Jump to content

ESET Rogue Application Remover


TomFace

Recommended Posts

I just complete a run of ERARemover and it came back clean, however it showed a message about submitting a report to ESET which I have never seen before. It did not give me an option to do so at the time (in it's window).

So how should I proceed? Sorry I do not have a screen shot and was not able to reproduce it with subsequent ERAR runs. I did do a log collection (using ALL with ELC).

Edited by TomFace
Link to comment
Share on other sites

  • Administrators

ERAR is an obsolete tool which was useful at time of infamous LockScreens before the era of Filecoders that encrypt files. I will check if it's still available for download and we'll most likely remove it from download servers.

Link to comment
Share on other sites

Update 6.28.18 11:46EDT...apparently my results may have something to do with using my (new) VPN. I don't understand as I am in the USA and the VPN server I use is also in the USA. I am still learning about VPNs.^_^

I just re-ran ERAR and noticed that the internet was showing "inactive" at the beginning. Once I turned my VPN off, and tried ERAR again, I then got internet "active" and was also asked if I wanted to send the previous report to ESET Live Grid...which I did do.  I may have missed the "inactive" alert previously as I am pretty sure I had my VPN on.

Anyone have any thoughts on this? And is ERAR still a relative download? And what about the "warnings" that were indicated to me at the conclusion of running ELC? Should I be concerned and open a ticket up:unsure:?

Any input would be appreciated.:)

Edited by TomFace
date correction
Link to comment
Share on other sites

Out of curiosity, I just downloaded it. It appeared to run fine on Win 10 1803. Nothing found on my device.

I did get hit with a screen locker while browsing a few weeks back. In that instance, I just manually terminated the browser w/o interacting with the web page in any way.

I would just clear out the directory ERAR creates in %LocalAppData%\Temp, reboot, turn off your VPN, and then run the utility again and see if you get any warnings.

-EDIT- Also appears it creates a directory of rouge hashes, etc. it uses for comparison when scanning:

Eset_Rogue_1.thumb.png.820d7915c0c1d2275a5c4c29728c0940.png

Edited by itman
Link to comment
Share on other sites

Well, I just observed where using this utility could cause problems in Win 10 on non-Win 7 upgraded versions. It creates a service to load a kernel? driver efavdrv.sys from %LocalAppData%\Temp directory "on the fly."

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...