Hey Xplode,

I've been using this to nuke malware for a LONG time, and I'd like to thank you for the time and energy you put into this. Is there any chance you can whitelist Kaseya software in your process killer so that remote techs don't lose connection while running this? The directories it runs from are below:

"%programfiles(x86)%\Kaseya Remote Control"

"%programfiles%\Kaseya Remote Control"

"%programfiles%\KaseyaAgent\{AGENTGUID}\"

Re: ADWCleaner Kills Kaseya

Hello,

Can you provide me with the processes name instead of the directories ?

Regards,

Re: ADWCleaner Kills Kaseya

C:\Program Files\KaseyaAgent\{GUID}\AgentMon.exe

C:\Program Files\KaseyaAgent\{GUID}\curl.exe

C:\Program Files\KaseyaAgent\{GUID}\DLLRunner32.exe

C:\Program Files\KaseyaAgent\{GUID}\DLLRunner64.exe

C:\Program Files\KaseyaAgent\{GUID}\KASetup.exe

C:\Program Files\KaseyaAgent\{GUID}\Kaseya.AgentEndpoint.exe

C:\Program Files\KaseyaAgent\{GUID}\KaseyaRemoteControlHost.exe

C:\Program Files\KaseyaAgent\{GUID}\KaUsrTsk.exe

C:\Program Files\KaseyaAgent\{GUID}\KDLLHost.exe

C:\Program Files\KaseyaAgent\{GUID}\kGetELMg64.exe

C:\Program Files\KaseyaAgent\{GUID}\KPrtPng.exe

C:\Program Files\KaseyaAgent\{GUID}\drivers\DemoForge\MirrInst32.exe

C:\Program Files\KaseyaAgent\{GUID}\drivers\DemoForge\MirrInst64.exe

C:\Program Files\KaseyaAgent\{GUID}\extensions\Lua.exe

C:\Program Files\Kaseya Remote Control\Kaseya Remote Control.exe

C:\Program Files\Kaseya Remote Control\Kaseya.AdminEndpoint.exe

C:\Program Files\Kaseya Remote Control\DirectX 9.0c\DXSETUP.exe

C:\Program Files (x86)\Kaseya Remote Control\Kaseya Remote Control.exe

C:\Program Files (x86)\Kaseya Remote Control\Kaseya.AdminEndpoint.exe

C:\Program Files (x86)\Kaseya Remote Control\DirectX 9.0c\DXSETUP.exe

Re: ADWCleaner Kills Kaseya

Can you tell me if it's ok now ?

Re: ADWCleaner Kills Kaseya

Hi Xplode, sorry for dropping off the map like that. Life has been crazy.

Kaseya changed their paths; here's their current paths (I included our GUID, but other companies will have a different one):

C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\AgentMon.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\curl.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\DLLRunner32.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\DLLRunner64.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\KasAVSrv.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\KASetup.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\Kaseya.AgentEndpoint.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\KaseyaRemoteControlHost.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\KaUpdHlp.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\KaUsrTsk.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\KDLLHost.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\kGetELMg64.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\KPrtPng.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\LiveConnect.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\LogFileCleaner.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\Backup\KaseyaBackupCmd.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\Backup\KaseyaBackupLocalUI.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\DesktopAccess\KtvnServer.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\drivers\DemoForge\MirrInst32.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\drivers\DemoForge\MirrInst64.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\Endpoint\KaseyaCommandShellProxy.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\Endpoint\KaseyaEndpoint.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\Endpoint\KaseyaRemoteControlHost.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\Endpoint\KaseyaTaskRunnerx64.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\Endpoint\KaseyaTaskRunnerx86.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\ExtDlls\LiveConnectTaskRunner.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\ExtDlls\SAS.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\ExtDlls\SessionInfo.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\ExtDlls\ThumbnailCapture.exe
C:\Program Files (x86)\Kaseya\KRNSNC47953309850771\extensions\Lua.exe

Could you let me know when this gets updated and I'll get back to you quicker? :)

Re: ADWCleaner Kills Kaseya

Hello,

@Overkill:

It should be better with the latest definitions. Can you confirm ?

Best regards,

Re: ADWCleaner Kills Kaseya

It looks like it was fine, however running ADWCleaner caused the PC to lock up entirely, requiring a hard reboot.

I have seen this happen when user folders such as Documents/Desktop are redirected to a server or DFS namespace, such as \\domain.local\users\username\desktop, but this person had no such redirect as they have no server.

They might have a mapped drive to their NAS, but no folder redirection to it.

Any thoughts?

Re: ADWCleaner Kills Kaseya

Hello,

Ok. I'll dig deeper in this direction, it's something that should be improved with the second CLI release (not the coming one, but the one after).

Sorry for the inconvenience, but thanks for the feedback,

Re: ADWCleaner Kills Kaseya

No problem! I appreciate all the work you guys do on this for the community! ADWCleaner beats a LOT of paid programs :)

I'll go ahead and kill the items manually for now, and I'll keep an eye out for new releases!

I'm happy to help in any way I can; code review, testing, etc. Let me know if I can help!