RKill is not
a comprehensive malware removal tool...it is a specific utility designed to terminate the most common malicious processes that prevent other security tools from being executed and used to disinfect the system. When RKill is able to terminate these processes and fix certain registry keys, that usually allows other tools to perform scans and clean up routines to remove the infection.
RKill - What it does and What it Doesn't - A brief introduction to the program
RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools...
All files listed in an RKill log are not
necessarily malware related. The list of processes shown as terminated are any processes that were killed while RKill was running even if those processes were not terminated directly by RKill. In addition to killing common malicious processes, RKill also terminates executable files running from a user profile by design
. Programs should not be running from a user profile as they are meant to hold data, preferences, settings, and configuration files. Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from and the user profile is a common hiding place
for malicious files. For some reason Google Chrome continues to have their programs execute from within a user profile so that is an issue with Chrome, not RKill.
If you are able to run Malwarebytes Anti-Malware and other security tools without them terminating, there is no need to run Rkill
so using it is not required in all situations.
Edited by quietman7, 07 December 2010 - 10:20 AM.