It's actually not uncommon for anti-malware scanners to flag many of the tools used to dis
infect computers. This is due to the fact that in order to undo what the malware has done the repair tool has to make changes to many of the same files and settings that the malware does. This means that the detection signatures for tools like rkill will be very similar to the detection signatures for malicious programs. Usually, this false positives will be corrected in the next signature updates.
As you can see at this report
, several anti-virus scanners identify the latest version of rkill as malicious whereas the majority do not. While this does not prove that rkill is benign or malicious it does illustrate the point that no scanner is 100% accurate.