Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rkill overkill? Doesn't like chrome.exe


  • Please log in to reply
1 reply to this topic

#1 plavin

plavin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 07 December 2010 - 06:47 AM

3rd attempt at posting here - operator error suspected ;-)

My osCommerce website got hacked and was infected with blackmailware which rkill and MBAM sorted, I think.

However when I run rkill now, I get

C:\Users\Paul\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Users\Paul\Desktop\rkill.com

I've been over the system with MBAM and it is happy, Norman is happy, ESET found and deleted three tmp files, BT NetProtect (an ISP version of McAfee's) has remained quiescent throughout - useless, in other words.

I uninstalled Chrome and reinstalled it.

Is rkill just allergic to Chrome or is there further ugliness to be undone?

I'm going to try ATF-cleaner next...

Thanks for any hints/clues/commiserations

Paul

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:29 AM

Posted 07 December 2010 - 10:11 AM

RKill is not a comprehensive malware removal tool...it is a specific utility designed to terminate the most common malicious processes that prevent other security tools from being executed and used to disinfect the system. When RKill is able to terminate these processes and fix certain registry keys, that usually allows other tools to perform scans and clean up routines to remove the infection.

RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools...

RKill - What it does and What it Doesn't - A brief introduction to the program

All files listed in an RKill log are not necessarily malware related. The list of processes shown as terminated are any processes that were killed while RKill was running even if those processes were not terminated directly by RKill. In addition to killing common malicious processes, RKill also terminates executable files running from a user profile by design. Programs should not be running from a user profile as they are meant to hold data, preferences, settings, and configuration files. Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from and the user profile is a common hiding place for malicious files. For some reason Google Chrome continues to have their programs execute from within a user profile so that is an issue with Chrome, not RKill.

If you are able to run Malwarebytes Anti-Malware and other security tools without them terminating, there is no need to run Rkill so using it is not required in all situations.

Edited by quietman7, 07 December 2010 - 10:20 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users