Pin Me

Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 2

written by: Donna Buenaventura•edited by: Bill Bunter•updated: 9/20/2010

This is the last part of the series of article about Rkill. In this section, we will discuss when to use rkill and what to do if rkill will not work on first try.

  • slide 1 of 4

    Example Incident to Use Rkill: Fraud Tool Infection

    Here’s screenshots of a desktop with “Security Tool" fraud tool:System with Fraud Tool Infection Once the system is infected, any applications or scanner that you launch or execute will fail to run. The fraud tool will intercept and display a dialog box that the legitimate and trusted application that you just opened is infected. If you’ve rebooted the computer, the fraud tool will continue to block the malware scanners and will display the alert as balloon notification using its icon.

    To assist your anti-malware in cleaning the system, you should download rkill files. If your browser will not launch, you will need to use another clean PC to get rkill files and transfer it to the infected system.

    Malwarebytes' Anti-Malware  Ad-Aware SUPERAntiSpyware Windows Defender A-squared Free 

  • slide 2 of 4

    Rkill In Action

    Here’s example when rkill.exe is launched:

    Rkill in Action Rkill has finished and succeeded in terminating the processes of Security Tool. You can open your browser to download and install any malware scanners or open any malware scanner to update and run a scan. On this example, I let Ad-Aware, A-squared, Malwarebytes’ Anti-Malware, Spybot – Search & Destroy, SUPERAntiSpyware and Windows Defender to scan the system to hopefully detect the fraud tool, Security Tool. All of these except Ad-Aware have detected the critical infection on the system:

    Quick Scan using Ad-Aware Full Scan using Ad-Aware Quick Scan using MBAM Quick Scan using SAS Free Smart Scan Using A2 Free Spybot-S&D Scan Quick Scan using Windows Defender 

  • slide 3 of 4

    What to do if Rkill will not run or terminate malicious processes?

    If you first execute rkill.exe but the command prompt window did not open, you should keep trying to open rkill.exe. During this review, rkill.exe did not open at all. After few tries in executing rkill.exe, it able to bypass the malicious processes of Security Tool and succeed in terminating the offending processes.

    If rkill.exe continue to not to run (after you’ve tried few times), you can proceed to use the other file format of rkill one at time until one of the file formats of rkill succeeded in terminating the malicious processes.

    If in any event that none of rkill format will help in terminating the fraud tool processes, you should go to’s Malware Removal forum for further assistance.

  • slide 4 of 4

    Final Words

    Rkill is not a rogue and malware scanner or remover. It is a useful tool that will assist your anti-malware by terminating the malicious processes. It does not a user interface and there is no need to configure. Once you execute rkill, it will only look for malicious processes that were added by Trojans or any other rogue and malware. If your anti-malware or anti-virus will continue to run when there’s fraud tool infection, you can still use rkill to assist the malware scanners because rkill will successfully terminate the malicious processes which will help the anti-malware in cleaning the system. Temporary disable your anti-malware’s real-time protection when it detected rkill as malicious or suspect.

    Keep Rkill files handy by storing it in your flash drive or in any location of your hard-drive. You’ll never know when you will need a great program!

Rkill: Malware Process Terminator and Anti-Malware Assistant

Are you having difficulty to remove fraud tool using your anti-malware or anti-virus program. Rkill will assist your scanner and remover in terminating malicious processes. Read the series of article about Rkill by Lawrence Abrams.
  1. How to use Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 1
  2. Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 2