RKill - What it does and What it Doesn't - A brief introduction to the program | JamiiForums | The Home of Great Thinkers

Dismiss Notice
You are browsing this site as a guest. It takes 2 minutes to CREATE AN ACCOUNT and less than 1 minute to LOGIN

RKill - What it does and What it Doesn't - A brief introduction to the program

Discussion in 'Tech, Gadgets & Science Forum' started by MziziMkavu, Feb 12, 2011.

  1. MziziMkavu

    MziziMkavu JF-Expert Member

    Feb 12, 2011
    Joined: Feb 3, 2009
    Messages: 39,620
    Likes Received: 4,611
    Trophy Points: 280
    This topic was created to provide a very brief introduction as to what RKill does and to provide a way a way for people to report false positives of processes that are

    terminated. Even though false positives may occur, this should not be considered a problem as you can always launch the programs again or reboot your computer as

    no files are removed by running RKill. This topic is not to be used as a support topic for getting RKill to run or for removing specific malware. All information that I

    can provide on getting RKill to run will already be given in this topic and if you need help removing malware you can follow the steps here or ask in the Am I Infected? forum.

    RKill is a program developed at BleepingComputer.com that was originally designed for the use in our malware removal guides. It was created so that we could have an

    easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.

    So in summary, RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. When done, RKill will then create a log listing all processes that were terminated

    while the program was running. Please note that this will include processes that were terminated manually by the user as well as RKill. I have whitelisted some

    processes that are commonly shown as being killed even though they weren't terminated by Rkill, including the program itself, to avoid confusion that a legitimate process was terminated. Other than what is listed above, it does nothing else.

    Since RKill only terminates processes, after running it you should not reboot your computer as any malware processes that are set to start automatically, will just

    start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just

    reboot your computer and you will be back to where you started before running the program. Some great free tools that you can use to scan your computer after running RKill include MalwareBytes' Anti-Malware, SuperAntiSpyware, and Dr.Web CureIt.

    RKill can be downloaded from the following locations. Please note that the other filenames below are RKill as well, just renamed in order to allow it run by certain malware.

    When RKill is run it will display a console screen similar to the one below:


    That console screen will continue to run until it RKill has finished. Once finished, the box will close and a log will be displayed showing all of the processes that were terminated by RKill and while RKill was running.

    Depending on the malware that is installed on the computer, when you run RKill you may see a message from the malware stating that the program could not be run because it is a virus or is infected. Examples of these warnings are:

    [​IMG] [​IMG]

    These warnings are just fake alerts by the malware that has hijacked your computer trying to protect itself. Two methods that you can try to get past this and allow RKill to run are:
    • When you receive the warning message, leave the message on the screen and try running RKill again.
    • If that does not work, just keep launching RKill until it catches and stays up long enough to kill the malware
    Yes, both methods are not elegant, but they will work if you keep trying. Unfortunately, there is not much better I can do at this point for some malware that are very tenacious at killing all processes that run.

    On a final note, when you download and run RKill, certain anti-virus programs may state that the program is a security risk. This is because some of the tools used by RKill can be used for good or bad, though the programs themselves are perfectly harmless, and most anti-virus programs just lump them into the bad category. I assure you we are using them only for good purposes

    A scan from virustotal.com as of 12/02/10 shows the following AV vendors flagging RKill as:

    ClamAV 2010.12.02 PUA.Packed.PECompact-1
    eSafe 2010.12.02 Suspicious File
    F-Prot 2010.12.01 File is damaged
    Sophos 4.60.0 2010.12.02 NirCmd

    Please be assured that there are no Trojans or infections within RKill.

    If you have any other questions about RKill, feel free to post them in the topic. Do not, though, ask questions about how to get RKill to run, unless you can provide a better method to get around the malware blocking it. Also please do not ask about how to remove specific malware. Those questions should be asked in the forums listed earlier in the topic.



    • Major rewrite of the program to be more effective.
    • No longer terminates explorer as that was restarted applications running from Runonce.
    • Uses a whitelist for displaying the processes that were killed. This is so it no longer shows itself as being killed and some other processes that were always displayed in Vista and Windows 7 even though Rkill didn't terminate them.
    • Cleaned up output.
    Source: http://www.bleepingcomputer.com/forums/topic308364.html
    Chombo hicho cha kuondowa Virus, Trojans,Malware,na Worm tumia hichi kablya ya ku Scan anti-Virus yako uwe nacho kila siku ukiona tu Computer yako inakwenda taratibu tumia hichi chombo cha kuuwa Wadudu wote wa Computer.
  2. Zing

    Zing JF-Expert Member

    Feb 12, 2011
    Joined: Jun 24, 2009
    Messages: 1,780
    Likes Received: 21
    Trophy Points: 0
    Kuna siku utawaletea watu virus bila kujua . naamin hiii hata wewe hujafanyia majaribio

    Program gani ya kuondoa malware alafu inapendekeza tena utumie program nyingine kama MalwareBytes' Anti-Malware, SuperAntiSpyware, and Dr.Web CureIt.

    Kichekesho kweli hiki mfano utumie Macfee alafu wakumbie ukifika hatua fulani tumia kapersky

    Sasa kuna haja gani ya kurun hi program.