RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.
So in summary, RKill just kills 32-bit and 64-bit malware processes and scans the registry for entries that would not allow you to run various legitimate programs. When scanning the Registry, Rkill will search for malicious Image File Execution Objects, DisallowRuns entries, executable hijacks, and policies that restrict your use of various Windows utilities. When changing Windows Registry entries it will create a backup of these entries and save them in the rkill folder on your desktop. Each registry backup will contain a time stamp so that the backups are not overwritten on subsequent runs of Rkill.
Since RKill only terminates processes and does not remove the offending files, when it is finished you should not reboot your computer. If you do, these malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice. If there is a problem after running RKill, just reboot your computer and you will be back to where you started before running the program.
RKill can be downloaded from the following location:http://www.bleepingcomputer.com/download/rkill/
A report, rkill.log will be created in the root directory, usualy C:\. Post that report on your next reply, then proceed as follows without restarting the computer. Scan with ESET Online Scanner
Temporarily disable your AntiVirus and AntiSpyware protection - instructions here
- Please visit the ESET Online Scanner website
- Click the SCAN NOW button to download the esetonlinescanner_enu.exe file to the Desktop
- Select Enable detection of potentially unwanted applications
- In Advanced Settings: make sure that Clean threats automatically is unchecked
- And Enable detection of potentially unsafe applications, Enable detection of suspicious applications, Scan archives, and Enable Anti-Stealth technology are all checked.
- Click Scan
- The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
- When completed, the program will begin to scan. This may take several hours. Please, be patient.
- Do not do anything on your machine as it may interrupt the scan.
- When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
- Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.
Don't forget to re-enable previously switched-off protection software!