Rkill: Malware Process Terminator and Anti-Malware Assistant

Introduction

Scareware or Fraud Tools are applications that will display a fake scanner in your system. It is promoted or pushed by malware distributors (Trojan Horse virus creators) to scam people. The rogue software makers are aware that many people will avoid visiting their website so they’ve decided to push their rogue and malicious software using another tactic – to scare people by first infecting the system with Trojan installer. When executed, it will try to shock or scare the end-user by displaying a fake scanner. Some of this scareware will not let you scan the system using legitimate anti-virus or anti-malware applications. It will also block in loading critical system tools: Task Manager, Startup Configuration Utility (msconfig) and Registry Editor (regedit). On this article, we will discuss how Rkill tool will assist your anti-virus or anti-malware in cleaning up the PC.

What is Rkill?

Rkill is created by Microsoft MVP Lawrence Abrams (also known as Grinler in several security forums) of BleepingComputer.com. Rkill is malicious software process killer and anti-malware assistant because it will terminate the active processes of malware that is blocking your anti-malware, anti-virus, Task Manager, Process Explorer, Registry Editor, browsers and any other programs in loading. When it finished unloading or terminating malicious processes associated to rogue or malicious program, you can proceed to scan and clean the system using anti-malware or anti-virus program.

Where to Download and How to Use Rkill?

Rkill is a free download from BleepingComputer.com and available in different file extensions:

• rkill.exe https://download.bleepingcomputer.com/grinler/rkill.exe
• rkill.com https://download.bleepingcomputer.com/grinler/rkill.com
• rkill.scr https://download.bleepingcomputer.com/grinler/rkill.scr
• rkill.pif https://download.bleepingcomputer.com/grinler/rkill.pif

The file size is less than 300kb only (257kb to be exact). To use Rkill, simply execute rkill.exe. You should see the command prompt window indicating that rkill is terminating known malicious processes. The command prompt will disappear when it finished and you will find ncmd.cfxxe, rkill.reg and pev.exe which are created by rkill. If you will execute rkill.exe again, those files will be removed by rkill. You can also manually delete rkill and other files it added after you’ve finished in using or cleaning the system.

Note: You do not need to execute the entire file format of rkill but use each at a time; only if the first one will not run at all (if the command prompt window displaying rkill is in the process of terminating the malicious processes is not shown). If you using Windows Vista or Windows 7 with UAC enabled, you will need to right-click rkill and choose to run as admin.

This post is part of the series: Rkill: Malware Process Terminator and Anti-Malware Assistant

Are you having difficulty to remove fraud tool using your anti-malware or anti-virus program. Rkill will assist your scanner and remover in terminating malicious processes. Read the series of article about Rkill by Lawrence Abrams.

1. How to use Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 1
2. Rkill: Malware Process Terminator and Anti-Malware Assistant - Part 2