Rkill - Terminate Active Malware Processes - Technibble (2024)

Table of Contents
Screenshots: Downloads: FAQs
  • 01/14/2010
  • 133COMMENTS

The malware world is changing. It’s getting smarter.

In fact, some infections will detect that you have launched an anti-malware tool such as MalwareBytes and close it down as soon as you open it, which makes your job much harder. This is the exact situation Rkill is designed for.

Rkill is a small, freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by a Microsoft MVP “Lawrence Abrams” and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file.
The reason why Rkill comes in 4 different versions is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem.

I tested this tool on a virtual machine which I had infected with a fake antivirus and Rkill killed the malicious processes without any problems. Of course, I then had to delete the malicious files manually as this is not a malware removal tool, but a malware process killing tool. It just stops the malware from running right now, allowing you work your computer technician magic.

Edit: Looks like we are lucky enough to have the creator of this, Lawrence Abrams with us to explain what Rkill does in greater detail.

First, the program was designed for the use in my malware removal guides so that I can have a tool that is easy to use and kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that we can use the normal anti-malware program to their job.

So in summary rkill just kills processes, imports a reg file that restores HKEY_CLASSES_ROOT\exefile\shell\open\command, removes policies that disable regedit, taskmgr, hides your desktop icons, etc, and removes a key used by a malware protection process. Then it kills explorer so it will restart and enable some of the reg changes. Other than what is listed above, it does nothing else. It does not create a report, because this tool was not made to be fancy but made made to help novice users remove malware through my guides. Maybe in the future I will include a report of what it has killed. It is not a priority though right now.

His comment number is #21 for the full information.

Additionally, due to time restraints the creator of it cannot support RKill on any site other than his site BleepingComputer. Its just too difficult to support multiple topics on multiple sites at the same time. So, he has created a single forum thread on his site for supporting RKill. If you need any Rkill support, please visit this thread. Comments will be closed here on Technibble.

Screenshots:

Rkill - Terminate Active Malware Processes - Technibble (1)

Downloads:

rkill.exe – Download from BleepingComputer.com – 257kb

Special thanks to the Technibble forum member Galdorf for recommending this one.

Related Posts

13 Sep, 2018Microsoft Script Center – Powershell Script Archive for Techs07 Aug, 2018What are the Best Automated Windows Repair Tools?02 May, 2017The Mac Utilities Every Tech Should Know and Use
  • Rkill - Terminate Active Malware Processes - Technibble (2)Andy says:

    01/14/2010 at 11:59

    This is just what I needed for the Security Tool and Antivirus 2009 malware that commonly infects computers, which prevents you from running and/or installing and AV software. Hope it works :)

  • Rkill - Terminate Active Malware Processes - Technibble (3)Joe Spaventa says:

    01/14/2010 at 08:51

    This looks like a very usefull tool. I cannot wait to test it out! Thanks for the upload!!

  • Rkill - Terminate Active Malware Processes - Technibble (4)joe says:

    01/14/2010 at 12:19

    rkill.pif download triggers an antivirus response.

    Comments please.

  • Rkill - Terminate Active Malware Processes - Technibble (5)shawn says:

    01/14/2010 at 13:28

    Sonicwall Gateway Antivirus flags these downloads as a Trojan..

  • Rkill - Terminate Active Malware Processes - Technibble (6)Codah NiNi says:

    01/14/2010 at 13:36

    False positive. It’s just because of how the program works.

  • Rkill - Terminate Active Malware Processes - Technibble (7)joe says:

    01/14/2010 at 14:20

    Mr Whitty,

    Can you vouch for these programs and assure us that these are false positives. Your input would be quite valuable.
    Thank you.

  • Rkill - Terminate Active Malware Processes - Technibble (8)Jim Boyd says:

    01/14/2010 at 16:55

    I dont trust anything that kills processes without giving me a list of exactly what if has found and shutdown. This thing just does its thing and leaves you completely in the dark.

    It also does a number on any software if find that stores activation information/serials in a .dll like battery bar and certain Adobe products….and yes these were LEGIT installs.

  • Rkill - Terminate Active Malware Processes - Technibble (9)Dan says:

    01/15/2010 at 09:09

    I had cause to use this for the first time just this week. Does what it says on the tin, and helped me out with getting rid of “Personal Security”.

    Like others, I agree that v2 could do with some sort of report though…

  • Rkill - Terminate Active Malware Processes - Technibble (10)shawn says:

    01/14/2010 at 18:04

    Agreed. The user should have more control over what it is doing, or at least have more of a report.

  • Rkill - Terminate Active Malware Processes - Technibble (11)Bryce W says:

    01/14/2010 at 18:10

    Virus total report: http://www.virustotal.com/analisis/1f3ba67a7af7732dca5ea3829810859010335d2f2ff4981903382131e1caac93-1263500748

    Look at the threat names of the few that report it “FakeAlert” and “LooksLike.win32.trojan”.

    I tested this on my virtual machine and it did as it says on the box. As you guys have said though, a report would be nice.

    Some technicians have been using it on the forums too: https://www.technibble.com/forums/showthread.php?t=12371

    While this application doesnt have it own site, it is from BleepingComputer which is one of the most trusted virus removal forums out there. Its not hard to make a pretty site for an application, but it is hard to be backed by such a respected site.

    Still, If you don’t feel comfortable using it, don’t use it. Its your choice.

  • Rkill - Terminate Active Malware Processes - Technibble (12)Tom Sparks says:

    01/15/2010 at 11:54

    But aren’t we talking about just a temporary process kill that gives the technician the opportunity to remove the virus? If it had accidentally terminated something it shouldn’t have wouldn’t that be restored at reboot? It seems that this would calm the concerns mentioned here. Am I correct in these assumptions?

  • Rkill - Terminate Active Malware Processes - Technibble (13)Jim Boyd says:

    01/14/2010 at 22:11

    At best this thing should only be used in a last resort scenario…unless you just like running through mine fields blindfolded….

    BleepingComputer is no more reputable than any other public forum and as such they do recommend a stinker now an then….this is one of them

  • Rkill - Terminate Active Malware Processes - Technibble (14)Chad F says:

    01/15/2010 at 06:50

    Rkill works like a charm when nothing else was working… had 2 different PCs I cleaned for friends this weekend that both had Internet Security 2010… Only way I could get to the cleaning process was to first run rkill.com (I tried the rkill.exe but it didn’t show anything…virus was blocking it…also task manager was disabled and even with registry trick couldn’t take back control of it…it was truly nasty)

    Anyways, I’ve added Rkill to my thumb drive toolkit as it’s now a must have for me to get rid of the newer spyware/malware…

    Oh and Jim Boyd, why all the hate for Rkill? You just seem to be trying to tell everyone how evil Rkill is, but in fact it’s extremely helpful to the people that have to deal with spyware infected PCs on a day to day basis…

  • Rkill - Terminate Active Malware Processes - Technibble (15)Tech.31003 says:

    01/15/2010 at 09:07

    Just like Chad F, I have recently used rkill.exe to remove Security Tool from 3 different computers: (1) a friend’s, (2) my sister’s, and (3) my brother-in-law’s.

    I booted the computers in safe mode, ran rkill.exe, installed and ran Malwarebytes, and manually checked for any Security Tool related items. I found this tool very valuable.

    Perhaps the reason why it triggers antivirus responses is because it “kills processes” – same behavior that most malware possesses.

  • Rkill - Terminate Active Malware Processes - Technibble (16)joe says:

    01/15/2010 at 15:53

    Mr Whitty, Thank you for your input.

    It cleared up any questions.

  • Rkill - Terminate Active Malware Processes - Technibble (17)tekgeek says:

    01/15/2010 at 19:42

    tom sparks you are correct there….

    its just killing the process like you would close any program down and
    doing a reboot will bring it back up

    doing a Ctrl-Alt-Del will bring up
    the windows task manager where you
    can view processes and click the
    little button at the bottom and end
    any process which is the same thing

    most of the people here that are complaining act like killing it is like uninstalling or deleting the file

    maybe it should have been named
    rEND.exe to keep people from getting
    all excited about it

  • Rkill - Terminate Active Malware Processes - Technibble (18)V says:

    01/16/2010 at 03:20

    Like Chad F says This program works great. I had to remove the Antivirus 2010 malware from someones machine and I did use rkill. Antivirus 2010 now digs deeper into your machine and makes you think everything is a virus. Once the malware is running it flags even the smallest programs as a virus. I was going to try to take screen shots on the infected computer to show people what they had but the malware even flagged the MS Paint program as a virus. Once rKill did it’s job I could proceed with the removal be it manually or with a program such as malwarebytes.

    Some notes, like another user stated any process this program does kill gets restarted on next bootup. Even if it kills a process you do not want killed it should not matter during malware removal as the point is to be able to clean the machine not to use it at that time.

    One thing about rKill though and is stated in instructions I read somewhere Antivirus 2010 and others may flag it as a virus, this warning is from the malware not your real antivirus in most cases and if from your real antiviurs is most likely a false positive.

    You get the warning about rKill because the malware don’t want you to use it to kill the malware processes, if you do get a warning rKill will be shut down. Just ignore any messages and run rKill again and again until it kills all necessary processes and ends on it’s own successfully.

    As a final note. I have done 2 machines with the same issue using rKill and malwarebytes, both machines were done 4 to 6 weeks ago, encouraged the owners to purchase the pro version of malwarebytes, both machines are working just fine and have not been reinfected.

    Yes I was a bit worried to test rKill but at the time it was a risk worth taking. Glad I did.

  • Rkill - Terminate Active Malware Processes - Technibble (19)V says:

    01/16/2010 at 04:00

    Let me make a small edit to my last post. When I spoke of Antivirus 2010 I ment to say Antivirus System Pro not that there is much difference in the two but there is a difference.

    Just thought I would bring it up my self instead of someone crushing me for a momentary memory coffee break.

  • Rkill - Terminate Active Malware Processes - Technibble (20)bob says:

    01/16/2010 at 10:08

    this one is kinda strange, you don’t know what it is doing. I feel it’s ok to use on my personal computer but what about a customer’s computer?

    But I guess when a customer comes in and their pc is totally messed up with malware they just want it fixed. Sometimes it’s so bad I just call and tell them it’s better to reformat the drive and reinstall windows, so before I do that I can run Rkill.

  • Rkill - Terminate Active Malware Processes - Technibble (21)bob says:

    01/16/2010 at 10:11

    what I’m saying is I guess it can’t do anymore harm.

  • 01/16/2010 at 13:04

    Hi All,

    My name is Lawrence Abrams and I am the creator of the rkill tool and the owner of BleepingComputer.com. I was notified of this article and wanted to give some information about the tool and clear up some wrong information being provided by a certain commenter.

    First, the program was designed for the use in my malware removal guides so that I can have a tool that is easy to use and kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that we can use the normal anti-malware program to their job.

    So in summary rkill just kills processes, imports a reg file that restores HKEY_CLASSES_ROOT\exefile\shell\open\command, removes policies that disable regedit, taskmgr, hides your desktop icons, etc, and removes a key used by a malware protection process. Then it kills explorer so it will restart and enable some of the reg changes. Other than what is listed above, it does nothing else. It does not create a report, because this tool was not made to be fancy but made made to help novice users remove malware through my guides. Maybe in the future I will include a report of what it has killed. It is not a priority though right now.

    Now let us discuss the comments left by Jim Boyd, who seems to have taken a strong dislike to this tool for some reason:

    1. “It also does a number on any software if find that stores activation information/serials in a .dll like battery bar and certain Adobe products….and yes these were LEGIT installs.”

    This is entirely inaccurate. As stated, this program only kills processes. It used to delete specific Windows Police Pro malware files, but I had removed that. If a process is terminated by rkill as an FP, then a reboot will fix it. Not sure where his claims stem from, but they are false.

    2. “At best this thing should only be used in a last resort scenario…unless you just like running through mine fields blindfolded…. BleepingComputer is no more reputable than any other public forum and as such they do recommend a stinker now an then….this is one of them”

    Not sure how terminating processes that wil be started again on a reboot is running through a mine field. I think you need to do a little more due dilligence on a program before making such comments. As for BleepingComputer.com, which is much more than just forums, myself and the staff at BleepingComputer.com work incredibly hard to give our users safe and reliable information on how to fix problems and secure their computers. We monitor the forums so that there are no hot links to malware, remove email addresses that users post, and provide warnings when people instruct members to perform acts that could be deemed risky. So, yes I think the BleepingComputer.com forums are very reputable and I will stand behind that statement in every way. Regardless, this tool is not promoted in the forums. Its primary use is in the malware removal guides which are not publicly posted by our members, but at this time, only me.

    As for why it was called rkill, well the app was designed to kill rogue processes and the malware that protects them.

    Hope this clears up any misconceptions that people may have had or that have been promoted via certain commenters.

    Lawrence Abrams (Grinler)
    BleepingComputer.com
    http://www.bleepingcomputer.com/

  • Rkill - Terminate Active Malware Processes - Technibble (23)bob says:

    01/17/2010 at 18:33

    when I ran it my screen went black for a few seconds. I don’t mind using us on my own pc but a little uneasy to use it on a customer’s pc.

    I wish it would tell us what processes it’s killing.

  • 01/17/2010 at 20:49

    Yesterday, I had posted a detailed explanation as to what Rkill does, why it is named what it is, etc. For some reason that comment has not been approved at the time of this writing (1/17/10 8:36 PM EST). I also sent an email to news@technibble.com asking about this but received an error stating that the email does not exist. If my previous comment is approved then you will know exactly what rkill does.

    As for your statements Jim Boyd:

    “And for the record…I have a PHD in Computer forensics and that more than qualifies me to comment on this thing.”

    If what you say is true then you should be able to see that rkill in fact has no possible way to affect any of the programs installed on your computer. It does not delete anything, though it had at one point killed some windows police pro files, fixes some basic reg keys, and terminates processes. Rebooting will resolve any issues that occur from running the program. So your statement that rkill affects programs is entirely false.

    “Frankly, Im shocked Bryce allows this name calling rubbish to remain on this site…definitely NOT a good reflection on his professionalism either..”

    The fact that you make entirely false statements is not a good reflection on your either.

    I hope that the staff of Technibble will approve my previous comment so you can find out exactly what rkill does and so I can provide accurate information for the tool.

    Lawrence Abrams
    BleepingComputer.com

  • Rkill - Terminate Active Malware Processes - Technibble (25)mindydee113 says:

    01/18/2010 at 13:19

    does rkill install anything else onto your computer along with it? i had a nasty malware i had a hard time getting rid of. i came across a bleepingcomputer site with instructions how to get rid of problem. this was so very helpful and did the trick. this is how i came across info about rkill. i am grateful to have found out about it. i am what you would call a tech novice and the rkill and bleepingcomputer instructions are what someone like me needed to take care of problem and save money. i do not want to have to pay somebody else every time a virus pops up. my only question is this, after the virus was gone there is two shortcuts left over on my desktop. one is called “pev.exe” and the other is “ncmd.cfxxe”. i have no idea what these are and am coming up short in researching them. did rkill put them there when i downloaded it, or could it be left over from the virus? help, anybody? thanks!

  • 01/18/2010 at 17:51

    MindyDee, those 3 files can be deleted. They were extracted by the program when it runs, and as the rogue terminated it, they were left behind. Now that your infection is gone, you can just run rkill again to delete the files or delete them manually.

  • Rkill - Terminate Active Malware Processes - Technibble (27)ing10 says:

    01/18/2010 at 21:15

    Got the same problem as mindydee113 BUT rkill in safe mode network not working, and in safe mode the black little window comes up and then quickly disappears, then nothing…. From my usb key; copy rkill.com to safe mode desktop, for a second three icons left on desktop comes up (pev.exe, ncmd.cfxxe and rkill with blue bubbles) but disappear in 2 sec. Why? And then my screen jumps to the previous black screen safe mode ( with no icons on there) and warning comes up saying “Windows running in safe mode….. and if I want to proceed to work in Safe Mode click yes. If you prefer to use SYSTEM RESTORE to restore your computer to previous state click No.” When I answer no, I go back to safe mode desktop and if I quickly double click rkill.com again, then click “bubble” rkill icon, then it comes up if I want to Add rkill.reg to the Registry? Why is it not working? Struggling since yday to get Antivirus Live off my laptop. Any suggestions please?!? Should I move-on to Malewarebytes… link?

  • Rkill - Terminate Active Malware Processes - Technibble (28)Jim Boyd says:

    01/18/2010 at 22:15

    I see that dispite Bryce’s best efforts….children still make it through the cracks.

  • Rkill - Terminate Active Malware Processes - Technibble (29)Jim Boyd says:

    01/18/2010 at 22:19

    How sad that sites like this get ruined by illiterates who lack the creativity and intelligence to respond to anything with the need to resort to school yard name calling…

  • 01/19/2010 at 08:27

    ing10, exe stopping malware will attempt to terminate rkill. When this happens the black window will appear for a second or two before it is killed by the malware. In situations like this you need to just keep running rkill over and over till it finally catches and the malware can’t stop it fast enough. It should then run and kill the malware process allowing you to run your traditional anti-malware program.

  • Rkill - Terminate Active Malware Processes - Technibble (31)Róisín says:

    01/19/2010 at 16:26

    Hi Lawrence,

    Your input is very much appreciated – I’m finding it very helping. I do have one quick question. When I run rkill, a pop up box appears that tells “Can not create some of your include files. pev.exe. Continue” I’d really appreciate any help. Also, don’t know if you’re aware but rkill, in Irish Gaelic, sounds like the word for “graveyard”. Kinda apt, I think! :)

  • 01/19/2010 at 17:19

    Hi Róisín, I did not know that about the Irish Gaelic translation, but do like it :)

    When you run it, make sure you running it in a location you have perms to create files. It will extract 3 files when it runs, so it needs write permissions to that folder.

  • Rkill - Terminate Active Malware Processes - Technibble (33)V says:

    01/19/2010 at 23:17

    Lawrence, as stated eariler I successfully used your tool but since there is not a lot of information can you please clear up one thing for me and the rest of us? Is this a program that will need a new version on a regular basis or once we have it will it be something we should just hold onto as is?

    Thanks

  • Rkill - Terminate Active Malware Processes - Technibble (34)Nerds says:

    01/20/2010 at 11:12

    Wow! Hey Jim can’t you take a positive view on this. They are nice enough to publish a ” HELPER ” tool and you are acting as if you paid money for it. Go back to offering DBAN as a solution and leave the work to those of us that want a real solution.

  • 01/20/2010 at 12:31

    V, this is updated almost every day. Whenever a new rogues or malware that stops us from running our security programs is released I update the rkill program.

  • Rkill - Terminate Active Malware Processes - Technibble (36)Lechuga says:

    01/20/2010 at 18:34

    Hi I’m having the same problem as ing10. When I run the program I can see three shortcuts appear on my desktop and then it immediately exits and tells me about safe-mode and whatnot. I’ve been trying to run the program over and over but every time it is killed. I know this is probably and idiotic question but when the thing about safe-mode appears does it matter if I click yes or no? When I click no Windows brings up some system restore thing. I have no idea what I’m doing so any help would be appreciated. Thanks!

  • 01/20/2010 at 19:26

    Not sure what you mean by safe mode. There is nothing in the tool that states safe mode.

  • Rkill - Terminate Active Malware Processes - Technibble (38)smook_da_only says:

    01/21/2010 at 16:02

    Lawrence, thanks for rkill. I was infected by Antivirus Live two days ago, and I think it’s now completely fixed. It should be clear to just about everyone that “Jim Boyd” has no idea what he’s talking about.

    Also, Lechuga’s comment above means that, when you run rkill in safe mode, as soon as it finishes, it seems to quickly reboot directly back into safe mode, and then a message appears saying “Windows running in safe mode…want to proceed to work in Safe Mode click yes. If you prefer to use SYSTEM RESTORE to restore your computer to previous state click No.”

    I clicked yes everytime, and I ran rkill about 6-7 times, just to be sure. Then I ran a Malwarebytes scan three times. Everything seems to be running fine now. Much appreciated.

  • Rkill - Terminate Active Malware Processes - Technibble (39)Heather says:

    01/21/2010 at 20:12

    I am trying to run rkill before I run Malwarebytes. My computer is in safe mode. About how long does it take for rkill run?

  • 01/21/2010 at 20:56

    Rkill should take about a 1 minute or 2 to run. If a malware kills it, it will run for a second.

    About safe mode, the reason that message pops up is that explorer is being killed at the end of rkill. Windows will restart explorer and display that message.

  • Rkill - Terminate Active Malware Processes - Technibble (41)John says:

    01/22/2010 at 14:05

    So, I have a quick question. How long should Rkill take to run? Mine has been up for at least 10 minutes now. Does that mean I need to close it and run it again because it didn’t get all processes? Or should I just leave it until it is “done”? I haven’t seen a done message and I don’t know if it even shows a “done” message. How do you know when it’s finished as mine seems to never go away.

    Thanks! This seems like a really neat and quick program.

  • Rkill - Terminate Active Malware Processes - Technibble (42)John says:

    01/22/2010 at 14:07

    Oh, and I just saw the post above saying it should take a minute or two to run, but what do you do if it’s been running longer? Just let it go? Or close it and run it again?

    Thanks!

  • Rkill - Terminate Active Malware Processes - Technibble (43)rally says:

    01/22/2010 at 17:02

    I have the same question as John — if rkill has been running for a good 15 minutes and still doesn’t turn off on its own, what should I do?
    Thanks!

  • Rkill - Terminate Active Malware Processes - Technibble (44)Stephanie says:

    01/23/2010 at 22:56

    Before running Malwarebytes I ran the rkill aplication. Which worked perfectly. After about a min all the popups disappeared. After about 10 mins of running Malwarebytes my laptop shut itself down. I received a warning saying “This shutdown was initiated by NT AUTHORITY\SYSTEM….”. After turning my laptop back on and restarting the entire process,when trying to run rkill I received the “application can not be executed.The file is infected. Please activate your antivirus software” message, which would close it.I was wondering if there is any way around this error?

  • Rkill - Terminate Active Malware Processes - Technibble (45)Ron Bruce says:

    01/26/2010 at 15:01

    Somehow I ended up with a Malwawre program that constantly kept directing me to a Website to purchase Internet Security 2010, which I never did. It claimed that my computer was infected with Virus and Malware. It also keep asking me if I want to compress my Outlook Express email messages to save Disc space. Since I don’t use Outlook Express and my hard drive was only 1/4th full, I knew that was a trick to gain control over my email addresses.

    The other problems I ran into was that my Malware remover, “Spyware Dectector 2010” keep showing a window saying that my last scan was not completed, start over. This would put me in an endless loop and nothing was ever deleted. Also, my Norton 360 was not working and wouldn’t allow me to access it. Live Chat with the Techs at Spyware Detector helped me to get it working correctly with a new DL and updated DB, but it still couldn’t get rid or 3 certain Malwares, until I DL “Rkill.pif” and ran it. On a re-boot, I had no more malwares or aledged virsus. Now, if I get my Norton 360 fixed I should be okay. Thanks to Lawrence Abrams for such a little program to help me fix big problems.

  • 01/27/2010 at 13:44

    John/Rally, if its still open for 15 minutes then you should just close the window. Wont cause any harm.

  • Rkill - Terminate Active Malware Processes - Technibble (47)Paul says:

    01/29/2010 at 00:35

    ” imports a reg file that restores HKEY_CLASSES_ROOT\exefile\shell\open\command, removes policies that disable regedit, taskmgr, hides your desktop icons, etc”

    Makes it worth every penny. :)

    Personally, I always boot from a live CD (UBCD4Win) and manually check the registry for infections (startup, userinit, shell, etc), remove temp files, and scan system folders for bad guys (just sort by date and look for most recently modified files and check em out). Also check out AppData folders and program files and delete known trojan entries.

    After that you should be able to boot to SM and install MBAM, etc..

  • Rkill - Terminate Active Malware Processes - Technibble (48)LJ says:

    01/29/2010 at 10:31

    Spyware is the scourge of the computing world. Rkill terminates the running processes, letting you run Malwarebytes or SAS to remove the infection.

    It’s quick, it’s easy and it works!

    Thanks Lawrence Abrams you and BleepingComputer.com are valuable and assets.

  • Rkill - Terminate Active Malware Processes - Technibble (49)Merlyn says:

    01/31/2010 at 18:01

    I have tried to run rkill >200 times including opening it 20 times simultaneously, but I can’t get it to run. Any other tricks I can use? Thanks!

  • Rkill - Terminate Active Malware Processes - Technibble (50)RealityChecker says:

    01/31/2010 at 20:16

    This tool rocks! I’ve been getting clients with the “Antivirus Live” infection: this vicious bug stops ALL programs from running except it’s $49.99 “cure” popups. Even in Safe Mode. It also blocks all internet access, so I could not even run my portable malware removers from my flash drive – even if I could find a way to get them to run.

    Used Rkill: ran combofix, then installed Malwarebytes to finish the clean-up. The B@st@rd is gone!

    Thanks!

  • Rkill - Terminate Active Malware Processes - Technibble (51)Astargoth says:

    02/01/2010 at 01:43

    Lawrence,
    I first heard form this tool from bleepincomputer.com however it didn’t work the first time (Malwarebytes could not find any infected files). It wasn’t until I found this page that I learned that are actually four versions of rkill (bleeping computer only lits the .com version) and I was finally able to stop the infected process and remove it with malwarebytes.
    Overall the tool worked like a charm, but I could save some time if I had knew about all the different versions right away (now I’m keeping a copy of all four).

    Regards

  • 02/01/2010 at 22:29

    this program will not harm your computer. If you think it will then you need to look up the difference between a process and a program..there seems to be some confusion…lol

  • 02/02/2010 at 11:52

    Just a heads up that I have changed the program significantly. I modified it so that it runs much quicker, from about 50 seconds to about 10.

    It also creates a log file as was requested by many users. Please note that the log file will show all processes terminated during the time that rkill is running, so if you close a program manually it will show in the list as well.

    Hope this helps!

  • Rkill - Terminate Active Malware Processes - Technibble (54)Merlyn says:

    02/02/2010 at 14:45

    Where can we download the new files? Thanks for your hard work!

  • Rkill - Terminate Active Malware Processes - Technibble (55)V says:

    02/03/2010 at 05:22

    Lawrence, Thanks for the reply about the tool being updated on a near daily basis. The tool works well and maybe for those that it does not work on maybe they have additional bad programs that rKill just does not know about yet therefor causing rKill not to work for them.

  • Rkill - Terminate Active Malware Processes - Technibble (56)Dale Powell says:

    02/04/2010 at 00:07

    Glad I found this thread about rkill. I just heard about it and thought my toolbox was pretty complete already. I have to admit that I still like using live cds to compliment the programs in removing malware. With the live cd, they just stand out like a sore thumb and can’t hide. You know, the random or misspelled files with the recent date and no version info. When you are used to seeing what does belong, what doesn’t belong sure stands out.

    Thanks,
    Dale Powell
    http://spywarepreventionguy.com

  • Rkill - Terminate Active Malware Processes - Technibble (57)Cherrie says:

    02/09/2010 at 05:26

    My mother is 71 years old and she told me all I have to do is follow the directions on websites when I have computer problems. I said I don’t mess with the computer monster. I usually just surf and write letters to the tenants. I am a computer dummy. Then the PC Protector infected our PC. About 7 months ago I paid over $100 to have it devirused and etcetera. I told my children I wasn’t paying again so I went on the computer found your info and how proud I am about getting rid of that virus. Thank you, thank you, thank you. It was so easy.

  • Rkill - Terminate Active Malware Processes - Technibble (58)Jeff says:

    02/10/2010 at 14:23

    Lawrence, thank you for your active participation in this thread and for being responsive to users’ requests for more reporting. I’m convinced and now trying to download rkill, but none of the versions (exe, com, etc) will download. I had no problem downloading haxfix, just as a test. Is there a problem on your site that’s causing this?

  • Rkill - Terminate Active Malware Processes - Technibble (59)Jason says:

    02/10/2010 at 16:12

    I think people need to stop complaining. Using a free software to get the job done, and complaining about the way it works. If you dont like how it gets the job done…Then dont use it.

  • 02/10/2010 at 21:22

    Hey Jeff,

    Not sure why they are not downloading. Had no trouble when I just tried and had no reports of others having issues.

  • Rkill - Terminate Active Malware Processes - Technibble (61)Mike says:

    02/11/2010 at 00:44

    Hello, after reading all the above, I am anxious to find out how to get rid of “personal security”, which just infected my laptop yesterday. I’m trying to follow the recommendations on this thread, as well as on bleepingcomputer.com, however I am unable to download rkill in any of its four forms. I receive a window to “run” or “save” it. When trying to run, they will appear to be downloading, but when asked to run again, it will just disappear. When trying to save, they again will give an option of choosing a folder to which to save them, and also give the appearance of saving, but then will show “0 discoveries”, and not save anything. I am left in the dark, and hoping you can help. Thanks.

    Mike

  • Rkill - Terminate Active Malware Processes - Technibble (62)Mike says:

    02/11/2010 at 00:48

    Forgot one thing. I have gone to my desktop and saved the four rkill versions, as well as malwarebytes on a flash drive, but my laptop does not even recognize the flash drive when plugged in.

  • Rkill - Terminate Active Malware Processes - Technibble (63)Mike says:

    02/11/2010 at 02:24

    Finally got the rkill to run, and this is how I did it. I had to reboot with the flash drive plugged in for my pc to recognize it. Once there, rkill still would not open or run, but would flash a window for a fraction of a second before disappearing, and then subsequently giving me an error when trying to open again. Even “Run as Administrator” did not work. Had to send to the desktop, even though I could not tell it was there because “personal security” had hidden all my icons. Next, I restarted my pc, and during the boot up process, it briefly showed my desktop icons before the “personal security” window showed up, and before it cleared off the desktop icons again. It took me a couple of tries, but I was able to quickly click on the rkill icon while it was there, and that finally began the run process. it did the job in stopping the “personal security”, and I was able to install the latest malwarebytes program (which I had actually downloaded onto the flash drive from my desktop), and I am running the scan now. God willing, this will find the program and flag it so I can delete it.

    Thanks so much to everyone and especially Larry for making this available to all of us. All I know is when I get the means . . . Mac here I come! (I run a Mac at work, and can’t wait to replace my pcs at home).

    Mike

  • Rkill - Terminate Active Malware Processes - Technibble (64)Jeff says:

    02/11/2010 at 03:02

    I tried IE and FireFox, straight saves and 3 download managers. Had the same problem with all 4 rkill flavors until I tried using ReGet, which d/led them all no problem … I didn’t even have to reboot. Spooky — Cue Rod.
    Then, after all that, rkill found nothing running that it wanted to kill. According to some posts here, I might not have known that but for the report log you put in. Thanks for adding that.

  • Rkill - Terminate Active Malware Processes - Technibble (65)Mike says:

    02/11/2010 at 09:29

    Woke up this morning and malwarebytes found 16 infections. Removed all, and everything seems fine. Thanks again.

    Mike

  • Rkill - Terminate Active Malware Processes - Technibble (66)Mace says:

    02/11/2010 at 18:31

    I just used the pif version of this tool, and it killed the Antivirus Soft Malware instantaneously, and when it completed it’s task it popped up a window telling me what all it shutdown in the process. Very helpful tool indeed. Much Thanks

  • Rkill - Terminate Active Malware Processes - Technibble (67)Jeanneen says:

    02/15/2010 at 14:26

    help!!! I have this malware on my desktop & I am not able to log onto my desktop even in safe mode. I am end this endless cirle where I click on username, it says it’s loading my personal settings & then logs me off that username. I have copied the rkill file to a flash drive from another computer, but I can’tget that loaded onto the desktop. Anybody have any suggestions?

  • Rkill - Terminate Active Malware Processes - Technibble (68)Rol says:

    02/15/2010 at 18:14

    Try hitting F8 during boot up

  • 02/15/2010 at 19:25

    Hi Lawrence,

    Thanks for creating this program, and for updating it to reflect user feedback. Mr. Boyd has every right to be cynical of the program however he seems to have forgotten you guys aren’t paid or asking people to pay for rkill, his casual dismissal of bleepingcomputer.com seems founded upon ignorance. He has every right not to use the program, nobody to my knowledge is force feeding it down his terminal.

    Working tech support at a major university reminds me that people with PhDs can at times get too pretentious for their own good.

  • Rkill - Terminate Active Malware Processes - Technibble (70)Delia says:

    02/16/2010 at 01:07

    Rkill worked! YAY! Thank you so much for this incredibly NECESSARY tool! I had tried everything and couldn’t get Malwarebytes’ Anti-Malware to load and Norton/McAfee/Kaspersky/Ad-Aware/SuperAnti-Spyware did not detect the malware on my machine AT ALL even though it was OBVIOUS something was amiss (security websites blocked/pop-ups galore/slow computer etc.).

    I booted in safe-mode with networking and used rkill and then installed Malwarebytes’ Anti-
    Malware and voila it worked and FOUND the nasty critter causing all the problems and removed them.

    Machine works like a champ now!

    *phew*

  • Rkill - Terminate Active Malware Processes - Technibble (71)Paul says:

    02/17/2010 at 03:53

    Is Lawrence still watching this thread? I hope so.

    rKill has a flaw that really reduces its usefulness to me. I do a ton of remote support using a custom VNC tool. When I run rKill on a user’s PC, it sees the winvnc.exe file as spyware and kills it, dropping my connection.

    If I simply re-initiate the connection, should rKill let me come back in? (Preferably, rKill would simply ignore winvnc.exe, though)

  • Rkill - Terminate Active Malware Processes - Technibble (72)Martin says:

    02/18/2010 at 22:14

    I had the “Antivirus Soft” virus and seemed to (I’ve been running now for a couple hours and it seems to be fine again) have taken care of the program this way:

    Simply do a “system restore” after having booted up in “Safe Mode” (had to use Safe Mode becuase the “Antivirus Soft” wouldn’t allow me to access my “System Restore” in regular mode).

    Hopefully the virus doesn’t come back. I post this message because doing a “System Restore” is much easier and faster than downloading and trying to use “rkill” (“rkill” didn’t work for me).

    Does anyone know of a reason why it is NOT a good idea to try and get rid of the “Antivirus Soft” by simply doing a System Restore? Please reply if so….

    Thanks!

  • Rkill - Terminate Active Malware Processes - Technibble (73)Matt says:

    02/19/2010 at 13:36

    <blockquote

    I had the “Antivirus Soft” virus and seemed to (I’ve been running now for a couple hours and it seems to be fine again) have taken care of the program this way:

    Simply do a “system restore” after having booted up in “Safe Mode” (had to use Safe Mode becuase the “Antivirus Soft” wouldn’t allow me to access my “System Restore” in regular mode).

    Hopefully the virus doesn’t come back. I post this message because doing a “System Restore” is much easier and faster than downloading and trying to use “rkill” (”rkill” didn’t work for me).

    Does anyone know of a reason why it is NOT a good idea to try and get rid of the “Antivirus Soft” by simply doing a System Restore? Please reply if so….

    Thanks!

    System Restore works by attempting to “undo” changed to the operating system.

    For example, if you install a program which causes the system to crash, System Restore and roll back to a time prior to that installation. This only works for programs which properly register with the operating system.

    While unlikely, a system restore may be able to slow down a virus’ progression by changing some installations or registries that it modified, but it most certainly will not remove the infection. Whatever files caused the initial infection are still there since System Restore does not change or alter files in any way.

    If your system is in a usable state, I suggest running a full Malwarebytes scan as soon as possible.

  • 02/19/2010 at 18:13

    Hi Paul,

    Sorry for the delay in getting back to you. Where in winvnc.exe running from? Is it from a userprofile? If so, run it from a different folder as processes running from a userprofile are terminated.

  • Rkill - Terminate Active Malware Processes - Technibble (75)Ron Abe says:

    02/21/2010 at 10:06

    Will it kill the nasty, netsky virus?

  • Rkill - Terminate Active Malware Processes - Technibble (76)Dolphbabe says:

    02/22/2010 at 08:34

    Firstly, Lawrence, great work! I have now sucessfully used ‘rkill’ twice on two separate computers. It stopped the security malware and enabled me to run ‘malwarebytes’ to get rid of it. So far I haven’t found any other tools as good as this. Keep up the good work!

  • Rkill - Terminate Active Malware Processes - Technibble (77)richard though says:

    02/22/2010 at 13:17

    hi,

    Lawrence Abrams
    BleepingComputer.com

    so you are also a creator of combofix? ok its a nice software should i say better than the other product but what happened why your site is down. Maybe im off topic here but just for a curiousity. How come that there are reports that after running the latest versions some computers crashes and could not get back to normal operation. For me luckily i manage to recover it without formating i dont know why it was happened anyway ive just download Rkill and give it a try thanks for this

  • Rkill - Terminate Active Malware Processes - Technibble (78)Luis From Argentina says:

    02/22/2010 at 19:54

    Hola gente, me sugirieron Rkill para sacar el security central que no paraba de molestar y no me dejaba usar ningun programa, en unos segundos dejo de joder el security central y lo saque.

    Aprovecho que por aca pasa el autor para decirle Thanks you very much!

  • 02/23/2010 at 12:56

    I am the creator of Rkill, but not Combofix. There was a bug in combofix a while back that could affect computers, but not for quite a while.

    It wont go after netsky.

  • Rkill - Terminate Active Malware Processes - Technibble (80)Michael Brinson says:

    02/27/2010 at 13:14

    You’re freaking awesome Lawrence. Thank you so much for creating such a valuable tool and making it available the way you have. Just can’t thank you enough. :)

  • Rkill - Terminate Active Malware Processes - Technibble (81)BMoses says:

    02/28/2010 at 19:09

    Lawrence, first and foremost, this is a wonderful tool that has gotten me out of a lot of tight spots. I work with a group of people who troubleshoot for a private company that hosts computers across the US. When I found your tool, I gave it a try via remote assistance. It was amazing to watch it work. Since then, my co-workers have adopted your tool as a main step to removing malware infections. Many of us have used this tool without hesitation on our own and on friends’ computers. Many many thanks for this… it has saved lots of headaches in our line of work.

    My question: Does rkill have any plans to check for updates when running? If not, is there a link that will always offer the latest version of rkill?

  • Rkill - Terminate Active Malware Processes - Technibble (82)JustinE says:

    02/28/2010 at 23:18

    Ok, I finnally got all of the rkill files downloaded thanks to the poster named Jeff. For some reason none of the files would download for me untill I used ReGet to download them. Now, the problem I am running into is that rKill does it’s job, but when I install malware, it starts up and the virus imediately terminates it and deletes/moves malware. I cannot run a scan in order to remove the virus. Does anyone have any suggestions?

  • 03/01/2010 at 14:33

    The latest version of rkill can always be found at http://download.bleepingcomputer.com/grinler/rkill.exe

    I have toyed with updates via the Internet and will see what I can do for the future. No promises though.

    Justin, when you say malware? What exactly are you referring to?

  • Rkill - Terminate Active Malware Processes - Technibble (84)John Gleaton says:

    03/01/2010 at 17:26

    Thanks Lawrence, I have used your RKILL on 7 pc’s on my work network so far. is there any way to tell how these virus are spreading? should I delete all network shares that I can?

  • Rkill - Terminate Active Malware Processes - Technibble (85)eileen says:

    03/03/2010 at 21:03

    I tried system restore but even that is asking me what program I want to use to open the file? Which version of rkill to I try? .exe? .com? .scr? or .pif?

  • Rkill - Terminate Active Malware Processes - Technibble (86)eileen says:

    03/03/2010 at 21:05

    even the rkill is asking what program I want to use to open the file? What do I do?

  • Rkill - Terminate Active Malware Processes - Technibble (87)Tim says:

    03/03/2010 at 12:49

    Downloads keep erroring out. Even with ReGet. Any other way to get this app? Dealing with another machine with Antivirus Soft.

  • Rkill - Terminate Active Malware Processes - Technibble (88)bizzy says:

    03/04/2010 at 01:11

    The RKill program keeps asking “what program to use to run it?” It happens with EVERY extension you’ve supplied.

    How do I get around this?

    Thank You!!!!!!!!!!!!!!!!

  • Rkill - Terminate Active Malware Processes - Technibble (89)tyler says:

    03/04/2010 at 17:25

    I’m having problem running this myself, so I’m not sure if it rules as you say. Like others have mentioned. I’m having a problem getting rkill to run because my pc says it doesn’t know which program to run the pev.rkexe.file through no matter which of the 4 links I choose.

    Does anyone know the solution to this problem, because I see I’m not the only one with it.

  • Rkill - Terminate Active Malware Processes - Technibble (90)dale says:

    03/05/2010 at 04:38

    i tried every site where i could get the rkill program and i get redirected
    could someone send it to my email pls
    nightrider1041@hotmail.com

  • Rkill - Terminate Active Malware Processes - Technibble (91)Darren says:

    03/06/2010 at 20:30

    Dear Mr. Abrams.
    I installed you Rkill.exe on my computer and it did as I had hoped and allowed me to scan with malwarebytes. My issue now is that every time I try to open a program on my machine, It prompts me with a “run As’ menu asking me to sign in under administrator with a password. This has become more annoying than the Malware that I originally had please help me get rid of this.
    Darren S Smith

  • Rkill - Terminate Active Malware Processes - Technibble (92)roadkill42 says:

    03/07/2010 at 14:31

    Had a malware that was killing malwarebytes, so I ran rkill.com several times. It did create a log file, but it did NOT stop the malware. I ahd to go to Microsoft and get their malware removal tool. It did cleanup some things, but I didn’t have time to test the results completely.
    Also, malwarebytes would not even try to run in safe mode: gave an error message that it could not install in safe more. Don’t know why.

    OS: XP SP3
    Malwarebytes: latest download (1.44)
    Rkill: latest download

  • 03/07/2010 at 23:43

    Darren,

    Download and double-click on this registry file:

    http://download.bleepingcomputer.com/reg/FixExe.reg

    When it asks if you would like to merge the data, allow it to do so. Let us know if that fixes your issue.

  • Rkill - Terminate Active Malware Processes - Technibble (94)Darren says:

    03/08/2010 at 07:34

    Mr. Abrams,
    I Did as you asked and it never asked if I would like to merge the data. It did however come up and say my registry has been successfully changed. I am still however stiff experiencing my original problem. I really appreciate your help.
    Darren

  • Rkill - Terminate Active Malware Processes - Technibble (95)Tim says:

    03/09/2010 at 09:47

    Any update on the rkill.* download links? I’m still getting “IE cannot open page” errors on each one.

  • Rkill - Terminate Active Malware Processes - Technibble (96)GMU Tech says:

    03/09/2010 at 10:05

    Thanks so much for the R Kill program. I was just about ready to format the system when I found you very useful tool! It goes in the tool kit here and I am telling all tech here at the university about it.

  • Rkill - Terminate Active Malware Processes - Technibble (97)Tim says:

    03/09/2010 at 11:24

    GMU, where did you get rkill? I’ve been trying to download for 2 weeks from those links. Have a workstation infected with Antivirus XP 2010 that won’t allow MalwareBytes to run. AV.EXE keeps restarting. Is there a setting with IE that is keeping me from getting to the site?

  • Rkill - Terminate Active Malware Processes - Technibble (98)K says:

    03/09/2010 at 11:49

    I need help.. my computer blocks all of these it iwll not let me find any of them on my computer and when I try to save it it wont let me

  • Rkill - Terminate Active Malware Processes - Technibble (99)Darren says:

    03/09/2010 at 18:09

    Mr Abrams. Please help me fix my issue. I haven’t heard back since my reply.

  • 03/10/2010 at 09:04

    For those who can’t run programs after running Rkill, yor removing av.exe, you must have been infected with the av.exe rogue. Download the following reg file and save it to your desktop:

    http://download.bleepingcomputer.com/reg/FixAV2.reg

    Then double-click on the reg file and allow the data to merge. You should now be able to run executables again.

  • Rkill - Terminate Active Malware Processes - Technibble (101)Amanda says:

    03/10/2010 at 11:14

    Thanks L.A! You and you programs are godsends to the pc world!!

  • Rkill - Terminate Active Malware Processes - Technibble (102)DocLazy says:

    03/10/2010 at 13:30

    Dear Mr. Abrams,

    damn, this malware named Paladin Antivirus just stops every try to download it from bleepingcomputer.com. The site just won’t open.

    Is there any other place, where I can download rkill?

    Please help. I’m desperate to find a way since two weeks.

    Thank you very much

    Lazy

  • Rkill - Terminate Active Malware Processes - Technibble (103)JacekW says:

    03/11/2010 at 06:20

    Hi

    I just want to said that rkill tool and Malwarebytes’ works every-time. There usfull tools for any spywere.
    thx

  • Rkill - Terminate Active Malware Processes - Technibble (104)Michele says:

    03/12/2010 at 13:28

    I have used the rkill along with the Malwaerbytes anti-malware to try and rid my comp of the Antrivirus Soft bs that keeps popping up on my computer. I have run both over and over via the safe mode. I have tried all 4 versions of the rkill – and they all come on for 3 seconds top and then go to the log. It shows nothing being “killed” on the log. I have run the Malwaerbytes and the very first time it found a trojan-dropper but sense then has found nothing. Yet I’m still getting the pop ups from antivirus soft once I start up in normal mode. AGGGHHH. Is the rkill working if its up for that short of a time? I’m at a loss. I’m far from a computer guru…please advise

  • Rkill - Terminate Active Malware Processes - Technibble (105)Braden says:

    03/12/2010 at 16:53

    Rkill totally worked on the first try! It got rid of antivirus soft when every other freeware program I tried kept missing it.

    Awesome program totally kick ass and 5 stars to the creators!!!!!!!!

  • Rkill - Terminate Active Malware Processes - Technibble (106)Bill says:

    03/13/2010 at 09:58

    Not sure if this is any help to anyone but I ran msconfig from “start, run” on my xp machine and disabled lkmqsftav on the startup tab and rebooted and then had a bit more flexibility in performing clean up tasks.

  • Rkill - Terminate Active Malware Processes - Technibble (107)Hani Dirani says:

    03/15/2010 at 10:28

    I am creating a virus removal utility and i was wondering is there a way to run rkill silently without bring up a log file?

  • Rkill - Terminate Active Malware Processes - Technibble (108)Deispring says:

    03/16/2010 at 02:00

    I would just like to thank Lawrence Abrams for this nifty little program. I found it while trying to find a fix for the Security Tools 2009 Virus, and for the longest time I could not find a way to fix it, even when running programs that said they fixed ST2009 Specifically.
    Then I found a forum that said to run Rkill.exe 1st, then run the others. I did, and what do you know, it worked perfectly.
    Granted, there was not much info on this little program back then, but People, Please!!! IT’S A FREE PROGRAM THAT KILLS MALICIOUS PROCESSES, NOTHING MORE or LESS. It’s the Pliers you use to straighten the nail before using the hammer to pull the nail out.
    As for the little black screen, I was lucky in that the forum I found for Rkill warned me ahead of time, so I had no worries there. Still, I can honestly say that this program will do just what you need. And Hey, if it kills an extra process or 2 that you didn’t intend it to kill, guess what, You’re fixing your computer right now, so let it kill the “other” processes and run your Antimalware programs afterwards.
    And for the record, the programs I ran to clean that system, and it is now clean, are Combofix, Malwarebyte, AdAware, Spybot, and Comodo Security Suite. I downloaded Rkill directly, and the rest on a clean computer, put them on a flash drive, and booted in Safe Mode w/ Network, and Installed / ran them in the order you see above. I did not run IE or Firefox ONCE during this scenario, and Restarted after each program finished, again rebooting directly into safe mode w/ Networking. It took about 5 1/2 hours for everything to work it’s way through, plus 2 1/2 more hours for Comodo, but when I finished and booted into normal mode, my computer was clean of everything except the Primawega Addware, which is a whole other story. All in all, the computer is running perfectly, and NONE of these programs worked or installed right until I ran Rkill.
    So again, Thanks to Lawrence for a kick-but program, and Yes, I’d love to see a full-featured version some time down the line, but as it is, this program works wonders.
    Cheers,
    Deispring

  • Rkill - Terminate Active Malware Processes - Technibble (109)Leah says:

    03/17/2010 at 14:49

    I have used this rkill program to help remove the Security Tool virus. It works great!!

  • 03/19/2010 at 09:37

    This tool looks to be exactly what I need on a daily basis. Thank you. I have had luck previously renaming MBAM.exe to M.exe. Then the malware will not stop it. Thanks!

  • Rkill - Terminate Active Malware Processes - Technibble (111)778877 says:

    03/20/2010 at 20:47

    to Lawrence Abrams. thank you very much for the rkill.my laptop got infect and thanks to u and malwarebytes software my laptop…working great again.save me $$$ and time.thanks again Abrahams

  • Rkill - Terminate Active Malware Processes - Technibble (112)Kaolinchemist says:

    03/21/2010 at 09:49

    Lawrence, this looks to be a godsend. I am waiting on a new power supply before I can get my infected (Antimalware 2010) desktop (xp Pro SP3) running so I can try out rkill. I am trying to educate myself on the step by step process I will need, is this correct?

    1) downloaded all rkill (.com,.pif,etc..) to flash drive

    2) Downloaded latest Malwarebytes to flash drive

    3) Boot in Safe Mode With networking

    4) copy files from Flash drive to desktop

    5) run one of the rkills (may have to try and run it many times if malware closes it)

    6) run Malwarebytes AM

    Thanks in advance, if anyone has a step by step with scrrenshots for newbies like myself it would be a HUGE help.

    I just want to thank Lawrence for all his help in fighting against this malware crap.

    I have learned a lesson, from now on I will create a limited user account that I will use when surfing the net from now on.

  • Rkill - Terminate Active Malware Processes - Technibble (113)Sean Nissanka says:

    03/21/2010 at 22:47

    Lawrence, I have no way of expressing my gratitude for this fix! its a GREAT little program that does wonders. I’ve been in IT for over 15 years. A few comments earlier were based on being unable to dowload from your site. It’s not a site problem, just the malware preventing such downloads. It downloads perfectly from a non-infected pc :)

    I wasted over 5 hours on an infected pc in trying to clean out infections, with no success. After using rkill, job was done in 10 minutes.

    Kaolinchemist has got it right by saving to USB and then rebooting in SM with Networking. But, this too sometimes goes wrong :( as the malware boots up even in SM and infects the exe’s in the USB.

    Once again, thanks a million Lawrence for this nifty litle gadget :)

    Sean – Sri Lanka

  • Rkill - Terminate Active Malware Processes - Technibble (114)Raj Singh says:

    03/21/2010 at 23:53

    Hey Lawrence,

    I am a layman and just want to express my gratitude that you created such a simple thing that even a non-technical person like me could use and remove the Security Tool.

    Just want to let you know, may be it is coincidence, the Security Tool popped right after my subscription for Norton Anti-virus expired. I felt I was being forced to purchase it again. I will buy Malwarebytes now.

    Thanks a lot, again!

    Raj

  • Rkill - Terminate Active Malware Processes - Technibble (115)Chris says:

    03/22/2010 at 06:15

    To Sean Nissanka
    A tip for you and other members, If you save these removal tools to a USB Pendrive, get one with the write protect switch on it and then download & save removal tools onto stick on a non infected PC. Once you have done that write protect the USB Drive so that the virus can’t infect / damage the removal tools.

    As an IT Tech I have had a lot of experience in removing Malware from PC’s and I have found this method to be the easiest.

  • Rkill - Terminate Active Malware Processes - Technibble (116)Ruben says:

    03/24/2010 at 01:52

    I really have to say, that this rkill tool is possibly, one of the greatest tools I have ever used. I could not run any applications on my computer until this tool was used. It saved my job. So just wanted to say thank you.

  • Rkill - Terminate Active Malware Processes - Technibble (117)antonio says:

    03/24/2010 at 15:21

    As a relative novice, I have been plagued by similar Malaware which is taking over my computer with all sorts of false virus warnings. I have taken to booting up in safe mode and have followed all the steps as detailed in this log.
    Unfortunately whenever I run Rkill (exe or com) it seems to take only 1-2 seconds and in the white log box (notepad) which appears after the black box the only program which appears to have been killed are the following

    windows/systems32/dllhost.exe
    users/psi,desktop/rkill.exe

    when I then run Malawarebytes full scan I get no hits related to infection and the virus alerts are still present. Is the problem that Rkill is getting shut down too fast?
    Any suggestions are appreciated thanks!
    antonio

  • Rkill - Terminate Active Malware Processes - Technibble (118)Kaolinchemist says:

    03/25/2010 at 12:35

    Lawrence, THANK YOU I booted in safe mode with networking, and up popped my “XP Antimalware 2010” rogue infection and I hit rkill.com on my desktop and on the FIRST TRY it killed av.exe after that I was able to install MBAM.exe and update it and then perform a quick scan. It found and removed several files. I then turned off system restore and turned back on and then rebooted again into Safe Mode w/ Networking. The rogue virus did not pop up and I ran a FULL MBAM scan and it found nothing. I then used CCleaner to clean up my temporary files and I am FREE of that crap so THANK YOU SOOOO MUCH for your kill.exe app. You are a good man.

  • Rkill - Terminate Active Malware Processes - Technibble (119)Wayne says:

    03/25/2010 at 18:28

    This utility works exactly as advertised. Perfect supplement to an engineers “bag of tricks”.

    Highly recommended … great job Lawrence!!

  • Rkill - Terminate Active Malware Processes - Technibble (120)Amy says:

    03/29/2010 at 08:26

    I have used this tool several times and it has worked wonderfully for me! Thanks for the tool!!

  • Rkill - Terminate Active Malware Processes - Technibble (121)Patrick says:

    03/30/2010 at 02:15

    Thanks for rkill.com. I used it about a year ago on a friend’s system, and it was fun! Plus, afte that being able to run the other type killer programs….

    Nite before last, I got that same trojan, ANTIVIRUS-XP somehow, could not access the internet and could not even run Task Manager.

    Well, I managed to fix my own sysyem a bit faster than my friend’s, but want to run the latest rkill., so thanks

  • Rkill - Terminate Active Malware Processes - Technibble (122)BOB says:

    03/30/2010 at 17:10

    DONT USE RKILL .. LEFT LOG :

    his log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as ******* on 23/03/2010 at 0:13:40.

    Processes terminated by Rkill or while it was running:

    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Users\*******\Desktop\Downloads\rkill.exe

    Rkill completed on 23/03/2010 at 0:13:43.

  • Rkill - Terminate Active Malware Processes - Technibble (123)Ray says:

    04/01/2010 at 09:58

    BOB:

    What’s your point?

  • Rkill - Terminate Active Malware Processes - Technibble (124)Michael says:

    04/01/2010 at 13:51

    I have used rkill.com already to remove malware that would have made it impossible otherwise. I would have reloaded everything. Using this tool, I was able to save all documents, favorites (Bookmarks), and pictures.

    Not bad for a free tool!

    Mike

  • Rkill - Terminate Active Malware Processes - Technibble (125)Judy says:

    04/02/2010 at 02:36

    OH MY GOD. this rkil saved my ass. stupid vista window security 2010 was bombarding my comp with DANGER HACKING HI JACKER sh*t. and i dl r kill and it just went away. <3

  • Rkill - Terminate Active Malware Processes - Technibble (126)Tom says:

    04/02/2010 at 03:18

    rkill just saved me a lot of time. Had some Rogue Anti-Virus and rkill stopped and told me exactly where the malicious executable was. I ran Malwarebytes before removing the file manually and it wasn’t even found.

  • Rkill - Terminate Active Malware Processes - Technibble (127)Noah says:

    04/02/2010 at 21:43

    Didn’t feel like reading ALL of the comments on this, but from the comments I did read I wanted to recommend one strategy that I found works quite consistently, and I probably disinfect 10-20 computers a week.

    1) Download Process Explorer, RKILL.COM and the Malwarebytes installer.
    2) Copy RKILL and Process Explorer wherever you want, then create a shortcut to them in the Startup folder of the start menu.
    3) Restart computer.
    4) Upon restart, RKILL runs 95% of the time even when it was blocked by malware if you tried to run it immediately after downloading.
    5) Even when it doesn’t, Process Explorer usually successfully opens.
    6) Go through the processes in Process Explorer and shut down anything non-essential.
    7) Install, update and do a full scan with Malwarebytes, removing any found items after inspecting for false positives.
    8) Restart, then do another full scan with Malwarebytes.
    9) Tada! (if this helps you send beer/coffee my way)

  • Rkill - Terminate Active Malware Processes - Technibble (128)Noah says:

    04/02/2010 at 21:46

    P.S. I posted the above because people were recommending to “just keep running it over and over again until it takes” if it got blocked by malware, which seems less than efficient IMHO.

  • Rkill - Terminate Active Malware Processes - Technibble (129)Sheron says:

    04/03/2010 at 16:37

    Thank You for all your help I will certainly give it a try as Security Tool infected my new Win 7 tower.

  • Rkill - Terminate Active Malware Processes - Technibble (130)fk says:

    04/05/2010 at 11:18

    danke!!! einfach und erfolgreich!!!

  • Rkill - Terminate Active Malware Processes - Technibble (131)Jayme says:

    04/08/2010 at 03:20

    My brother told me about this program and he works on pcs for a living. He also uses malwarebytes. I don’t know if anyone else has had issues or not with Google Chrome, but I believe it’s lack of security caused a TON of viruses, trojans, worms and “unknown viruses” to invade my pc last night. It’s a mess. I am going to try rkill and I am going back to firefox.

  • 04/09/2010 at 10:17

    Unfortunately due to time constraints I will not be able to support Rkill outside of BC. I just do not have enough time to monitor multiple topics at multiple sites, especially when some of them do not have new reply notifications.

    So I created a new topic at BC regarding rkill and how to use it.

    The topic can be found here:

    http://www.bleepingcomputer.com/forums/topic308364.html

    Please note that this topic should not be used to ask for help removing specific malware.

  • Rkill - Terminate Active Malware Processes - Technibble (133)Jason says:

    04/09/2010 at 10:26

    Mr. Abrams, Thanks for all your work.

    Ok, here is a stupid question for you. Do you need to Rkill in safe mode, Or can you just run it in windows? I ran it in windows and it stoped the pop-ups. but now it just says:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.
    Ran as Admin on 04/09/2010 at 10:06:35.

    Processes terminated by Rkill or while it was running:

    C:\WINDOWS\system32\imapi.exe
    C:\Documents and Settings\Admin\Desktop\RKILL\rkill.exe

    Rkill completed on 04/09/2010 at 10:06:42.

    Isn’t this doing what it’s supossed to do?

    I’ll then run several virus programs(avast, malware, avg, adaware, ccleaner…), and remove a couple viruses each.
    After a couple of days to a week, I will get the virus back.

  • Rkill - Terminate Active Malware Processes - Technibble (134)admin says:

    04/09/2010 at 11:54

    As per the creators request, if you need any Rkill support, please visit this thread:
    http://www.bleepingcomputer.com/forums/topic308364.html

  • Rkill - Terminate Active Malware Processes - Technibble (2024)

    FAQs

    How do I get rid of advanced malware? ›

    How to get rid of a virus on your computer: Step-by-Step
    1. 1: Contact an IT professional. ...
    2. 2: Disconnect from your network. ...
    3. 3: Download antivirus. ...
    4. 4: Use a safe mode. ...
    5. 5: Reboot your device. ...
    6. 6: Run a virus scan. ...
    7. 7: Clear cache. ...
    8. 8: Update your browser and passwords.

    What is RKill? ›

    RKill is special software that can be used to notify users of suspected malware and delete it as and when it is found.

    What is the most difficult malware to remove? ›

    Ransomware is the hardest type of malware to remove according to 45% of all business owners. 25% of all business owners named worms as the hardest type of malware to remove in 2021. 35% of all American computer users felt that Adware was the hardest type of malware to remove from their computer or phone.

    How do I get rid of hidden malware? ›

    Follow these six steps to malware removal on a PC.
    1. Step 1: Disconnect from the internet. ...
    2. Step 2: Enter safe mode. ...
    3. Step 3: Check your activity monitor for malicious applications. ...
    4. Step 4: Run a malware scanner. ...
    5. Step 5: Fix your web browser. ...
    6. Step 6: Clear your cache.

    Who made RKill? ›

    Rkill.exe is a program developed by Bleeping Computer, LLC. that is designed to terminate malicious processes running on a computer. It is particularly useful for enabling users to run their normal security programs when malware is preventing them from doing so.

    Is PC Accelerator malware? ›

    PC Accelerate Pro isn't a computer virus; it's a potentially unwanted program (PUP), akin to malware. It's often downloaded through misleading methods and tries to convince you to pay for a useless premium subscription to remove false computer threats on your computer.

    How do I get rid of Trojan? ›

    Installing and using a trusted antivirus solution is also one of the top ways to get rid of trojans. An effective antivirus program searches for valid trust and app behavior, as well as trojan signatures in files in order to detect, isolate and then promptly remove them.

    Can I remove malware myself? ›

    Scan your device for malware.

    Run a malware or security Delete anything it identifies as a problem. You may have to restart your device for the changes to take effect. Run your scan again to make sure everything is clear.

    What is advanced malware? ›

    Advanced malware's goal, in general, is to penetrate a system and avoid detection. It usually has a specific target—most often an organization or enterprise—with the objective of financial gain.

    What is the difference between malware and advanced malware? ›

    Malware is commonly delivered via social engineering attacks or via drive-by attacks online. Command & control: Advanced malware needs to communicate with the attackers to send discovered information and receive additional instructions.

    Can malware virus be removed? ›

    Some computer viruses and other unwanted software reinstall themselves after the viruses and spyware are detected and removed. Fortunately, by updating the computer and by using malicious software removal tools, you can help permanently remove unwanted software.

    Top Articles
    Latest Posts
    Article information

    Author: Virgilio Hermann JD

    Last Updated:

    Views: 6304

    Rating: 4 / 5 (41 voted)

    Reviews: 80% of readers found this page helpful

    Author information

    Name: Virgilio Hermann JD

    Birthday: 1997-12-21

    Address: 6946 Schoen Cove, Sipesshire, MO 55944

    Phone: +3763365785260

    Job: Accounting Engineer

    Hobby: Web surfing, Rafting, Dowsing, Stand-up comedy, Ghost hunting, Swimming, Amateur radio

    Introduction: My name is Virgilio Hermann JD, I am a fine, gifted, beautiful, encouraging, kind, talented, zealous person who loves writing and wants to share my knowledge and understanding with you.