How to use Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 1

Written by: Donna Buenaventura • Edited by: Bill Bunter
Updated Sep 20, 2010 • Related Guides: Anti-malware

Are you having difficulty to remove fraud tool using your anti-malware or anti-virus program. Rkill will assist your scanner and remover in terminating malicious processes. Read the series of article about Rkill by Lawrence Abrams.

Introduction

Scareware or Fraud Tools are applications that will display a fake scanner in your system. It is promoted or pushed by malware distributors (Trojan Horse virus creators) to scam people. The rogue software makers are aware that many people will avoid visiting their website so they’ve decided to push their rogue and malicious software using another tactic – to scare people by first infecting the system with Trojan installer. When executed, it will try to shock or scare the end-user by displaying a fake scanner. Some of this scareware will not let you scan the system using legitimate anti-virus or anti-malware applications. It will also block in loading critical system tools: Task Manager, Startup Configuration Utility (msconfig) and Registry Editor (regedit). On this article, we will discuss how Rkill tool will assist your anti-virus or anti-malware in cleaning up the PC.

What is Rkill?

Rkill is created by Microsoft MVP Lawrence Abrams (also known as Grinler in several security forums) of BleepingComputer.com. Rkill is malicious software process killer and anti-malware assistant because it will terminate the active processes of malware that is blocking your anti-malware, anti-virus, Task Manager, Process Explorer, Registry Editor, browsers and any other programs in loading. When it finished unloading or terminating malicious processes associated to rogue or malicious program, you can proceed to scan and clean the system using anti-malware or anti-virus program.

Where to Download and How to Use Rkill?

Rkill is a free download from BleepingComputer.com and available in different file extensions:

rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif

The file size is less than 300kb only (257kb to be exact). To use Rkill, simply execute rkill.exe. You should see the command prompt window indicating that rkill is terminating known malicious processes. The command prompt will disappear when it finished and you will find ncmd.cfxxe, rkill.reg and pev.exe which are created by rkill. If you will execute rkill.exe again, those files will be removed by rkill. You can also manually delete rkill and other files it added after you’ve finished in using or cleaning the system.

Note: You do not need to execute the entire file format of rkill but use each at a time; only if the first one will not run at all (if the command prompt window displaying rkill is in the process of terminating the malicious processes is not shown). If you using Windows Vista or Windows 7 with UAC enabled, you will need to right-click rkill and choose to run as admin.

guest Dec 17, 2011 7:14 PM

RE: How to use Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 1

Without showing the actual command to run rkill from the thumb drive, your advice is worthless

salamander262 Jul 25, 2011 3:20 PM

RKILL

I keep rkill.exe and rkill.com on all of my desktops along with malwarebytes, just for this occaision. you cannot download any of these once your machine is infected. Go to another computer and download them to a thumbdrive and then run them on the infected computer from the thumbdrive. Once they run install malwarebytes or something like it to clean the items off.

Janice Langille Apr 4, 2011 11:40 AM

MS Removal Tool

I spent most of yersterday trying to remove this visious malware. I finally found a cleaner that would work in safe mode with networking. I used malwarebytes. All other clearners did not work the malware kept bloking the install. I then used registry cleaner and ran it three times to be sure. I still think it has some cookies attached to exe. so I would go into the registry and try to find more. Will keep you updated.

Donna Buenaventura Feb 4, 2011 12:12 AM

Hi Ruca,

Try to download the already renamed rkill file from:
http://download.bleepingcomputer.com/grinler/eXplorer.exe
http://download.bleepingcomputer.com/grinler/iExplore.exe
http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe
http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe

Another work-around is by using another but clean PC to download Rkill to flash/usb drive. Connect the flash/usb drive to affected computer to use rkill.

Regards,
Donna

RUCA Feb 3, 2011 11:31 PM

RUCA

I BEEN TRY TO DOWNLOADING IT'S WONT LET ME BECAUSE OF MALWARE IS ON IT IT HAS CONTROL ALL OVER MY CPU WHICH IT MEAN I CAN'T DOWNLOADING I CAN'T GET ACCESS ADMINISTOR TOOLS ALL THAT ALL OF THEM ARE BAD. WHAT CAN I DO?

the_wiggle Dec 19, 2010 8:42 PM

rkill

Hmm, AVG flagged this immediately as downloader malware & quarantined it.

Any idea why?

Donna Buenaventura Dec 12, 2010 12:24 PM

Anuj,
Have you tried booting to safe mode with networking, then scan the system using Norton Power Eraser, Malwarebytes or SUPERAntiSpyware Free editions?

Can you try also using exeHelper
It works like Rkill and you can download two format:
http://www.raktor.net/exeHelper/exeHelper.com
http://www.raktor.net/exeHelper/exeHelper.scr

Anuj Dec 12, 2010 10:53 AM

Not working

Well, I downloaded 3 versions of Rkill the 4th doesn't work
I ran them and within starting it up a window comes up sayin "iexplore.exe" occured a problem or something like that and then after when the Rkill program says "terminating known malware processes. please be patient" another 1 comes up saying "pev.exe occured a problem" Help, I have the HDD Rescue problem

Donna Buenaventura Sep 25, 2010 4:31 PM

Hi fpkat,

Please see the removal guide for Fake Microsoft Security Essentials trojan alert in http://www.brighthub.com/internet/security-privacy/articles/85873.aspx

fpkat Sep 24, 2010 6:56 PM

microsoft security essentials trojan

My daughters HP W7 64 bit machine has this trojan on her regual user account. I can open the 64 bit IE but not the 32 bit without getting the virus prompt. The 64 bit IE works, but crashes with rkill just like the 32 bit version. Would firefox be worth trying?

Running rkill.com wont work unless I loaded iExplore.exe.. but then it stops with a warning "pev.rkexe has to close".

Safe mode is a black screen with no start menu.

I am using mrt.exe in the administrator account , having found nothing 2/3 way through. ( haven't tried rkill here yet)

Will mrt or rkil running on the Administrator acct scan the other user accounts and kill the trojan?

How will I know it worked? If it does I will then download Malwarebytes or another program and scan the whole system...

Any other ideas? this is the worst disaster I have had in 15 years of computing

pankaj Sep 20, 2010 5:58 AM

malware

i have mse installed on my laptop,but it is not able to remove a malware which was accidentaly installed by me.the malware has turned off UAC and windows security centre.even i canot open task manager.what should i do

Beverly Sep 10, 2010 10:27 AM

Last Link

The last link didn't work. Ran the other 3 and so far I'm good. Would like to complete the full process. Thanx

Donna Buenaventura Aug 29, 2010 3:19 AM

Hi Mo,

Try to follow the guide in http://www.brighthub.com/internet/security-privacy/articles/82883.aspx
It is removal guide for Security tool but you can use it also to remove Security Suite by booting the PC to safe mode with networking. Scan using MRT or any malware scanner you have in Window while you are in Safe Mode.

Mo Aug 29, 2010 2:14 AM

Fake Microsoft Security Essentials Alert

There is this malware on my other computer which is a fake message that says your computer is infected and it says buy these thing to fix it. I have tried to run rkill and the renamed version of it but whenever it starts up it closes after a second or two. I cant get it to go away and i cant keep working in safe mode.

Donna Buenaventura Aug 21, 2010 4:14 PM

Hi jordyz,

Try to follow the guide in http://www.brighthub.com/internet/security-privacy/articles/82883.aspx
It is removal guide for Security tool but you can use it also to remove Security Suite by booting the PC to safe mode with networking. Scan using MRT or any malware scanner you have in Window.

Hope it will help!

jordyz Aug 21, 2010 3:34 PM

Error

I am attempting to run Rkill to remove security suite however when i run it is says pev.rkexe has stopped working what can i do? Ive tried rerunning it several times but the same message pops up.

Donna Buenaventura Aug 15, 2010 12:01 PM

Good Luck, Patrick. I hope it is updated MRT program so you have big chance of cleaning the computer without having to pay for cleaning it.

Patrick Aug 15, 2010 11:52 AM

MRT.exe

Donna,

Thank you for the MRT.exe info. I didn't even know it existed. I will run that and see if Microsoft knows about this malware, many months after it terrorized the world.

Patrick

Donna Buenaventura Aug 15, 2010 11:44 AM

Patrick,

Yes, please try to use wired connection so you can update the definition of the scanner. Another thing you can try is to boot to safe mode only then run a scan using Windows Malicious Software Removal Tool by Microsoft.
While in Safe Mode, type mrt.exe in the run box then scan the computer using the removal tool. It is updated monthly by Microsoft which have detection for known fake or rogue programs that was installed by Trojans.

Patrick Aug 15, 2010 10:42 AM

RE: How to use Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 1 Read more: http://www.brighthub.com/computing/smb-security/articles/59807.aspx#ixzz0wgaivDvz

Donna,

I have done that, except for the update malwarebytes part. For some reason my safe mode with network doesn't allow internet access. Maybe it's because I was using wireless. I will try the wired and see if it works. Now I have a guy coming over to do it for me for a fee, I will see if he has any success.

Patrick

Donna Buenaventura Aug 15, 2010 10:34 AM

Hi Patrick,

I did some test few days ago and yes, variants of some rogue program will also failed to be killed by rkill or exehelper or the renamed rkill e.g. eXplorer.exe

What you can do is to reboot the computer to safe mode with networking.
While in safe mode, try to scan using Malwarebytes but update it first since you booted with networking.
See if that will work for you.

Regards,

Donna

Patrick Aug 15, 2010 9:12 AM

Rkill doesn't work anymore

The first time my computer was infected, both rkill and malwarebytes' scanner worked. However, after I tried out Norton's antivirus and later removed it, the computer got infected again, and this time neither rkill.com nor malwarebytes' scanner worked. I have been trying to remove this malware since yesterday.

Donna Buenaventura Aug 14, 2010 1:27 AM

Glad it's working now, Nick!

Nick Aug 13, 2010 10:45 PM

Thanks

Thanks Donna, number 1 was the problem and I had it backwards as I kept checking the box. I feel like an idiot but thanks for helping me out.

Donna Buenaventura Aug 13, 2010 3:43 PM

Hi Nick,

Hello Nick,

You can try three things:
1. Open Internet Options>Connection tab>LAN Settings. Under Proxy Server, make sure that "Use a proxy server..." is not checked. Uncheck it if it's selected. Click OK to apply the changes then try to connect to the internet again.
2. If the above won't work, make sure the hosts file in Windows is not hijacked or modified by malware. Reset the hosts file by using the Fix It solution in http://support.microsoft.com/kb/972034
3. Another method to use it fix Winsock that may have been damaged by the rogue program. Use the fix it solution in http://support.microsoft.com/kb/811259

Regards,
Donna

Nick Aug 13, 2010 1:05 PM

Donna,
I was having trouble with a trojan called antivirus solution scan. I ran rkill and although it did not run like the steps illustrated, it must have worked because my maleware began working again and showed the trojans. The only problem I see right now is that I am not able to get on the internet. What can I do now to get back up an running? Any help is appreciated.

Donna Buenaventura Aug 5, 2010 2:15 AM

Mike,
Can you try using Process Explorer from Microsoft: Explorer from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
To shut down the task of SecurityTool then immediately update and scan using your preferred anti-malware scanner but it's best to use the ones that definitely detects Security Tools rogue program.

Mike Aug 4, 2010 2:12 PM

Rkill

Security Tool won't let me open any of the rkill extensions. What can I do to remove it?

Donna Buenaventura Jul 29, 2010 11:49 AM

Tom,
Can you temporary stop/disable parental control and try to run rkill again? You need administrator account to get rid of rogue application and to use rkill to stop the malware processes.

Tomomi Jul 29, 2010 8:47 AM

Rkill.com does not work

Please help me. My computer had parental control so when I realized that I had to turn off my computer when I got download rkill.com...I guess that might mess my computer up? windows cannot open this file...that is what said everytime when I double click rkill. please help me

Tom Jul 29, 2010 8:45 AM

rkill.com - windows can't open this file.

I had to close the computer after I download rkill.com first time. because my computer had parental control. so now when I try to open the file. it does not work. can you please help me?

Donna Buenaventura Jul 28, 2010 5:04 PM

Mark,
Sorry to hear it's not working there. Did you try Process Explorer to end the processes of the two rogue programs?

If it will not help too, then you need to try booting to safe mode then do this:
While in safe mode, right-click Security Tool icon to check the location. It usually install itself in C:\Documents and Settings\All Users\Application
Delete the Security Tool folder.
Scan using MBAM while in safe mode. Let it delete what it can delete.
Reboot normally. Re-scan the computer using MBAM's quick scan.
Let me know what happens.

Note: I will go to bed now.. it's 5AM in my location :(. Will get back to you on your next reply.

Mark Jul 28, 2010 4:06 PM

Follow up

Donna,

I have tried all of the items you suggested, but Security Tool keeps blocking any attept I do to try and save to my desktop. I've even tried with a jumpdrive and the malware actually deleted the exehelper files off of the jumpdrive.

Any thoughts? Should I try saving the files to my desktop in safe mode and running the apps in safe mode?

Thanks!

Donna Buenaventura Jul 28, 2010 3:48 PM

Yes, Mark. Use exehelper in normal mode only which is the same procedure in using Rkill. You need to save it the desktop and run so the malware processes is killed before you will update MBAM and then scan.

Regards,
Donna

Mark Jul 28, 2010 3:14 PM

RKill

Thank you Donna - I will try your recommendations.

Do I need to run these in Safe Mode or should I just start up my laptop as I do normally?

Also, do I need to save these files to my desktop, or can I simply put them on a jumpdrive? I am downloading these files on a different computer and saving to my jumpdrive.

FYI - I am running Windows XP, not sure if you needed to know that or not.

Thanks

Donna Buenaventura Jul 28, 2010 1:02 PM

Mark,

Did you try using exehelper.exe if rkill won't work?
http://www.raktor.net/exeHelper/exeHelper.com
http://www.raktor.net/exeHelper/exeHelper.scr

If exehelper will not help, try to download Process Explorer from http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Use it to locate Antimalware Doctor.exe process then kill it/end its task.
Locate the process of SecurityTool which is numbers only e.g. 4946550101.exe

Immediately open Malwarebytes' then update it. Scan only after updating MBAM.

Good luck!

Mark Jul 28, 2010 12:37 PM

Rkill files

I have downloaded all the Rkill files and have saved them to my desktop and have tried to start up each file many, many times and never have any luck with them starting up. I've also attempted to put these files on a jumpdrive and start them from there - no luck. I've also "renamed" the files so Rkill was not in the file name - no luck. Lastly, I've tried putting one of these Rkill files in my Startup file to try to "beat" start up quicker - no luck.

I am infected with both Antimalware Doctor & Security Tool.

I have even gone the route of starting in safe mode, running a full scan in McAfee. This scan found about 24 various trojan viruses, etc. I then ran the MBAM software in safemode, which found a bunch of malware. I tried restarting my computer and I was still infected.

I have NO CLUE what I should try next. Any suggestions??? PLEASE HELP!

Thank you!

Donna Buenaventura Jul 26, 2010 1:20 PM

Jack,
Open the control panel for Internet Options, select the Connections tab, and then click LAN settings. Uncheck the box before Use a proxy server for your LAN.

Can you please post in your reply the name of the program that Windows has blocked to start? This is normal behavior by UAC in Windows Vista or 7, if there is application trying to load during startup but not UAC aware. If the blocked application is unknown to you, you need to get rid of it as well.

Jack Jul 26, 2010 12:40 PM

wont let me connect to internet

Hi Donna, I have recently got rid of the 'anti malware doctor' virus on my computer by using the instructions on the bleepingcomputer website-using the rkill link then downloading malwarebytes. The virus only seemed to disrupt things on my main user account, so I was able to remove it from my system on an alternative account. All traces of the virus seem to have dissapeared but now when i log onto the main account it informs me that 'Windows has blocked certain startup programs'. Also, I cannot connect to the internet on this account, which windows diagnoses as 'Only2Clicks.com is not set up to establish a connecion on port World Wide Web service (http) with this computer. Verify the current proxy server configuration.'
I dont know what this means but am sure it has someting to do with the virus or removing it because it is only present on the main account. Any help with this situation would be much appreciated

Darlene Jun 4, 2010 9:22 PM

When exactly can i/do i reboot?

Still in safe mode with networking I ran rkill.com and now running MBAM and super anti spyware simultaneously.

When exactly can i/should i reboot to start using computer again, see if all is well? Immediately, or is there a preferred waiting period? All i've read so far is not to reboot, hopefully i misunderstood?

Thanks.

gene May 11, 2010 12:45 PM

rkill worked for awhile

I finally got it to work when i downloaded to a thumbdrive then opend qucikly during boot up.. it stoped the antivirus soft but now I cant access the internet? also when I reboot the antivirus comes back.. When I use the Rkill it stops part way through. should I keep runing it? please help thanks

JerryC101 May 5, 2010 10:09 PM

rkill runs, doesn't kill

I'm helping a friend. He got security tool. I have been to the bleepingcomputer site and got rkill and mbam which I put on the machine from a flash drive. Mbam won't install or run, whether renamed or not. rkill comes up but ends almost immediately, and security tool keeps popping up its boxes. I ran it at least 30 times. Task manager, msconfig, regedit, safemode, not accessible. forced reboot cannot access taskmanager either, after 20 tries.
How about mounting the drive as slave in another comp, and mbam from there?

Thomas Larkin May 5, 2010 8:51 AM

I had a person use Rkill to terminate the virus process but they rebooted their PC and now windows wont load at all. Is there a fix to this problem. I read somewhere that you should not reboot your PC immediatly after running Rkill. I was too late in getting the information to the person. Short of a fresh system install, is there a way to get the OS working again?

mosses Apr 28, 2010 6:17 PM

mosses

thank you so much... i tried the 1st link about 6 times and it finally worked.. i downloaded malwarebytes anti malware and run it and finally deleted that pesky security tool virus...great job!

Matt Apr 20, 2010 12:39 PM

Finally Worked

This process did finally seem to work for me. It appeared to help to rename all the files involved before bringing them onto the infected machine. Just kept re-running per Donna's advice

Tess Apr 18, 2010 12:22 AM

How to run rkill w security tool

Security tool would not allow me to run rkill no matter how many times I tried.It kept blocking it. I tried renaming rkill and repeatedly ran it, but nothing worked. I finally got past it by logging on as a guest. I was then able to run rkill, then was able to download malwarebytes. It removed the virus. Note I had to download all files to a thumb drive then copy to my hardrive to get anything to work. This was a very stubborn virus. Hope I don't see it again.

Ambia Apr 15, 2010 10:02 AM

It Wont Let Me Down Load Rkill It says dat I might have a full disk. What should I Do.

Steve Apr 11, 2010 9:27 AM

Disable Rkill?

Rkill is still on my computer, it wont let me download anything... How do I remove rkill from my computer permantly?

Jennifer Mar 28, 2010 8:58 AM

Security Tools Virus

I opened up my laptop which is running on Windows 7 and this Security Tools Virus pops up and I can't do anything. I tried yesterday to pull up rkill.com and the screen froze. I can download this on my desktop, but if my laptop is frozen will I be able to transfer the fils from the external hard drive to the laptop???? I tried to transfer important files to the external hard drive from the laptop and I was not able to do it......How can I get this virus off my computer, without going to the store and paying over $200 again for them to wipe my system??? I just invested about $500 in this issues a few months ago with my laptop and now another virus comes......I have all the virus protection and spyware in the computer and the virus still finds a way.....HELP!!!!! Donna I guess you can answer this question....

Wiizau hellaS Mar 20, 2010 9:53 AM

thanks donna, it works perfectly for me to remove personal security virus scanner. furthermore i use the combofix to cleanup other problems.

bethany! Mar 9, 2010 11:28 PM

same problem as sam

i'm experiencing the same problem with rkill that sam is. it's a touch annoying and i'd very much like a solution.

Donna Buenaventura Mar 7, 2010 9:30 PM

Matt, follow my advise to Ray. You have to keep trying in executing and running rkill and exehelper or try the other one http://download.bleepingcomputer.com/grinler/eXplorer.exe

Donna Buenaventura Mar 7, 2010 9:29 PM

Ray, you will need to keep trying by executing rkill or exehelper many times. It is going to run after some try. I tested rkill and exehelper in a test system with Security Tools rogue program on it. It took me 3 times to succeed in making rkill and exehelper to stop the malicious processes by Security Tools. You also need to show the desktop. See the updated guide in http://www.bleepingcomputer.com/virus-removal/remove-security-tool

Matt Mar 7, 2010 1:22 PM

Not able to run rkill, iExplore, exeHelper

Hi Donna, I have the Security Antivirus scareware. I have tried all versions of rkill but get the message "Windows cannot open this file: pevrk.exe" while I try to run any of them. The same thing happens with iExplore.exe

My (Windows Vista) system won't run exeHelper.scr because it thinks it's a screensaver, and I get a file not found at www.raktor.net/exeHelper/exeHelper.com

The closest thing I've come to success with this is downloading Malwarebytes to a different computer, renaming it, then bringing it over to the infected computer. Malwarebytes finds several Security Antivirus files only when I do that, and I remove them, but the virus is back on restart.

I have to believe not being able to run rkill is keeping me from removing the SA virus. Any tips from here?

Thanks so much for your responses here.

Ray Mar 7, 2010 10:53 AM

Help

So i just got security tool out of no where and i was trying to get rid of it with your instructions and security tool calls it a laser somethimg and it doesnt come up. Wat do i do?

Donna Buenaventura Mar 5, 2010 11:10 PM

Sam, What operating system do you use? If you're using XP. Just try using this:
Go to http://www.dougknox.com/xp/file_assoc.htm
Download the EXE File Association Fix in the list. Try using it to fix the exe associations.
You can also use in Vista and Windows 7 but run as admin by right-clicking the file.

sam Mar 5, 2010 5:11 PM

quick question

I ran rkill.exe and it all worked fine, but it keeps asking for my admin password for each program i try to run. How do i disable it once im finished removing the malware?

Donna Buenaventura Mar 4, 2010 7:46 PM

Charles,

Try the other one: http://download.bleepingcomputer.com/grinler/iExplore.exe
That's a renamed rkill.

charles Mar 3, 2010 7:03 PM

Windows cannot open this file???

Everytime I try to run rkill it tells me windows wants to know which program I want to use to open it. What should I do?

Donna Buenaventura Feb 20, 2010 4:38 PM

To Terry

This message is for Terry. I'm not sure why your comment is not appearing in this article but I have received the notice about your comment where you wrote:

"Hi Donna, I caught InternetSecurity 2010 and killed it with rkill/MBAB (so I thought). I now have Antivirus software alert. So far I can't get any of the 4 rkill versions to work and I've tried the two other ones you recomended. Please help, my laptop is toast."

Terry, please try using the new one by BleepingComputer.com - download iExplore.exe from http://download.bleepingcomputer.com/grinler/iExplore.exe which is also rkill.com but a renamed one. There are incidents where rogue antimalware programs like "internet security 2010" will prevent popular and helpful tools like rkill and exehelper. Renaming can help to bypass the rogue application. Give it a try. The complete removal guide is in http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

Regards,
Donna

Terry Feb 20, 2010 4:20 PM

Antivirus soft

Hi Donna, I caught InternetSecurity 2010 and killed it with rkill/MBAB (so I thought). I now have Antivirus software alert.

So far I can't get any of the 4 rkill versions to work and I've tried the two other ones you recomended.

Please help, my laptop is toast

Donna Buenaventura Feb 11, 2010 2:18 AM

Paul, You will need to use another computer to download rkill or exehelper files. Save the files in flash drive for use in the computer that have rogue antivirus software.

@odeho19,
it's only a file extension but how it will work or run is exactly the same as how its .exe, .pif, and .com format will.

Paul, UK Feb 9, 2010 6:45 AM

But how to download Rkill

I have quite a nasty piece of malware called Paladin Antivirus.....unfortunately this is not allowing me to enter any page that has rkill on it so I cannot download it to stop the malware.......Has anyone got any ideas that could help.

odeho19 Feb 9, 2010 6:31 AM

www.raktor.net/exeHelper/exeHelper.scr

That wasn't my point to my query. I'm not concerned in the least if my anti-virus detects this tool or not. If it does detect it, then good. I know how to "add it to the exclusion list" as suggested. And that will prove to me that my AV is working.

My point was, how is a product that is a "screensaver" going to detect, and remove anything from my computer? It's file extention is ".scr". That makes it a screensaver. Not an "Anti-Malware tool". How is this going to help? Or am I figuring this out wrong?

Thanks again.

Donna Buenaventura Feb 9, 2010 5:55 AM

Hi odeho,
You have to add rkill and exehelper in exclusion list or ignore. You should also report it to the antivirus vendor that their detection to it is a false positive. It is known though that antivirus will detect something on such file extension but if they will have copy for analysis, they should be able to detect that it's clean and safe.

Regards,
Donna

odeho19 Feb 8, 2010 1:20 AM

I wanted to download this tool, in case I needed it myself or for someone else in the future. I had already downloaded the other one, (.exe version), and when I went to scan this download for viruses itself, I noticed that it's listed as a "screen saver". What gives? How is this going to detect and remove anything bad from my system as a screen saver? I'm just curious. Thank you for all of your other help!

Donna Buenaventura Feb 5, 2010 1:41 PM

@John,
Glad to hear the other file format of Rkill worked for you. It's why we have to try another file format if exe will not work.

@Reggie,
Good to hear that Norton has removed the malware. That's great news!

Reggie Feb 5, 2010 1:08 PM

Hey

Hey Donna,

thanks a lot for taking your time to make the suggestion. I actually have Norton Antivirus on my computer and i thought the Antivirus Soft was stopping that from working which was the case for a while, so I started using all these spyware programs.

But after like 4 or 5 hours and restarting my computer several times Norton detected the TrojanFakeAntivirus and deleted it for me.

So...i'm good. But really...thanks for taking your time. Very much appreciated!

john Feb 5, 2010 12:32 PM

rkill not working

Hi
I have found that many times rkill.exe will not work because of the type of virus/spyware that is on the pc. So I switched to using the rkill.com and have had alot of luck with it. My company sells and repairs pcs and so far rkill.com has proved the best I have found so far. Good Luck fellow spy fighters

Donna Buenaventura Feb 5, 2010 5:44 AM

Hi Reggie,

Try to use rkill again or use exehelper:
You can download it from http://www.raktor.net/exeHelper/exeHelper.com or http://www.raktor.net/exeHelper/exeHelper.scr
It works like rkill

If MBAM could not remove the rogue properly, download SUPERAntispyware and A-squared Free:
A2 Free (A2) http://www.download.com/A-squared-Free/3000-2239_4-10262215.html
SUPERAntispyware (SAS) http://www.download.com/SUPERAntiSpyware-Free-Edition/3000-8022_4-10523889.html
Use that scanners at once after rkill or exehelper has done their job to bypass the scareware, antivirus soft program.

Do not reboot but install the programs then run an update then a scan.

Let me know how it goes.

Reggie Feb 5, 2010 5:22 AM

Problem

So i used rkill and i also ran malaware bytes right after. The first time i ran malaware bytes it detected the "antivirus soft" that was on my computer. so i deleted it. But now when I start up regularly again, the antivirus soft is still there.

I tried using rkill again and then using malaware bytes again as well and now it doesnt detect the presence of "antivirus soft" when i run the scan.

I also tried installing another spyware program but it wont let me in safe mode now. I tried installing Spyware Search and Destroy. The download worked and then it wouldnt allow the program to connect to the server for update.

Any idea of what's wrong

Donna Buenaventura Jan 30, 2010 11:29 AM

Hi Delica,

Try running rkill few times if the first try will not properly. If the problem continues, please try to use exehelper. You can download it from http://www.raktor.net/exeHelper/exeHelper.com or http://www.raktor.net/exeHelper/exeHelper.scr
It works like rkill. Immediately run a scan after the tool finished in bypassing the rogue/ransomware Internet Security 2010.

Delica Mattox Jan 30, 2010 7:09 AM

rkill trouble

I'm infected with Internet Security 2010. When I open rkill, the black box that says it's terminating known processes stays on-as I understand it, it's supposed to disappear after a minute. Mine just stays on and I still can't run Malwarebytes. Any suggestions?

Thanks!!

Donna Buenaventura Jan 27, 2010 5:52 PM

Tammy, it's normal for the command prompt to disappear after rkill finished shutting down the malicious processes. It's not supposed to run all the time.
You need to scan using anti-malware to proceed cleaning the system, right after rkill finished.

Tammy Jan 27, 2010 7:01 AM

running rkill on W7

I get the screen for a second that says it's removing, but the it quicklu goes away. Is it running? It's not visisble in the task windonw...the "bad home page went away, but I still have nothing!

sharad Jan 23, 2010 4:26 PM

good article

very helpful article..need to explain more about rkill

How to use Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 1

Introduction

What is Rkill?

Where to Download and How to Use Rkill?

Comments