Use Rkill to Stop Malware Processes

Melanie Gross
Jul 29, 2011
Updated • Dec 16, 2012
Security
|
1

Rkill stops malware processes from running. It is useful because active malware processes running on your PC may not be detected by antivirus software. You can always go to the Task Manager in Windows to view active processes. If you cannot identify them, or they are blocked from the Task Manager list, you will find that the easy-to-use Rkill will stop the processes and identify them. Then you can run your antivirus program to remove the malware.

Rkill is a free utility offered by bleepingcomputers.com. Here are the links to give you the different versions:

  • http://download.bleepingcomputer.com/grinler/rkill.com
  • http://download.bleepingcomputer.com/grinler/rkill.exe
  • http://download.bleepingcomputer.com/grinler/rkill.scr
  • http://download.bleepingcomputer.com/grinler/eXplorer.exe
  • http://download.bleepingcomputer.com/grinler/iExplore.exe

The different versions are offered as many malware processes will execute through various paths. You will need it at some point when operating a PC. This will not remove malware or repair damage caused by malware. This will simply stop the processes from running. Once you download, you can save the file and run a security scan. It is doubtful that you will find any security risks, but just stay on the safe side and check before running the utility. Once you start Rkill, this screen will open:

This process can take a long time to complete. You can temporarily disable antivirus and anti-spyware programs as they will often recognize Rkill as a threat and disable it. It may sound crazy to disable antivirus software and it is not a move without risk. It is better to go into your antivirus software and create an exception for the Rkill version that you use and leave the rest of the antivirus running as is. After Rkill is prepared, it will indicate that it is terminating malware processes.

Close applications to make this faster. The “Please be patient” message is no joke. You might wait 30 minutes and you might also wait for hours. The wait is worth it. When Rkill has completed its task, it will show a screen like this:

Please note that Rkill's main purpose is to prepare the system for the disinfection of malicious software. That's why you see Chrome and rundll32.exe in the list above. It does not mean that those processes are malicious.

The next thing to do is open your antivirus software and run a scan. A prior scan did not pick those cookies up before running Rkill. The advantage is obvious. Select all and delete from quarantine. It is a good idea to use MalwareBytes, another free utility to run a basic malware scan. This can be run in conjunction with the antivirus scan on Windows 7 as long as your PC processor can handle the load. The general rule is to run MalwareBytes separately to avoid confusion. It has been found favorable to run a good antivirus scan first and then run MalwareBytes. Obtain the free download for MalwareBytes here:

Use the free download or purchase the full version. The free download is sufficient as long as your antivirus is up to date. After following the prompts, MalwareBytes will open and you should just run a quick scan. It will detect any remaining malware that your antivirus may have missed. By running the antivirus before MalwareBytes, everything was removed. When MalwareBytes completes a scan, it shows a screen with the results. Nothing was found here because my resident malware protection removed the malware already.

That is all there is to it. If in doubt about malware, try Rkill and see what is actually going on in the background.

Please note that Malwarebytes is just a suggestion. There are other free tools out there that you can use to scan your system, Dr. Web Cure It for instance.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. TechLogon said on July 29, 2011 at 12:20 pm
    Reply

    Excellent program. I use it all the time but have never known it take more than a couple of minutes – even on a highly infected PC. Maybe I’ve been lucky?

    Malwarebytes is still great for a single user computer but if you have multiple users you really need to run it once on each user account which takes time – a quicker alternative is SAS (SuperAntiSpyware) which covers all the user accounts in a single scan.

    Deleting temporary files (e.g. using Ccleaner) will greatly speed up the scanning, whatever anti-malware software you use.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.