Some types of malware will target security tools and files
(processes) by name so they will not run
. In some cases, the malware will flag and block these files by providing bogus (fake) alerts indicating they are malicious or infected. The malware does this deliberately in an effort to goad you into buying rogue security software
that claims to remove the infection. At the same time however, the malware will ignore and allow some selected processes (certain core system components
) to run. These core system components are usually critical system files which are necessary for the operating system.
Since the malware will ignore these files (processes), renaming
security tools to those with critical system file names allows them to run normally so they detect and remove the infection. An example list of such file used for renaming would be the following:
Knowing this work around, some security tools like RKill
by Grinler are already available in renamed versions for download as a convenience to the user.