=========================================================
=== ===
=== RogueKiller Changelog ===
=== ===
=========================================================
-------------------
- Adlice Software -
-------------------
V12.13.1 09/17/2018
=================
- Added detections
V12.13.0 09/10/2018
=================
- Fixed a critical memory leak in core (buffer)
- Added detections
V12.12.34 09/03/2018
=================
- Added detections
V12.12.33 08/27/2018
=================
- Added detections
V12.12.32 08/20/2018
=================
- Added detections
V12.12.31 08/10/2018
=================
- Added detections
V12.12.30 08/06/2018
=================
- Added detections
V12.12.29 07/30/2018
=================
- Added detections
V12.12.28 07/23/2018
=================
- Added detections
V12.12.27 07/19/2018
=================
- Added detections
V12.12.26 07/09/2018
=================
- Added detections
V12.12.25 07/02/2018
=================
- Added detections
V12.12.24 06/25/2018
=================
- Added detections
V12.12.23 06/18/2018
=================
- Fixed a crash in Curl module
- Fixed Win32 API usage that broke XP compatibility
V12.12.22 06/18/2018
=================
- Added detections
V12.12.21 06/11/2018
=================
- Added detections
V12.12.20 06/04/2018
=================
- Added detections
V12.12.19 05/28/2018
=================
- Added detections
V12.12.18 05/22/2018
=================
- Added detections
V12.12.17 05/14/2018
=================
- Added detections
V12.12.16 05/04/2018
=================
- Added detections
V12.12.15 04/30/2018
=================
- Added detections
V12.12.14 04/23/2018
=================
- Added detections
V12.12.13 04/16/2018
=================
- Added detections
V12.12.12 04/09/2018
=================
- Added detections
V12.12.11 04/03/2018
=================
- Added detections
V12.12.10 03/26/2018
=================
- Added detections
V12.12.9 03/19/2018
=================
- Added detections
- Update Korean translation
V12.12.8 03/12/2018
=================
- Added detections
V12.12.7 03/05/2018
=================
- Added detections
V12.12.6 02/26/2018
=================
- Added detections
V12.12.5 02/19/2018
=================
- Added detections
V12.12.4 02/12/2018
=================
- Added detections
V12.12.3 02/05/2018
=================
- Added detections
V12.12.2 01/29/2018
=================
- Added detections
V12.12.1 01/22/2018
=================
- Fixed possible crash in PE parser
- Added detections
V12.12.0 01/15/2018
=================
- Fixed possible hang while processing file MD5
- Fixed Chrome extension removal
- Fixed Chrome configuration removal
- Added detections
V12.11.32 01/08/2018
=================
- Added detections
V12.11.31 01/02/2018
=================
- Added detections
V12.11.30 12/26/2017
=================
- Added detections
V12.11.29 12/18/2017
=================
- Added detections
- Fixed Windows Defender FP
V12.11.28 12/11/2017
=================
- Added detections
V12.11.27 12/04/2017
=================
- Fixed potential issue with "device not found, insert disk" messages
- Added detections
V12.11.26 11/27/2017
=================
- Added detections
V12.11.25 11/20/2017
=================
- Added detections
V12.11.24 11/13/2017
=================
- Added detections
V12.11.23 11/06/2017
=================
- Added detections
V12.11.22 10/30/2017
=================
- Added detections
V12.11.21 10/23/2017
=================
- Added detections
- Updated translations
- Fixed a bug in JSON export
V12.11.20 10/16/2017
=================
- Added detections
V12.11.19 10/09/2017
=================
- Added detections
V12.11.18 10/02/2017
=================
- Added detections
V12.11.17 09/25/2017
=================
- Added detections
- Updated translations
V12.11.16 09/18/2017
=================
- Added detections
V12.11.15 09/18/2017
=================
- Added detections
V12.11.14 09/11/2017
=================
- Added detections
V12.11.13 09/04/2017
=================
- Added detections
- Added msiexec handler to pathparser
V12.11.12 08/28/2017
=================
- Added detections
V12.11.11 08/21/2017
=================
- Added detections
- Dutch translation update
V12.11.10 08/14/2017
=================
- Added detections
- Fixed issue with uploader (please note this will apply to next update)
V12.11.9 08/03/2017
=================
- Added detections
- Fixed POST requests with proxy
- Fixed Upload timeout (crash upload/support form)
V12.11.8 07/24/2017
=================
- Fixed proxy persitence in Free mode
- Fixed a bug in MalPE
- Added detections
- Updated translations
V12.11.7 07/17/2017
=================
- Added detections
- Added Proxy configuration
V12.11.6 07/10/2017
=================
- Added detections
V12.11.5 07/03/2017
=================
- Added detections
V12.11.4 06/26/2017
=================
- Added detections
V12.11.3 06/19/2017
=================
- Added detections
- Minor fixes
V12.11.2 06/12/2017
=================
- Added detections
V12.11.1 06/04/2017
=================
- Added detections
- Fixed possible bug in MalPE scanner
- Forced VT mitigation for MalPE scanner to avoid FPs
V12.11.0 05/29/2017
=================
- Added detections
- NEW! MalPE module (BETA)
- NEW! RogueKillerAdmin V2 compatible
- DEPRECATED: RogueKillerAdmin V1
V12.10.10 05/22/2017
=================
- Added detections
V12.10.9 05/15/2017
=================
- Added detections
V12.10.8 05/08/2017
=================
- Added detections
- Fixed a bug in settings where Offline registry setting wasn't saved
V12.10.7 05/01/2017
=================
- Added detections
- Fixed a possible crash in COM module
- Fixed a possible crash in Path parser
V12.10.6 04/24/2017
=================
- Added detections
- Updated translations
V12.10.5 04/18/2017
=================
- Added detections
V12.10.4 04/10/2017
=================
- Added detections
V12.10.3 04/03/2017
=================
- Added detections
V12.10.2 03/27/2017
=================
- Added detections
V12.10.1 03/20/2017
=================
- Added detections
V12.10.0 03/13/2017
=================
- Added detections
- Now using common translations
- Fixed UI error where the "Pause" button was not reset after a scan
- Fixed a bug in the MBR scan
- Fixed minor bugs
V12.9.9 02/27/2017
=================
- Added detections
- Added warning when no element is selected prior to removal
- Fixed a bug in detection labels
- Fixed a bug in VT module
V12.9.8 02/21/2017
=================
- Added detections
V12.9.7 02/06/2017
=================
- Added detections
- Updated translations
V12.9.6 01/30/2017
=================
- Added detections
V12.9.5 01/23/2017
=================
- Added detections
V12.9.4 01/16/2017
=================
- Fixed FP on Mozilla Maintenance Service
V12.9.3 01/16/2017
=================
- Added detections
- Fixed licensing machine ID
V12.9.2 01/09/2017
=================
- Added detections
- Fixed critical bug in File module leading to a crash when scanning big files (> 2GB)
V12.9.1 01/02/2017
=================
- Added detections
- Various fixes
V12.9.0 12/26/2016
=================
- Added detections
- Signatures reorganization with YaraEditor database
- Donation text rewording
- Fixed big files scan
- Switched Yara fast mode ON
- Fixed tasks working dir recognition
V12.8.6 12/19/2016
=================
- Added detections
V12.8.5 12/12/2016
=================
- Added detections
V12.8.4 12/05/2016
=================
- Added detections
- RogueKillerDLL 1.0.3
- Fixed a bug in licensing, where it was impossible to remove license if about to expire
V12.8.3 11/28/2016
=================
- Added detections
V12.8.2 11/21/2016
=================
- Added detections
- Updated translations
V12.8.1 11/14/2016
=================
- Added detections
- Fixed update page translations
- Fixed eula page translations
- Fixed machine identification method
V12.8.0 11/07/2016
=================
- Added detections
- NEW! Chrome configuration scanner
- Added Print Providers scanner
V12.7.5 10/31/2016
=================
- Added detections
- Fixed COM crash on some machine at initialization
- Added Svchost path parser and service scanner
- New telemetry
- Fixed hidden tasks not being scanned
V12.7.4 10/24/2016
=================
- Added detections
- Fixed COM init/close implementation, that led to a hang on Windows XP
- Improved path parsing security
- Now path parser is able to scan for powershell EncodedData payloads
V12.7.3 10/17/2016
=================
- Added detections
- Updated translations
- Fixed bugs in task scanner prenventing from scanning entirely and removing tasks
- Fixed a bug with exit button
- Now installer has complete version number
V12.7.2 10/15/2016
=================
- Emergency fix for ADS false positive
V12.7.1 10/10/2016
=================
- Added detections
V12.7.0 10/03/2016
=================
- Added detections
- Improved filesystem scanner
- Improved telemetry
- Added winsock scanner
- Fixed a bug in installer
- Fixed installer error messages translations
V12.6.4 09/26/2016
=================
- Added detections
- Fixed a bug in disk serial read
V12.6.3 09/19/2016
=================
- Added detections
- NEW! Firewall rules scanner
V12.6.2 09/12/2016
=================
- Added detections
- Fixed a bug in LNK cleanup
- Added powershell path parser
V12.6.1 09/06/2016
=================
- Fixed missing resources (leading to a crash)
V12.6.0 09/05/2016
=================
- Added detections
- Updated translations
- Fixed a bug where patched files were not fixed on removal
- Added warning when license is expired or about to expire
- NEW! WMI Scanner
V12.5.2 08/29/2016
=================
- Added detections
- Updated translations
V12.5.1 08/22/2016
=================
- Fixed a bug in Yara module
V12.5.0 08/22/2016
=================
- Added detections
- Added file exclusion for forged files
- Fixed a bug where big files were detected as VT.Unknown
- Updated scanner to use Yara 3.5:
https://github.com/VirusTotal/yara/releases/tag/v3.5.0
- Fixed (Yara 3.5): Processes scan doesn't use all memory/cpu
- Improvements (Yara 3.5): Scan is faster
V12.4.4 08/16/2016
=================
- Added detections
- Updated translations
V12.4.3 08/08/2016
=================
- Added detections
V12.4.2 08/01/2016
=================
- Added detections
V12.4.1 07/28/2016
=================
- Added detections
- Shortcuts scanner now cleans them instead of removing
V12.4.0 07/18/2016
=================
- Added detections
- Added Feed fallback (no more blank thing when website is slow)
- Added Shortcuts scanner
- Added Tasks scanner (by name/path)
- Updated translations
- Moved IRP scan to expert mode
- Fixed a bug where LNK pointed by tasks where not resolved
- Added registry Classes scanner
- (Premium) Added -noremove switch, to ignore detections
V12.3.8 07/11/2016
=================
- Added detections
- New feed version, with licensing filtering
- Registry scanner enhancement: Now stops the service before removing a service key
- Fixed a bug where Processes files were marked as missing
- Fixed VT score display
V12.3.7 07/04/2016
=================
- Added detections
- Updated internal links
- Updated translations
V12.3.6 06/27/2016
=================
- Fixed a bug leading to app being quit when a message is closed while in tray.
- Now displaying warnings on "Expert settings" turned on.
V12.3.5 06/22/2016
=================
- Fixed all links, now using a file provider API.
V12.3.4 06/20/2016
=================
- Added detections
- Added folder children exclusion scanner rule
- Signatures normlization
- Fixed a bug leading to hosts file not being scanned
V12.3.3 06/13/2016
=================
- Added detections
- Updated translations
- Fixed a bug where HTML reports were'nt readable on Chrome
V12.3.2 06/06/2016
=================
- Added detections
- Fixed possible crash on Intel files scan
- Refactor of marketing page
- Fixed a bug in VirusTotal upload leading to files not being sent for analysis
- Minor UI improvments
V12.3.1 05/30/2016
=================
- Added detections
- Updated translations
V12.3.0 05/22/2016
=================
- Added detections
- NEW! (Premium) Themes
- NEW! Clear theme
- NEW! Naked theme
- NEW! Dark theme
- Modified stats payload
- Update form: Now displays a warning when Updater is not present
- Update form: Now opens direct link to setup for Premium user in case Updater not present
V12.2.1 05/16/2016
=================
- Added detections
- Fixed transfer progress reset
- Updated translations
- Fixed UI hangs bug in old GUI
V12.2.0 05/10/2016
=================
- Added detections
- Updated translations
- Fixed a bug preventing from starting the scan on machines with 1 CPU
- Added a Quit button (useful when you want to skip close to tray)
- Fixed links in About tab
- Fixed check for updates (was not showing outdated when update arrives after the program is started)
V12.1.6 05/09/2016
=================
- Added detections
- Updated translations
- Improvement of path parsing module, added "cmd start x" method.
V12.1.5 05/02/2016
=================
- Added detections
- Update form now shows changelog
- Fixed RKAdmin link in updater
V12.1.4 04/25/2016
=================
- Added detections
- Fixed forged files dump to VT
- Now displays a warning when using wrong bits version
- Now shows GeoIP results
- Fixed an issue in updater where RogueKillerCMD wasn't recognized
V12.1.3 04/18/2016
=================
- Added detections
- Updated translations
- Fixed default check state in installer
- Fixed a bug that allowed check state modification of non-removable items
- Updater now uses cloud link
- Feed now uses cloud link
- Fixed a bug in GeoIP module
- Fixed a potential crash in MBR reading
V12.1.2 04/11/2016
=================
- Added detections
- Updated translations
V12.1.1 04/04/2016
=================
- Added detections
- Updated translations
- Now file replacements are made with sfc.exe on Vista+
- Added button to remove trial
- Fixed a bug in Chrome scanner preventing the scan from starting
V12.1.0 03/29/2016
=================
- Added detections
- NEW! Tools menu
- NEW! Hosts File Tools menu (Premium)
- Updated translations
- Fixed a bug in context menu actions
V12.0.3 03/21/2016
=================
- Added detections
- Added indonesian language
- Added more translators names
- Fixed a bug in AutoStart/AutoDelete
- Fixed a bug preventing to quit on Update
- Added a link to Lost license form
V12.0.2 03/14/2016
=================
- Added detections
- Added crash dump form
- Fixed a bug that showed steps not supposed to run
- Updated translations / Fixed typos
- Added Data column in scan results
- Fixed Autoscan
- Fixed Autoremove
- Now scan progress live detection shows in red when an item is detected
- Fixed a bug that led to driver state being wrong in reports
V12.0.1 03/07/2016
=================
- New user interface
- Added detections
V11.0.14 02/29/2016
=================
- moved driver loading at the beginning of the scan
- introducing expert mode
- processes no longer killed during scan (killed at removal, on demand)
- moved IAT scanning into expert mode
- core preparation for V12
- Added detections
V11.0.13 02/22/2016
=================
- moved signatures loading at the beginning of the scan
- core preparation for V12
- Added detections
V11.0.12 02/15/2016
=================
- Added detections
- Fixed a bug in Files module
- Fixed a bug in Web module
V11.0.11 02/08/2016
=================
- Added detections
V11.0.10 02/01/2016
=================
- Added detections
- Updated translations
V11.0.9 01/25/2016
=================
- Added detections
- Updater 2.1
- Updater can now serves installable version
- Updater can now skip licensing page if already registered
V11.0.8 01/19/2016
=================
- Added detections
- TrueSight v2.0.2 (fixed digital certificate for SHA1)
- Added Turkish language
- Updated translations
V11.0.7 01/11/2016
=================
- Added detections
- Added ADS whitelisting/blacklisting
V11.0.6 01/04/2016
=================
- Added detections
- Using new licensing API
V11.0.5 12/28/2015
=================
- Added detections
- Now setup will verify license key when entered
V11.0.4 12/20/2015
=================
- Added detections
V11.0.3 12/14/2015
=================
- Added detections
- Added translations in setup
- Updated translations
V11.0.2 12/07/2015
=================
- Fixed a bug in Buffer search
V11.0.1 12/07/2015
=================
- Added detections
- Fixed a possible bug in scanner
- Fixed a possible issue in COM module
V11.0.0 11/30/2015
=================
- Added rating link in marketing window
- Now detects ADS (Alternate Data Streams)
- Qt 5.5
- Moved Prescan into Scan
- Now IAT scan is able to scan Microsoft Edge
- Better hooks report for kernel hooks
- Truesight v2
- Now kernel hooks are scanned on userland
- Fixed a bug in COM module
- Added software keys detection
- Added registry path signatures
- Added detections
V10.11.7 11/23/2015
=================
- Added detections
- Fixed a possible hang issue on HTTP calls (timeout broken)
- setup improvments, ability to deploy both version (32/64 bits)
- setup improvments, banner and translations
- fixed a possible crash in junctions data parsing
V10.11.6 11/16/2015
=================
- Added detections
- Fixed a bug that closed the app when closing child window when minimized in tray
- added -reportpath command line parameter
- UI tweaks
V10.11.5 11/09/2015
=================
- Added detections
V10.11.4 11/02/2015
=================
- Added detections
- Fixed a bug in licensing engine, leading to a lost of configuration sometimes.
- Fixed a bug in processes module where main module was not good
- Fixed a bug in processes module where Updater was crashing if a very long command line was passed
V10.11.3 10/26/2015
=================
- Added detections
- Added warning when driver is not loaded
- Fixed Microsoft Security Client as legit parent for svchost
- (Premium) Added Premium label in reports
- Updated translations
- (Premium) Added information for external scanner (tab in settings)
- (Premium) Now application closes in tray and persist
- (Premium) Now able to start a scan from the tray icon
- Fixed a bug where services/windows were not scanned
- Fixed a bug where filesystem was not properly scanned
V10.11.2 10/20/2015
=================
- Fixed a crash in Buffer module
- Moved rebranding to Premium Technician
V10.11.1 10/19/2015
=================
- Added detections
- Moved rebranding to Premium documented features
- Fixed an issue with IAT scan progress (progress reset after process scan)
- Updated translations
- NEW! (Premium Technician) Added an option to limit time validity of portable config files
- Improved performance of filesystem scanner (scan is now much faster)
- Whitelisted Chrome sandbox IAT hooks
- Added timeout for file shortcut resolution (improves performance of filesystem scanner)
V10.11.0 10/12/2015
=================
- Added detections
- Added filter on VirusTotal internal submit (no user file)
- Improved shellcode module detection in inline hooks module
- Fixed memory growth while scanning filesystem
- IAT scan is now much faster because only scanning windows DLLs table
- Table-based hooks have cleaner display in logs (module!export)
- Fixed a bug in modules enumeration on 64 bits
- Excluded wow64cpu enter from inline hooks detection
- Now inline hooks architecture detection relies on import module architecture instead of process
- RogueKillerCMD: Added -dont_ask switch (to eliminate all user interactions and use default actions)
V10.10.9 10/05/2015
=================
- Fixed bug in Disk module
- Fixed bug in IAT parser
V10.10.8 10/05/2015
=================
- Added detections
- Now Updater restarts application using same command line parameters
V10.10.7 09/28/2015
=================
- Added detections
V10.10.6 09/21/2015
=================
- Added detections
- Fixed bug in Disk module
- New social icons
- RogueKillerCMD: Added build number, licensing state
V10.10.5 09/14/2015
=================
- Added detections
V10.10.4 09/04/2015
=================
- Added detections
- Updated links
- (Premium) Added notification when license is about to expire
- Fixed bug in Disks module
V10.10.3 08/31/2015
=================
- Added detections
- Now all legit antirootkit entries are hidden
- fixed a bug in Process module
- internal reorganization
V10.10.2 08/24/2015
=================
- Added Detections
- NEW! Added Processes list to json report
- NEW! (Premium) Added -vtupload yes/no command line parameter
- Updated EULA to reflect licensing terms
- Updated translations
- Added help button in "?" menu
- Fixed way of reading disk serial
- Fixed a bug in VT scanner
V10.10.1 08/17/2015
=================
- Added detections
- (Premium) Added message when Updater is not present and program is outdated
- Updated translations
- Added link to public Trello board
- Added version check in about form
- NEW! VirusTotal choice for upload
- NEW! (Premium) VirusTotal choice setting
- Fixed automatic updates when Updater is not present
- NEW! EULA will show up again if a new version is present
- Extended injection signature search to 4 sections (instead of 1), to better identify injection code.
- Now infection urls for antirootkit point to non technical posts
- Resized main and about forms
- (Premium) Added more information in licensing server check
- (Premium) Prepared for annual subscription switch
V10.10.0 08/11/2015
=================
- Added detections
- Compatibility with Windows10
- Added error message when key has wrong pattern
- Updated translations
- NEW! File Scanner is more aggressive, and will search in a lot more locations
- Fixed a bug in honey module
- Fixed a bug in logging module
V10.9.4 07/30/2015
=================
- Added detections
- Fixed file scan when path contains unicode characters
- Fixed offline licensing issue (License was not recognized when no internet available). Now once registered (with internet on) it works offline.
- NEW! (Premium) Tray icon phase 1.
V10.9.3 07/21/2015
=================
- Fixed a crash when scanning Digital Certificate of some files
- Fixed a FP when LNK files have unicode characters in path (OneNote 2010 - Capture d??cran et lancement.lnk)
V10.9.2 07/20/2015
=================
- Added detections
- NEW! HTML reports
- NEW! HTML Open button
- NEW! TXT Open button
- NEW! HTML log setting + command line parameter
- Fixed timeout for Curl operations (max 5 seconds)
- NEW! signature database is now pre-compiled, will load much faster
- Updated Yara engine to 3.4
- Refactored Digisig engine, better performances
- Added more information in Json log for killed processes
- Fixed a bug where x64 processes names are not found when using x86 version
- Fixed path whitelist priority on VT blacklist (processes scanner)
- Updated translations
- Fixed an issue where Floppy drives become very noisy during scan
V10.9.1 07/09/2015
=================
- Added detections
- NEW! Added Open Text button in Json log viewer.
- NEW! Korean language
- Updated translations
- Fixed Scan randomly performed.
- NEW! Command line parameter: -reportformat [txt|json]
- NEW! Report format setting
- Merged Txt report generation with Txt export
V10.9.0 07/06/2015
=================
- Separate database for RogueKillerCMD / Updater
- NEW! Updater is now generic (cannot be used by double click anymore, takes command line)
- NEW! RogueKillerCMD can now use automatic updates
- NEW! RogueKillerCMD has now a version check
- NEW! RogueKiller has now accessibility (JAWS compatibility)
- Added detections
- -autodelete implicit has been removed from -hide
- Fixed a bug in RogueKillerCMD where command line isn't handled correctly
- NEW! RogueKiller now uses JSON as root format for reporting
- NEW! RogueKiller can open JSON logs into a new window
- NEW! JSON logs can be exported in RAW text format
- Updated translations
- NEW! setup now embeds RogueKillerCMD
- Fixed a bug in tasks scanner
- Fixed certificate timestamp
V10.8.7 06/29/2015
=================
- Removed AV.Killer definition (too many FPs)
- Fixed a bug in mstring module, leading to infinite loop in certain circumstances
- Now tasks scanner scans arguments too
- Added detections
V10.8.6 06/22/2015
=================
- Adjusted AV.Killer definition
V10.8.5 06/22/2015
=================
- Added detections
- NEW! External Scanner
- Fixed a bug in Process Scanner
- Fixed a bug in File Search
- Fixed a bug in Registry Scanner
- Now process paths are expanded
- Fixed a bug in VT module
- Fixed a bug in -autoscan
V10.8.4 06/16/2015
=================
- Added Skype to exclusions for RunPE detections
V10.8.3 06/15/2015
=================
- Added detections
- NEW! RunPE heuristic detection
- (Premium) Removed Paypal/Premium images
- Refactored settings form
- NEW! (Premium) -autoupdate command line parameter + setting
- Updated translations
- Fixed a bug in VT module
- Fixed a bug in WebServer (Not starting sometimes)
V10.8.2 06/09/2015
=================
- Using Licensing 2.0
- Added detections
V10.8.1 06/03/2015
=================
- Fixed a bug in Licensing
- Fixed a bug in VirusTotal module
- Now portable license generated file is read-only
- Added GUI indicators when using portable license
- Added detections
- Extension checker optimizations
V10.8.0 06/01/2015
=================
- Updated database
- Fixed a bug in reporting
- Disabled PUM.DesktopIcons (too confusing, and not critical)
- Disabled PUM.Orphan (too confusing, not critical)
- Better unit testing
- Initialization optimizations
- Updated translations
- NEW! (Premium) Web service
- NEW! Web service /info url (get version info)
- NEW! Web service /scan/new url (start new scan)
- NEW! Web service /scan/status url (get scan status)
- NEW! Web service /report/last url (get last report)
- NEW! (Premium) -pupismalware command line parameter + setting
- NEW! (Premium) -pumismalware command line parameter + setting
- Reverted portable fixed location in rk_config.ini
- Fixed error message when too many instances
- Setup now adds RogueKiller bin folder to %PATH%
- Updated userland certificate
- NEW! Promotional nag.
V10.7.0 05/25/2015
=================
- New configuration module, not compatible with old one. Able to use read-only medium for portable license.
- NEW! no more rk_config.ini for technician license.
- NEW! command line parameter: -portable-license
- Updated languages
V10.6.5 05/20/2015
=================
- Fixed a bug with KnownDLLs detection when value name starts with underscore (_)
V10.6.4 05/18/2015
=================
- NEW! Preferred language is now saved
- Added detections
- Fixed processes scan aggressiveness
- NEW! Logo can now be rebranded (Please contact us)
- Fixed a bug in Extensions Checked
- Fixed a bug in CLSID scanner
- Fixed Orphan detection level + vendor name => PUM.Orphan
- Fixed License fallback state
- Added new autostart locations
- Added Transfert progressbar
V10.6.3 05/11/2015
=================
- Added detections
- Fixed a bug in File Search module
- Increased feed rotation time
- Better UI information
- Deactivated VT IP scan (too many FPs)
V10.6.2 05/04/2015
=================
- NEW! Breaking news banner
- External libs update + optimizations (Zlib, SQLite, udis86)
- Fixed a bug in Tab navigation
V10.6.1 04/27/2015
=================
- Now VT file scan has minimum/maximum size
- Refactored PUP/PUM classification to be clearer and more consistent
- Fixed VT file scanner scanning LNK files instead of target
- Now VT unknown s classified as PUP
- Now VT cache has outdated date (fixed to 5 days)
- Now VT scanner rescans pending items at initialization
- Added detections
V10.6.0 04/20/2015
=================
- Added detections
- Moved version check before Prescan
- Fixed a bug in IAT scanner, where call stack was not recorded correctly
- Fixed a bug in IAT scanner, where unknown module was not displayed
- Fixed a bug in RogueKiller OLD GUI, where config file was not read properly
- Fixed ShowLegitHooks command/setting
- Fixed slow UI when a lot of entries are added to a table
- Fixed a bad items insertion when sorting was enabled
- Fixed a bug in MBR (GPT) module
- Fixed missing Premium info when internet access is broken
- Fixed a bug in libcurl library (X64)
- Added new method to detect IAT inline hooks
- NEW! VT Scan on registry, tasks, files, mbr, web browsers and antirootkit scans.
- NEW! VT scan no more in beta
- NEW! VT scan now scans all processes
- NEW! VT scan has local caching
V10.5.10 04/13/2015
=================
- Added detections
- Now can register Premium with command line parameter: -register <email> <key>
- Now displays remaining activations for Premium
- All communications are now using SSL (HTTPS)
- RogueKillerCMD: Added better colors
- RogueKillerCMD: Now can recognize RogueKiller's command line parameters
V10.5.9 04/07/2015
=================
- Added detections
- Now logs are sorted by date
- Now can attach last log even if a scan was not performed in the same session
- Fixed a bug where registration form cannot upload last report
- Removed Post Delete message asking for Premium buying when a user is already registered
- Now file scanner shows unscanned files (for progression), so that software doesn't give an impress of being stuck
V10.5.8 03/30/2015
=================
- Added detections
- Fixed a bug where config isn't reset after removing the license.
- Fixed NoPop configuration bug
- Added all command line parameters in Settings
- Updated translations
- Now registration Id/Key are trimmed to avoid copying/writing spaces before/after them (and have wrong key error message)
- Fixed updater now recognizing License on Windows 8 (now needs admin rights to be launched).
- Updated EULA to reflect VirusTotal integration rules.
V10.5.7 03/22/2015
=================
- Fixed a crash when starting the application
V10.5.6 03/21/2015
=================
- Added detections
- Fixed bug forbidding technician licenses to use command line
- Added Persian translation
- Fixed a possible hang on service termination
- Added progress text on progressbar during the scan
- NEW! VT scan on Processes (beta, only premium, disabled by default)
- NEW! VT scan on Services (beta, only premium, disabled by default)
- RogueKillerCMD : removed tutorial opening in case of an infection
V10.5.5 03/16/2015
=================
- Added detections
- PREMIUM: Added more settings options
- Unhidden premium options, added Nag message
- Updated translations
- Moved Scan choices to settings
V10.5.4 03/12/2015
=================
- Added detections
- Added credits for translators (About)
- Now service scanner is aware of ServiceDll path
- Updated translations
- Now Premium registration email is trimmed (remove spaces before and after the email)
V10.5.3 03/10/2015
=================
- Fixed a bug in Path module where all shortened path were not properly expanded (Ex: LogMe~ => LogMeIn Rescue Applet)
V10.5.2 03/09/2015
=================
- PREMIUM: Technician License can now use portable config file
- Added Premium logo
- Fixed a bug when opening website
V10.5.1 03/05/2015
=================
- Using new licensing system
- Added detections
V10.5.0 03/01/2015
=================
- NEW! Now RogueKiller is available with an installer
- PREMIUM: Separate updater
- PREMIUM: Trial of 30 days per machine
- Added detections
- Fixed a crash in jansson library
V10.4.3 02/23/2015
=================
- Added detections
V10.4.2 02/23/2015
=================
- Added detections
V10.4.1 02/19/2015
=================
- Added detections
V10.4.0 02/18/2015
=================
- Uniformization of whitelists/blacklists (we dropped a lot of detections, this can lead to false positives...
...but they will be fixed as people report them)
- Fixed a bug in LNK signature detection
- Fixed a buf in Time module
- NEW! Better CLSID scanner
- NEW! Now MBR scanner is EFI compatible
- Updated italian translation
- Fixed a bug in Path module
V10.3.0 02/16/2015
=================
- Added detections
- New command line flag: -showlegithooks (Shows legit hooks that are normally hidden)
- Big improvements in the IAT hooks engine; Preparation of refactoring for the kernel hooks.
- Big improvements in Extension Checker module
- NEW! Arabic translation
- Updated translations
- Updated Yara engine to 3.3
V10.2.0 01/19/2015
=================
- Added detections
- Updated Italian translation
- Added German translation
- Added Chinese traditional translation
- Fixed a bug in Registry scanner where .DEFAULT hive is not scanned
- Added MBR signature for FinFisher
- Added MBR signature for TDL4
- Added MBR signature for Rovnix
- Fixed some bugs in MBR scanner
- Improved low level disk access library
- Added VBR (Volume Boot Record) scanner
V10.1.2 01/06/2015
=================
- Added detections
- Updated Spanish translation
- Added Italian translation
- Added hook signatures engine
V10.1.1 12/23/2014
=================
- Added detections
- PREMIUM: Added settings form
- PREMIUM: Added MBR Scan setting
- PREMIUM: Added Honey Scan setting
- PREMIUM: Added Antirootkit Scan setting
- PREMIUM: Added Open website setting
- Added Dutch translation
- Added Italian translation
- Added sanity check for website opening
V10.1.0 12/11/2014
=================
- Added detections
- Fixed mbamservice false positive
V10.0.9 12/08/2014
=================
- Fixed Xpaj false positive with DiskCryptor MBR
- Added DiskCryptor MBR signature
- Added detections
- TrueSight 1.0.4: Better shellcode module detection
- IAT Hooks: Better shellcode module detection
V10.0.8 11/20/2014
=================
- Added detections
- Fixed bug of processes not killed
- Now process memory is scanned before path scan
V10.0.7 11/20/2014
=================
- Now process pages are scanned for whitelist
- Updated Yara engine
- Added detections
- Reverted some command line to free version: -nodriver -nokill -nopop -nothirdparty
V10.0.6 11/12/2014
=================
- Fixed a bug in Process module (not enough rights to get process path)
- Fixed a bug in AV whitelist detection
- Added detections
V10.0.5 11/11/2014
=================
- Now AV processes are whitelisted
- Added language separator for "Your language here"
- Added Injected process heuristic detection
- Fixed bad Zeus signature
- More aggressive against Poweliks processes
- Added detections
- Updated links
V10.0.4 10/29/2014
=================
- Added link to translations in language menu
- Added Delay IAT in PE module
- Added Delay IAT hooks in antirootkit
- Now IAT hooks are printed to UI as they are scanned
- Removed ctfmon from sensitive processes
- Now detects Zeus variants
- Now informative texts are not elided
- Better choices (currency/amount) for Paypal form
- Removed unused resources
- Improvements in quarantine module
- Now DNS entries show country IP in text report
- PREMIUM: Added quarantine handler
- Added detections
V10.0.3 10/22/2014
=================
- New user-agent: Now sends extended vendor names for real time monitoring
- Added detections
V10.0.2 10/16/2014
=================
- Added detection of services hidden from SCM and from registry
- Dropped command line support in free version
- Removed EAT hooks (useless)
- Improved IAT hooks scanner (now scans all modules instead of main module)
- Fixed a bug in driver library (driver could not load under certain circumstances)
- Added Czech translation
- Added tooltip with detection level (for colorblind people)
- Added detections
V10.0.1 10/10/2014
=================
- Improvements in Process library
- Added COM integrity check to disable COM calls when server is corrupted (Poweliks)
- Fixed Poweliks rule
- Added detections
- Fixed Bug in registry module
- Fixed a bug in logging
V10.0.0 10/08/2014
=================
- Major UI changes
- Added support for future Premium version
- Added support for ShellIconOverlayIdentifiers and ShellServiceObjectDelayLoad keys
- Now CLSIDs are scanned for path and memory
- Added detections
V9.3.0 10/06/2014
=================
- New Rules engine. Easier to maintain, more robust.
- Fixed a lot of bugs in Scanner engines.
- Added detections
V9.2.13 09/25/2014
=================
- Fixed a bug in registry module introduced in 9.2.12
- Fixed a bug in process engine that forbids svchost processes to be killed
- Added detections
V9.2.12 09/23/2014
=================
- TrueSight: 1.0.3: Fixed a Kernel stack overflow leading to a BSoD
- Better handling of multistring registry value/key names (ZeroAccess/Poweliks)
- Added Poweliks detections
- Added detections
V9.2.11 09/18/2014
=================
- Added detection to new Poweliks variant
- Fixed a bug of infinite wait when COM objects are broken
V9.2.10 09/09/2014
=================
- Fixed a bug in Yara scanner
- Fixed a bug in language module
- Fixed a crash dump uploader (due to surlatoile.org move to https)
- Added service binary path in report
V9.2.9 09/01/2014
=================
- Updated Yara to 3.1.0
- Added detections
- Firefox PUM.HomePage is using domain whitelist
V9.2.8 08/15/2014
=================
- Added detections
V9.2.7 08/15/2014
=================
- Added scan of Search Page/Start Page for Internet Explorer
- Added scan of Start Page for Firefox
- TrueSight 1.0.2: Process Kill
- TrueSight 1.0.2: Registry key Kill
- TrueSight 1.0.2: File Kill
- RogueKiller: Implementation of new Truesight features
- RogueKillerCMD: Implementation of new Truesight features
V9.2.6 08/07/2014
=================
- Removed a ZeroAccess false detection
- Fixed a bug in registry module (introduced in 9.2.5)
V9.2.5 08/07/2014
=================
- Fixed a bug in registry module (poweliks/zeroaccess trick)
- Fixed a bug in command line parsing
- RogueKillerCMD: Added registry value/subkey removal by index
- Added detections
V9.2.4 07/24/2014
=================
- Added detections
- Added Key present rule
- Added Value data rule
- Updated Yara
- Fixed a bug in file search module
- Fixed a bug in honey file module
- Fixed string limit in path module
- RogueKillerCMD: Registry Kill
V9.2.3 07/14/2014
=================
- Fixed a bug in file module
- Added detections
V9.2.2 07/11/2014
=================
- Fixed a bug in task scanner
- Fixed a bug in path parser
- Fixed a bug in registry module
- Fixed a bug in install module
- Unknown MBRs are dumped in %programdata%/RogueKiller/Debug
- Added detections
V9.2.1 07/09/2014
=================
- Fixed a bug in logging
- Fixed unicode hosts file read/write
- Fixed empty hosts lines scan
- Truesight 1.0.1
- Truesight now suspends TDL4 threads before MBR fix
- Removed debug messages from Truesight
- Fixed pcalua detection in task scanner
- Added links
V9.2.0 07/07/2014
=================
- Truesight 1.0 (no more in beta)
- Truesight loads in X64
- Truesight rewriten from scratch (increased stability, code compatibility)
- Truesight now detects Filters (regular, reverse)
- Added detections
- Added translations
- Fixed regression about vendor url opening
- Fixed bug about duplicate registry entries on x86
V9.1.0 06/23/2014
=================
- Added detections
- Fixed a problem of ProgramFiles/ProgramFilesX86/ProgrameFilesW6432 var env parsing
- Binaries are now digitally signed.
- updated translations
V9.0.3 06/17/2014
=================
- Fixed encoding bug in quarantine handler
- Fixed crash window opening when no dump is available
- Fixed duplicated files in common startup folder on XP
- Detection of WinPE. Now LivePE/LiveUSB scan is faster and more accurate.
- Fixed reboot query
- Improved replacement method
- Fixed DNS whitelisting
- Added Zekos signatures
- Now file replacement engine looks for same file version before replacing.
- Fixed a bug in startup honey module
- Fixed a bug in mbr module
- Added detections
V9.0.2 06/04/2014
=================
- Fixed a bug in registry scanner
- Fixed a bug in Buffer lib
- Added chrome extensions removal
- Fixed service repair
- Added single instance mutex
- Fixed a bug when trying to quit
- Added detections
- Added Necurs link
- Added pathparser special rules (rundll32, wscript)
- Fixed a bug in file parsing
- Fixed a bug in Honey module
V9.0.1 06/02/2014
=================
- Fixed a bug in logging
- Fixed a bug in File lib
- Fixed a bug in GUI
- Optimizations in String parser
- Added detections
- Fixed a bug in addons detection
- Fixed a bug in forged file detection
- Fixed a bug in service scanner
- Now malware hooks are Orange
V9.0.0 05/29/2014
=================
- Fixed bugs