Rkill 2.9.1.0 Download

0 views
Skip to first unread message

Hilda Bagnoli

unread,
Aug 3, 2024, 5:02:07 PM8/3/24
to birpicaco

the other day my AntiVir detected something dodgy and so I denied it access and removed it. I then ran MalwareBytes and that detected 5 objects and removed them. But, the next time I turned my laptop on, I got a couple of error messages saying the Catalyst Control Centre had crashed, and my desktop background had not appeared. In addition, most of my files/folders were hidden. Though when I change it to show hidden files, I can still access them and all my files are still present and working.

So, obviously with this suspect behaviour, I tried to run rkill, but I got an error saying "Installation failed." and when rkill finally opens, it says "Access is denied" and it doesn't do anything. The 'Quick Scan' of Malwarebytes isn't picking up anything suspicious, and neither is the 'Complete System Scan' of AntiVir.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

The only remaining problem is that I still get a three-window cascade of 'installation failed' when I try to run rkill, but after clicking 'ok', rkill runs normally, without giving me the 'access is denied' message.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

We're not really allowed to give advice about specialist malware removal tools in the general forums because some of them can harm your computer if they are not used properly. The only reason I gave you the rkill download links is because it's one of the few programs that it's virtually impossible to harm your computer with. If you want to see what programs the experts use to diagnose and repair malware, you could browse through the Malware Removal - HijackThis Logs forum here. But please remember that most of these programs should only be used under expert guidance. There are also some excellent tips here for getting Malwarebytes to run on highly infected systems.

In fact, some infections will detect that you have launched an anti-malware tool such as MalwareBytes and close it down as soon as you open it, which makes your job much harder. This is the exact situation Rkill is designed for.

I tested this tool on a virtual machine which I had infected with a fake antivirus and Rkill killed the malicious processes without any problems. Of course, I then had to delete the malicious files manually as this is not a malware removal tool, but a malware process killing tool. It just stops the malware from running right now, allowing you work your computer technician magic.

First, the program was designed for the use in my malware removal guides so that I can have a tool that is easy to use and kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that we can use the normal anti-malware program to their job.

So in summary rkill just kills processes, imports a reg file that restores HKEY_CLASSES_ROOT\exefile\shell\open\command, removes policies that disable regedit, taskmgr, hides your desktop icons, etc, and removes a key used by a malware protection process. Then it kills explorer so it will restart and enable some of the reg changes. Other than what is listed above, it does nothing else. It does not create a report, because this tool was not made to be fancy but made made to help novice users remove malware through my guides. Maybe in the future I will include a report of what it has killed. It is not a priority though right now.

Additionally, due to time restraints the creator of it cannot support RKill on any site other than his site BleepingComputer. Its just too difficult to support multiple topics on multiple sites at the same time. So, he has created a single forum thread on his site for supporting RKill. If you need any Rkill support, please visit this thread. Comments will be closed here on Technibble.

While this application doesnt have it own site, it is from BleepingComputer which is one of the most trusted virus removal forums out there. Its not hard to make a pretty site for an application, but it is hard to be backed by such a respected site.

Some notes, like another user stated any process this program does kill gets restarted on next bootup. Even if it kills a process you do not want killed it should not matter during malware removal as the point is to be able to clean the machine not to use it at that time.

One thing about rKill though and is stated in instructions I read somewhere Antivirus 2010 and others may flag it as a virus, this warning is from the malware not your real antivirus in most cases and if from your real antiviurs is most likely a false positive.

As a final note. I have done 2 machines with the same issue using rKill and malwarebytes, both machines were done 4 to 6 weeks ago, encouraged the owners to purchase the pro version of malwarebytes, both machines are working just fine and have not been reinfected.

My name is Lawrence Abrams and I am the creator of the rkill tool and the owner of BleepingComputer.com. I was notified of this article and wanted to give some information about the tool and clear up some wrong information being provided by a certain commenter.

This is entirely inaccurate. As stated, this program only kills processes. It used to delete specific Windows Police Pro malware files, but I had removed that. If a process is terminated by rkill as an FP, then a reboot will fix it. Not sure where his claims stem from, but they are false.

Not sure how terminating processes that wil be started again on a reboot is running through a mine field. I think you need to do a little more due dilligence on a program before making such comments. As for BleepingComputer.com, which is much more than just forums, myself and the staff at BleepingComputer.com work incredibly hard to give our users safe and reliable information on how to fix problems and secure their computers. We monitor the forums so that there are no hot links to malware, remove email addresses that users post, and provide warnings when people instruct members to perform acts that could be deemed risky. So, yes I think the BleepingComputer.com forums are very reputable and I will stand behind that statement in every way. Regardless, this tool is not promoted in the forums. Its primary use is in the malware removal guides which are not publicly posted by our members, but at this time, only me.

Yesterday, I had posted a detailed explanation as to what Rkill does, why it is named what it is, etc. For some reason that comment has not been approved at the time of this writing (1/17/10 8:36 PM EST). I also sent an email to ne...@technibble.com asking about this but received an error stating that the email does not exist. If my previous comment is approved then you will know exactly what rkill does.

If what you say is true then you should be able to see that rkill in fact has no possible way to affect any of the programs installed on your computer. It does not delete anything, though it had at one point killed some windows police pro files, fixes some basic reg keys, and terminates processes. Rebooting will resolve any issues that occur from running the program. So your statement that rkill affects programs is entirely false.

MindyDee, those 3 files can be deleted. They were extracted by the program when it runs, and as the rogue terminated it, they were left behind. Now that your infection is gone, you can just run rkill again to delete the files or delete them manually.

Lawrence, as stated eariler I successfully used your tool but since there is not a lot of information can you please clear up one thing for me and the rest of us? Is this a program that will need a new version on a regular basis or once we have it will it be something we should just hold onto as is?

Personally, I always boot from a live CD (UBCD4Win) and manually check the registry for infections (startup, userinit, shell, etc), remove temp files, and scan system folders for bad guys (just sort by date and look for most recently modified files and check em out). Also check out AppData folders and program files and delete known trojan entries.

It also creates a log file as was requested by many users. Please note that the log file will show all processes terminated during the time that rkill is running, so if you close a program manually it will show in the list as well.

Lawrence, Thanks for the reply about the tool being updated on a near daily basis. The tool works well and maybe for those that it does not work on maybe they have additional bad programs that rKill just does not know about yet therefor causing rKill not to work for them.

For example, if you install a program which causes the system to crash, System Restore and roll back to a time prior to that installation. This only works for programs which properly register with the operating system.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages