ESET Rogue Applications Remover Detects Active Rogues

If you are regular to my site, you must have read about Remove Fake Antivirus and McAfee Stringer which are specialized tools to remove rogue anti-spyware, registry cleaners etc. ESET Rogue Applications Remover (ERAR) is the newest entry in the list of such specialized tools.
… intended for detecting and removing rogue applications as well as reverting changes made by the rogue applications to the registry. By design, ERAR focuses mostly on rogue applications that affect the operating system in a negative way and that are difficult to remove by our products.

Features & Specifications
  • Separate installer for x64 and x86, digitally signed by ESET, spol. s r.o.
  • After executing it asks you to accept the agreement. You are required to run it with Administrative rights.
  • It starts scanning in command-line just after accepting the license agreement.
  • It actually extracts an executable in the temp directory named after a system file with appropriate icon like csrss.exe, services.exe, winlogon.exe. This helps to fight against rogues that kills any executable that tries to launch.
  • It detects any critical registry modifications and automatically repairs it.
At Scan Start
  • The process also has self protection for unwanted termination by malware.
  • It only detects active rogues.
  • If no infection is found scan finishes quickly.
When No Infection was found
  • If it finds any infection, it immediately kills the process and asks the user to clean all registry entries associated with that process.
Detects an infection and kills its process
  • It then a proceeds with a through scan of all drives for any files associated with that malware. Upon finding any such file, ERAR asks the user to remove it.
Thorough Scan after Infection Detection
  • After cleaning all infections it again performs a short post-infection cleanup and then asks the user to submit the report to ESET Live Grid for the improvement of its detection.
  • Next You will get recommendation to reboot your system for proper removal of the infection and asks to open ESET webpage at end.
Submitting Report to ESET Live Grid
  • Throughout the scanning and cleaning process it is low to moderate in resource usage.
Resource Usage
  • The software can be solely from command prompt. It supports the some switches to customize its function.
Command-Line Switches

My Verdict
  • Nice to see big companies like ESET become more responsive of rogue threats and have released such a nice tool. Historically antivirus companies used to be reluctant in detecting rogues which rarely have any malicious activity other than tricking the user to buy their useless ‘product’.
  • Although the lack of a GUI may dishearten some users but this tool has its power as a command line tool. In spite of being a command line tool it is easy to launch and follow instructions.
  • I like the way it combats the situation. It is properly designed for the prime time. Extracting in a temp directory, taking system file name and icon, self protection while in action; all is very important in fighting with nasties.
  • Some may argue that killing any suspected process is bad because it may cause damage in case of false positives, but it only kills the process and asks before deleting its files and associated registry entries. Anyway I would recommend making a system restore point before using the software.
  • The software made a false positive in my system with MCShield. In my opinion ERAR uses its own heuristics and with added query from its database for the detection purpose. False Positives may happen due to the heuristic engine. MCShield is a less known anti-malware, which could be a reason why it has been detected. MCShield is not detected by ESET Antivirus engines though.
  • ERAR can detect actual rogues. It successfully detected and cleaned a system infected with a nasty rogue.
Detection of Actual Rogues (Courtesy Janus)
  • ESET is a reputable company and so you can trust it in that it will not send your sensitive information to ESET Live Grid. Sending data to them is an essential part of the improvement of the software.
Download
Current Version is 1.0.1.0 [May 17, 2012]
Executable for x86 (32 bit)
http://download.eset.com/special/ERARemover_x86.exe [1911 Kb]

CRC-32: 57d0602a
MD4: 3c8840782b18ddfdd642f90c90142fd8
MD5: bd316c085f804922f03c7325cfa8ccd6
SHA-1: 657e9328597f4dd8638f809828b4f1ab2919f2c9

Executable for x64 (64 bit)
http://download.eset.com/special/ERARemover_x64.exe

CRC-32: af96d139
MD4: fdbf086c0b7b405f0e40e0991b83200a
MD5: f4a37ca0be2fc8940aac88f34db34a7f
SHA-1: 162458b114899ad0bd10d17bffb5d2a2cb939cbb

Cheers !!

Leave a Reply

Your email address will not be published. Required fields are marked *