Example Incident to Use Rkill: Fraud Tool Infection
Here’s screenshots of a desktop with “Security Tool" fraud tool:
Once the system is infected, any applications or scanner that you launch or execute will fail to run. The fraud tool will intercept and display a dialog box that the legitimate and trusted application that you just opened is infected. If you’ve rebooted the computer, the fraud tool will continue to block the malware scanners and will display the alert as balloon notification using its icon.
To assist your anti-malware in cleaning the system, you should download rkill files. If your browser will not launch, you will need to use another clean PC to get rkill files and transfer it to the infected system.
Rkill In Action
Here’s example when rkill.exe is launched:
Rkill has finished and succeeded in terminating the processes of Security Tool. You can open your browser to download and install any malware scanners or open any malware scanner to update and run a scan. On this example, I let Ad-Aware, A-squared, Malwarebytes’ Anti-Malware, Spybot – Search & Destroy, SUPERAntiSpyware and Windows Defender to scan the system to hopefully detect the fraud tool, Security Tool. All of these except Ad-Aware have detected the critical infection on the system:
What to do if Rkill will not run or terminate malicious processes?
If you first execute rkill.exe but the command prompt window did not open, you should keep trying to open rkill.exe. During this review, rkill.exe did not open at all. After few tries in executing rkill.exe, it able to bypass the malicious processes of Security Tool and succeed in terminating the offending processes.
If rkill.exe continue to not to run (after you’ve tried few times), you can proceed to use the other file format of rkill one at time until one of the file formats of rkill succeeded in terminating the malicious processes.
If in any event that none of rkill format will help in terminating the fraud tool processes, you should go to BleepingComputer.com’s Malware Removal forum for further assistance.
Rkill is not a rogue and malware scanner or remover. It is a useful tool that will assist your anti-malware by terminating the malicious processes. It does not a user interface and there is no need to configure. Once you execute rkill, it will only look for malicious processes that were added by Trojans or any other rogue and malware. If your anti-malware or anti-virus will continue to run when there’s fraud tool infection, you can still use rkill to assist the malware scanners because rkill will successfully terminate the malicious processes which will help the anti-malware in cleaning the system. Temporary disable your anti-malware’s real-time protection when it detected rkill as malicious or suspect.
Keep Rkill files handy by storing it in your flash drive or in any location of your hard-drive. You’ll never know when you will need a great program!