[SOLVED] Kill persistent malware processes before running your security software

From: The Windows Club 6-7-2010

Sometimes persistent virus, spyware or malware processes will not allow a security software to run or to effect a complete removal of the infection, since these processes are themselves up and running on your Windows computer.


RKill is a easy to use tool that kills known processes that stop the use of normal anti-malware applications.

RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. Then it kills Explorer.exe so it will restart and enable some of the Registry changes. When done, RKill will then create a log listing all processes that were terminated while the program was running.

After running , it will display a log which will show the malware processes it has killed.


Now you should not reboot your computer as any malware processes that are set to start automatically, will just start up again.

Instead, after running RKill you should scan your computer using your malware removal tool of choice.

This will ensure a more complete removal of the malware which may have infected your Windows computer.

For download link & details visit BleepingComputer.

NOTE: It is HIGHLY recommended that you download RKILL when you need as it is updated on a daily basis at the BleepingComputer website, but does not have a auto update feature.
So download it when you need it so it will have the latest info.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Catilley1092 will probably like this post!

Thanks Nibs...very informative. I am postmarking it for future use.

Many of these malware programs protect themselves, when you stop one process another one watching restarts it. Is this effective against multiple programs at one time?

According to the BleepingComputer website, it does work on multiple processes running at once.

Check it out, it is a very interesting website and has a lot of information.

Here's a screenshot:

It also states that you may have to be persistent, starting the program several times to purge the malware. The tool appears to be worth having, I'll download it to my laptop and try it out on that first.

RKill looks interesting, will download and see what it can do on a test PC thanks Nibiru.

Thanks again, Nibs,
Keeping the info in my "anti bad stuff folder thingy"

RKill works very well !, we have a test computer in the workshop (core 2 duo, 3 gig ram, twin HDDs, and ATI Asus 4830 GPU, Windows 7 Pro - 32-bit) after deliberately turning off Avast and visiting some very strange web sites and downloading all sorts of cr*p the test computer (now called TC) had a few infections / things running, within about one hour (scans with RKill and Avast) TC was %100 clean. So to conclude we will be keeping RKill on hand .... it Works !

I have added a link to this thread from our freeware database because this is a good application for everyone to keep on a flash drive somewhere "just in case". You will need to update your copy periodically because this is updated when new processes are discovered. If at all possible, use an uninfected machine to retrieve it the day you actually need it.