BleepingComputer.com: RKill - What it does and What it Doesn't - A brief introduction to the program

Hi, first I'd like to thank you for all the hardwork. this is my question, i downloaded Rkill to a USB and copied it to the infected computer, this computer has been infected simultaneously by antivirus soft, Security tool, antimalware doctor, XP animalware 2010 and some AKM antivirus thing. I executed all versions of Rkill and the DOS screen pops out and the it disapears with no log. I left all warning go but and tried to execute it again but with no result. The onlione the seemed to work was Explorer version of Rkill but it only got to the screen saying to be patient and then the program ended. Am I doing something wrong? is it because I'm multiinfected? is there comething i can do? I know thi is not the best place to post this but please help!!!!!

Antivirus soft likes to kill rkill fast. You just have to keep running it until it sticks. Wish I had a more technical method but thats the one that works.

You can also try in safe mode.

Hello Larry, want to add my two cents, this program is wonderful. Took a clients laptop home this evening, infected with a rootkit and a couple of rogues, MBAM would not even install, after running RKill, it installed and cleaned up a bunch and them was able to run CF which took out the rootkit and even more junk everything is now coming up roses.

Thanks for a great program

Ken

I had tried to use RKill in the past without much success, but this time on a friends infected laptop, that I could not run or install any programs since it could not see the Sytem32\RunDll.exe file, even in Safe Mode, but while in Safe Mode, I was able to install and run RKill. Then I was able to install and run MBAM and it was able to clean up 3 rogue AVs, and another bug in the registry.

Then was able to boot into Normal Mode, run RKill again, MBAM, MS Security Essentials, and now SUPERAntiSpyware, and all is coming up clean!

THANKS Lawrence! You the MAN!

Have you taken down the download links again? I am unable to download.

Hi!

I'm using rkill.com and rkill.scr to try to stop a massive malware infection running here. I've read carefully the whole thread and i know your point is i must be persistent, but i've come across some trouble, i think.

When i execute rkill, it lasts for about 5 seconds alive before shutting down. No matter how many times i try. NOW, sometimes a red circle message turns up saying that file c:\rkill.log cannot be found; when i click OK, it shuts down. Does this mean it has actually tried to save a log in that location and it can't, or it can't open it?

Because the reason for that would be that my hard disk is h:, not c: . Does it try to save the log in c: by default? If it does, any solution?

Thanks a lot. I'm so willing to make it work; it seems a great idea.

As for getting it to run, not much I can do. As I said in my first post sometimes you have to just keep running it until it catches, and if that does not work, reboot into safe mode with networking and try your cleanup from there.

As for the drive lever of the log, you are right. I was putting it in the C: drive.

I have fixed it so that it will create the log on whatever drive Windows is installed to.

thank you so much!! This morning while browsing google on IE i somehow got the Antispyware Soft virus..
Well needless to say I got it around 8 am, and it is now 11 am and nothing worked until i found a link to RKill!

I mean it took 40-50 times before i got it to stick, but it got rid of it quick when it finally ran through!
I've now been able to fix my host file, run an antivirus scan and as soon as thats done run Malwarebytes!

Great Great program that i will continue to use!!

Is it possible rkill might terminate itself? I run it and almost immediately get the log window, which states "Ran as Doug on 05/09/2010 at 13:25:02.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\blahblah\Desktop\rkill.com


Rkill completed on 05/09/2010 at 13:25:04.

Thanks.

Most likely malware causing it to terminate.

I'll run malware bytes. I downloaded rkill after 2 computers in the house got the fake security warning thing, bankerfox or the like. If you have any other suggestions, I'd appreciate it.

Hello,

I recently had to remove some malware from a family members computer (anti-malware doctor). I attempted to remove it according to instructions found on bleepingcomputer.com. The instructions involved using rkill.exe then then installing malware bytes to remove the malware.

rkill did it's job, and i was able to run malware bytes and remove the malware. However, after malware bytes removed the infected files and I restarted my computer i was no longer able to run ANY programs. Whenever i would double-click on any program, or program shortcut, it would bring up the "open with" window where you need to select a program to open it with. After trying a few small fixes (such as replacing rundll32 which was suggested to me by a friend of mine) with no success i got frustrated and decided to simply re-format and re-install windows.

Could this have been an unintentional side-effect of rkill, or was it more likely due to files that were corrupted/removed when removing the malware?

Thanks.

No, I do not think rkill would have caused this.

My guess is that the particular malware changed the exe associations. You can use this to fix it, if it is not fixed already:

http://download.bleepingcomputer.com/regFixExe.reg

criscOSU, on May 9 2010, 08:28 PM, said:

I had the same problem, but before I did any of the above. Running RKill and MBAM actually fixed the problem for me.
Here is a link to that thread so you can see for yourself...

http://www.bleepingcomputer.com/forums/topic314085.html

When I try to run rkill, it asks what program I want to try to open it with..... Which program should I select?