Couple questions about RougueKiller

Hi!

I couldn't find any good documentation about this program so I want to ask following questions:

After the scan I deleted some hj desk registry keys, but later found out that they might have been false positives. Could I have harmed the system by deleting them?

And what exactly does "repair services" do? I clicked it before researching it...
http://forums.majorgeeks.com/images/smilies/confused.gif

 

For documentation on RogueKiller refer to http://tigzyrk.blogspot.fr/2012/11/en-roguekiller-official-tutorial.html

Not with any of the suspicious HJ entries that I've seen RK detect. If you've still got the RK_Quarantine directory on your desktop, there should be a backup of the deleted registry items.

Repair services would replace the typical service entries deleted by a ZeroAccess infection. So if the service entries are present in the registry, then RK would do nothing.

 

Thank you! Yes, I have the backup of two registry keys:
HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{20D04FE0-0
HKEY_LOCAL_MACHINE_Software_Microsoft_Windows_CurrentVersion_Explorer_HideDesktopIcons_NewStartPanel_{59031a47-0

I was using RKiller to find and remove registry entries caused by adware called bunndleoffermanager.dll, but it seems these two are unrelated to the adware.

 

Code:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000001
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=dword:00000001

Yes, both those entries are false positives so you can safely restore them.

Have you removed bunndleoffermanager.dll and are just looking as to whether any remnants of it remain?
If that is the case, try running Junkware Removal Tool.

 

Thanks!

Yeah, I deleted the dll file itself in the Safe Mode, and used the RKiller to find registry entries, but it found only the two aforementioned ones. I will try this tool now. Thank you!