?cup?ration des chemins Mes videos. V4.3.3 24/03/2011 ================= - Ajout module de v?rification de l'activation de la restauration syst?me - Modification du syst?me WL/BL => Ajout de plusieurs chemins possible - Ajout des disques locaux (Sauf syst?me) pour le mode 6. - DNS Whitelist 86.64.145.145 (NEUF) 84.103.237.145 (NEUF) - Whitelist Dropbox.exe LBubble Dock.exe V4.3.2 16/03/2011 ================= - Ajout d'un module pour neutraliser les liens dans les rapports (fichiers Hosts principalement) - Correction d'un bug g?n?rant des FPs dans le module de services - Rogue PF \\ProPrivacy\\ \\antiguard\\ - Whitelist rockmeltcrashhandler.exe rockmelt.exe - WhitelistDNS 195.235.96.90 (DNS Espagnol) 195.235.113.3 (DNS Espagnol) V4.3.1 14/03/2011 ================= - Ajout d'un module pour la restauration des fichiers pass?s en "cach?" par le rogue Windows diagnostic (option 6) - Ajout whitelist: IMVUQualityAgent.exe - Suppression du checkPath pour les services (trop de FPs) V4.3.0 10/03/2011 ================= - Refonte des Whitelist/Blacklist, ajout de chemins (permet de dire qu'un fichier est blacklist? sauf dans un certain repertoire, etc...) - Correction d'un bug causant des probl?mes d'affichage dans le module de langue englais V4.2.1 09/03/2011 ================= - Correction d'un bug faisant planter le module de langue - Prise en charge Quarantaine pour les modules RUN/Services/Tasks/Startup Folder/Residus - Ajout Whitelist: isuspm.exe (Install Shield Update manager) V4.2.0 07/03/2011 ================= - Modification du syst?me de rapports: Les rapports ne s'ajoutent plus au fichier RKreport.txt, mais ? des fichiers distincts ? chaque lancement, nomm? suivant la norme: RKreport[NUMERO].txt Le r?capitulatif de tous les fichiers disponibles s'affiche ? la fin du rapport. - Whitelist DNS: 81.253.149.$ V4.1.1 07/03/2011 ================= - Correction d'un bug dans la detection des chemins de fichiers, entra?nant la non d?tection de certaines cl?s de registre avec espaces. - Ajout rogue program files: \\ZeroVaccine\\ V4.1.0 04/03/2011 ================= - Correction de bugs - Ajout d'une traduction Fran?ais/Anglais selon la langue du PC V4.0.1 28/02/2011 ================= - Correction de bugs (refonte du systeme de parsing des cl?s de registre) - Ajout de surveillance des cl?s RunOnce, RunServices, RunOnceEx, RunServiceOnce pour toutes les sessions. Des rogues comme System tool peuvent maintenant ?tre supprim?s depuis une session saine. - Rogue Program files: \\pcvaccine\\ V4.0.0 23/02/2011 ================= - Refonte du moteur avec passage du C au C++ - Modification de l'affichage des rapports, plus d'infos. - Ajout blacklist sdra64.exe - Rogue program files \\specialguard\\ V3.10.3 21/02/2011 ================== - Ajout des modules de surveillance Associations de fichiers: HKEY_LOCAL_MACHINE\Software\\Classes\\pezfile\\shell\\open\\command HKEY_LOCAL_MACHINE\Software\\Classes\\.exe\\shell\\open\\command HKEY_LOCAL_MACHINE\Software\\Classes\\exefile\\shell\\open\\command HKEY_CURRENT_USER\Software\\Classes\\exefile\\shell\\open\\command - Ajout blacklist eksplorasi.exe V3.10.2 17/02/2011 ================== - Ajout d'une mise en quarantaine pour les process tu?s (pas encore pour les DLL et les r?sidus) La quarantaine se trouve ? la racine de l'ex?cutable (RK_Quarantine) et comprends: * Les fichiers au format -> Nom_de_lexe.exe.vir * un fichier texte (QuarantineReport.txt) comprenant le r?capitulatif par date des suppression, ainsi que les chemins d'origine. Demander ce rapport en cas de faux positif pour restaurer (? la main) les fichiers d?plac?s par erreur. - Ajout module HKEY_USERS (cl? Winlogon/Windows) pour surveiller les cl?s Shell et Load des autres sessions du PC - Ajout surveillance proxy sur HKLM - Ajout Association fichiers EXE: HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command - Rogue Program Files \\McAVG\\ \\AVGT\\ V3.10.1 16/02/2011 ================== - Ajout module HKEY_USERS (cl? RUN) pour surveiller les cl?s RUN d'autres sessions. - Correction bug CheckPath - Ajout surveillance du chemin des fichiers Services - Ajout surveillance cl? ProxyEnable (Module Proxy) - Rogue Program Files \\PrivacyHidden\\ \\SafeCare\\ V3.10.0 11/02/2011 ================== - Ajout module de d?tection rootkits (sommaire) => BruteForce PIDs + v?rification Blacklist / WhiteList - Ajout ouverture UAC au lancement (pour mode admin) - R?organisation DNS Blackist => Comparaison par masque - Rogues program files "\\eoRezo\\" "\\homevaccine\\" "\\smartscan\\" V3.9.0 01/02/2011 ================= - Migration des modules Proxy et DNS dans des options distinctes. (options 4 et 5) - Ajout BlackList: printer.exe (EasySpywareCleaner) ctfmona.exe (EasySpywareCleaner) xpupdate.exe (EasySpywareCleaner) - Rogue Program Files: \\EasySpywareCleaner\\ - Correction Bug sur module Shell, qui emp?chait la detection des cl?s "Load" V3.8.5 31/01/2011 ================= - Ajout module de reconnaissance du mode de d?marrage (Normal, Mode sans ?chec avec / sans prise en charge r?seau) - Ajout reconnaissance du nom de la session courante - Ajout DNS WhiteList: "74.118.212.1","74.118.212.2", "192.168.10.1", "15.243.128.51","15.243.160.51", "193.95.75.10","193.95.75.13" - Rogue Program Files: \\MyPCCheck\\ - Ajout WhiteList: autologin.exe V3.8.4 29/01/2011 ================= - Ajout module de reconnaissance des DNS malicieux - Ajout WhiteList DNS: http://www.commentcamarche.net/faq/1496-serveurs-dns-des-principaux-fai - 74.118.212.1,74.118.212.2,192.168.10.1,156.154.70.22,156.154.71.22 - Ajout Whtelist little transparency.exe SmpSys.exe - Changement Icone V3.8.3 27/01/2011 ================= - Ajout module de d?tection de lancement automatique de raccourcis dans le dossier Startup (C:\Documents and Settings\\Menu D?marrer\Programmes\D?marrage) - Ajout rogues program files: \\liveboan\\ \\security119\\ \\PrivacyInfo\\ \\MegaVaccine\\ \\WebVaccine\\ \\Smart Security\\ V3.8.2 27/01/2011 ================= - Correction de bugs - Ajout rogues program files: \\PC Security 2011\\ \\Best Spyware Scanner\\ \\AVP2009\\ \\RegGenie\\ - Ajout WhiteList e_s$$**$.exe (Epson Driver) V3.8.1 20/01/2011 ================= - Modification de code - Correction de bugs V3.8.0 19/01/2011 ================= -Ajout module de d?tection des rogues dans program files -Modif module DLL pour d?tection chemin sensibles/program files -Ajout blacklist: avsubengine.exe (VaccineClean) uninst_$ (Rogue.multiple) -Ajout rogues program files: \\VaccineClean\\ \\easyvaccine\\ \\PCoptimizer 2010\\ \\PrivacyRight\\ \\wisevaccine\\ \\privacyguard 2010\\ \\v2accine2010\\ \\NewVC\\ \\ddosclean\\ \\vaccineprogram\\ \\SpyCare\\ \\pcclearplus\\ \\CleanV\\ \\uservaccine\\ \\powercare\\ \\protect_one\\ \\QScan\\ \\ScanZero\\ \\searchguard\\ \\safetyboan\\ \\BestBoan\\ \\DataProtect\\ \\????????????\\ \\adsafer\\ \\AntiProtect\\ \\cleanscan\\ \\New2Clean\\ \\IDBoan\\ \\Scan119\\ \\????????\\ \\Vkiller\\ \\infosecret\\ \\VaccineLab\\ \\RegistryClever\\ \\VaccineData\\ \\infohold\\ \\Internetvaccine\\ \\keycop\\ \\k-security\\ \\eClean3.0\\ \\RealVaccine\\ V3.7.4 13/01/2011 ================= - Modification module HOSTS -> affichage des 20 premi?res lignes seulement (simplifie la lecture du rapport) - Modification du module de detection du type d'user - Ajout whitelist: Smax4.exe V3.7.3 09/01/2011 ================= - Modification du module HOSTS (Ajout d'un fixACL et d'un fixAttributes, qui permettent la modif du fichier) - Correction d'un bug g?n?rant des faux positifs dans le module HijackInitDLL V3.7.2 08/01/2011 ================= - Ajout module de surveillance des AppInitDLL (chargement de dll au d?marrage de windows dans explorer) - Renseignement du mode de lancement de l'appli (Admin - NOT Admin) - Ajout blacklist SM***.exe SM****.exe SM****_$.exe V3.7.1 07/01/2011 ================= - Correction d'un bug cr?ant des faux positifs dans le module de masque - Modification du module "inkillable" => meilleurs r?sultats, surtout sous Vista/seven - Ajout blacklist: sw2#.exe Fullremove.exe -Service Blacklist sst# V3.7.0 05/01/2011 ================= - Ajout module de detection Hijack WBEM (famille Antivirus 2010) V3.6.1 28/12/2010 ================= - Ajout blacklist: *****_##$.exe (Internet Security suite) V3.6.0 28/12/2010 ================= - Ajout d'un module de surveillance du fichier HOSTS - Ajout d'un mode permettant de restaurer un HOSTS sain V3.5.2 27/12/2010 ================= - Ajout de la surveillance de la ligne HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows -> Load - Ajout Blacklist: !^!^!#####.exe (System tool) V3.5.1 18/12/2010 ================= - Correction d'un bug emp?chant la suppression de cl?s de registre poss?dant +2 niveaux de sous-cl?s V3.5.0 13/12/2010 ================= - Modification du module de modif des ACLs, prise en charge de Vista / Seven (Merci ? Egwene et Eric_71) V3.4.0 11/12/2010 ================= - Ajout d'un module pour rendre le process inkillable! :) (du moins hormis l'utilisateur, et les applis ayant SE_DEBUG) V3.3.0 11/12/2010 ================= - Ajout d'un module de suppression des LEGACY (Ne marche que sous XP pour le moment) - Ajout d'un module de modification des ACL, avec resatauration apr?s le scan/modif des cl?s (merci ? Egwene) - Correction d'un bug de d?tection des chemins sensibles (Appli~1 = Appdata) V3.2.1 01/12/2010 ================= - Correction d'un bug qui faisait planter le module running services - service blacklist: vbma**** (Antivirus Action) V3.2.0 20/11/2010 ================= - Modification et activation du module des taches planifi?es. Bas? sur la blacklist, et les r?sidus en m?moire. V3.1.0 20/11/2010 ================= - Ajout de module de scan 04 RunServices RunOnceEx - Blacklist windowstmsystem.exe microsoftspeech.exe mbamzlib.exe sshnas$ Zludo*.exe Zjuje*.exe - Service SSHNAS V3.0.1 14/11/2010 ================= - Ajout de service Blacklist Follower - Ajout de cl?s Blacklist netc.exe nnmmnnsys.exe V3.0.0 14/11/2010 ================= - Hijack Policies NoFolderOptions - Correction d'un bug qui faisait planter le module de recherche RUN V2.9.0 14/11/2010 ================= - Ajout d'un module de Shell Spawning (Hijack du lancement des .Exe) pezfile .exe V2.8.0 13/11/2010 ================= - Ajout de module de d?tection des Hijack Policies DisableTaskMgr DisableRegistryTools DisableCMD V2.7.1 12/11/2010 ================= - Correction d'un bug faisant planter le module IFEO (d?bordement de tableau) V2.7.0 11/11/2010 ================= - Ajout module proxy Firefox V2.6.0 05/11/2010 ================= - Ajout module de reconnaissance des dll charg?es sous rundll32 - Ajout module de kill des dll trouv?es dans les r?sidus - Services Blacklist: kxtoykoc (smart defragmenter) jvfrhmo (think point) V2.5.0 05/11/2010 ================= - Ajout module Image File Execution Options - Ajout module taches planifi?es (? completer) V2.4.0 05/11/2010 ================= - Ajout description dans les propri?t?s. V2.4.0 30/10/2010 ================= - Ajout d'un module de scan des r?sidue (process dont la cl? de registre ? ?t? supprim?e, mais qui n'ont pas ?t? tu?s, car seul la valeur de la cl? de registre permet de les identifier) - Ajout Date/Heure dans le rapport - Correction d'un faux positif sur les noms de fichier contenant "temp" V2.3.1 30/10/2010 ================= - Ajout recherche Blacklist pour les valeurs de registre - BlackList: MK**.exe (Antimalware Doctor) MK***.exe (Antimalware Doctor) uPc+MV$.exe (Antimalware Doctor) - WhiteList: Chrome.exe (se lance dans Appdata) - Ouverture automatique du rapport ? la fin - Message invitant ? passer le mode 2 si des infections ont ?t? trouv?es dans le registre V2.3.0 22/10/2010 ================= - refonte du module de scan svchost (?l?vation des privil?ges) -> plus besoin des taskkill et tasklist - Ajout d'un module de scan des services en cours d'ex?cution (autres que svchost) V2.2.0 21/10/2010 ================= - Ajout currentcontrolset003 - remaniement du code V2.1.0 20/10/2010 ================= - Ajout d'un module de comparaison g?rant les masques - Ajout de rogue SM***_****.exe (Smart Engine) V2.0.0 20/10/2010 ================= - Ajout d'un module de scan des services svchost -> on tue le service si celui ci est suspect Ce module ne fonctionne pas nativement sous XP home. il faut t?l?charger 2 ex?cutables et les placer ? la racine de RogueKiller V1.8.0 19/10/2010 ================= - Ajout d'un module de scan des services (CurrentControlSet, ControlSet001, 002) - Ajout de services ? la liste noire: userinit (Antivirus 2010) V1.7.1 19/10/2010 ================= - Ajout de quelques process en WhiteList flux.exe RtkBtMnt.exe GoogleUpdate.exe V1.7.0 18/10/2010 ================= - Ajout d'un module de suppression des proxy V1.6.0 18/10/2010 ================= - refonte de la recherche de processus. -> Purge des Blacklist / WhiteList -> Scan bas? sur l'emplacement du process en priorit? pour une plus grande rapidit? - Ajout? le repertoire "Bureau/Desktop" comme dossier sensible - Ajout? chemin des fichiers tu?s (Sauf security Tools) dans le rapport V1.5.0 18/10/2010 ================= - Ajout d'un scan de la cl? Shell rogue Thinkpoint pris en charge BlackList Hotfix.exe Desktop Security 2010.exe WhiteList: GoogleUpdate.exe chrome.exe GoogleCrashHandler.exe flux.exe Ati2evxx.exe spoolsv.exe V1.4.0 14/10/2010 ================= - Ajout d'un choix de mode pour le registre mode scan: ne supprime pas les cl?s de registre trouv?es mode remove: supprime les cl?s de registre trouv?es Cela permet de voir d'?ventuels faux positifs et rassurer les personnes qui ne veulent pas toucher au registre, et seulement tuer le processus infectieux V1.3.0 14/10/2010 ================= - Ramaniement du code, optimisations. Arrangement modulaire V1.2.0 12/10/2010 ================= - Am?lioration du module de d?tection des cl?s RUN/RUNONCE infectieuse d?tection des fichiers / chemin de mani?re plus pr?cise moins de faux positifs, ciblage plus facile. - Passage en "Append" du fichier RKreport.txt (au lieu de w+) ce qui permet de ne pas ?craser les rapports pr?c?dents en cas de multiples ex?cutions ? la suite (le rapport est donc une superposition ant?-chronologique des diff?rents rapports) V1.1.2 10/10/2010 ================= - Ajout d?tection OS et affichage dans le rapport Desktop Security 2010.exe flash_player_installer.exe Whitelist: rundll32.exe V1.1.1 08/10/2010 ================= avp32.exe (Peak Protection) user.exe (Peak Protection) system.exe (Peak Protection) svc.exe load.exe (Antivirus studio 2010) securitycenter.exe (Antivirus studio 2010) securityhelper.exe (Antivirus studio 2010) AntiVirus Studio 2010.exe (Antivirus studio 2010) V1.1.0 04/10/2010 ================= - Ajout d'un module de suppression des cl?s RUN/RUNONCE en fonction de la liste noire/liste blanche et des filtres dossiers habituels - Optimisations - Ajout d'un icone programme - Ajout de quelques process Koobface: ld15.exe ld16.exe andy133.exe V1.0.3 01/10/2010 ================= - Ajout d'un module tuant les applications tournant sous "\Application Data\" ou un de ses sous-dossiers - Ajout d'un module tuant les applications tournant sous "\Temp\" ou un de ses sous-dossiers V1.0.2 01/10/2010 ================= - Passage en priorit? Haute au d?marrage du processus (plus grande part CPU pour le scan, donc moins de chances de se faire killer) V1.0.1 01/10/2010 ================= - Ajout d'une whitelist minimaliste pour acc?l?rer la recherche [System Process] System smss.exe csrss.exe wininit.exe winlogon.exe services.exe lsass.exe lsm.exe svchost.exe dwm.exe explorer.exe ctfmon.exe dllhost.exe alg.exe conhost.exe taskhost.exe sched.exe Locator.exe jusched.exe V1.0 30/09/2010 =============== - Rogue Security Tools module de d?tection des noms compos?s uniquement de chiffres - Ajout de rogues plus anciens: ccagent.exe (Control center) ccmain.exe richtx64.exe (Data Protection) asr64_ldm.exe (Dr Guard) diskperfxp.exe (User Protection) davclnt.exe (Digital Protection) avp.exe digprot.exe datprot.exe (Data Protection) ave.exe - Changelog SmitfraudFix jusqu'? November 06, 2008 winupdate.exe AVR09.exe msa.exe ld09.exe mediacodec.exe pp10.exe SYSDLL.exe SYS32DLL.exe DL32.exe pcdefender.exe svchost_32.exe asasa.exe syst.exe msctrl.exe msavsc.exe msscan.exe msiemon.exe msfw.exe msctrl.exe msavsc.exe msscan.exe msiemon.exe msfw.exe setup2.exe AntivirusXP.exe ld03.exe pp06.exe userload.exe rs32net.exe renus2008.exe sysrc32.exe svchostw.exe ld01.exe ld02.exe pp2.exe dll32.exe winagent.exe systeminit.exe sysguard.exe avrlabs.exe AnvTrgr.exe msiconf.exe VirTrigger.exe VirusTriggerBin.exe svhost.exe reged.exe spoolsystem.exe syscert.exe sysexplorer.exe wsc32x.exe