Use Rkill to Stop Malware Processes

Third party security programs like this always make me nervous (yeah, I know, I’m a bit paranoid,) but this one sounds pretty useful …

Rkill stops malware processes from running. It is useful because active malware processes running on your PC may not be detected by antivirus software. You can always go to the Task Manager in Windows to view active processes. If you cannot identify them, or they are blocked from the Task Manager list, you will find that the easy-to-use Rkill will stop the processes and identify them. Then you can run your antivirus program to remove the malware.

Rkill is a free utility offered by bleepingcomputers.com. Here are the links to give you the different versions:

  • http://download.bleepingcomputer.com/grinler/rkill.com
  • http://download.bleepingcomputer.com/grinler/rkill.exe
  • http://download.bleepingcomputer.com/grinler/rkill.scr
  • http://download.bleepingcomputer.com/grinler/eXplorer.exe
  • http://download.bleepingcomputer.com/grinler/iExplore.exe

The different versions are offered as many malware processes will execute through various paths. You will need it at some point when operating a PC. This will not remove malware or repair damage caused by malware. This will simply stop the processes from running. Once you download, you can save the file and run a security scan. It is doubtful that you will find any security risks, but just stay on the safe side and check before running the utility. Once you start Rkill, this screen will open:

rkill

This process can take a long time to complete. You can temporarily disable antivirus and anti-spyware programs as they will often recognize Rkill as a threat and disable it. It may sound crazy to disable antivirus software and it is not a move without risk. It is better to go into your antivirus software and create an exception for the Rkill version that you use and leave the rest of the antivirus running as is. After Rkill is prepared, it will indicate that it is terminating malware processes.

Close applications to make this faster. The “Please be patient” message is no joke. You might wait 30 minutes and you might also wait for hours. The wait is worth it. When Rkill has completed its task, it will show a screen like this:

rkill-log

Please note that Rkill’s main purpose is to prepare the system for the disinfection of malicious software. That’s why you see Chrome and rundll32.exe in the list above. It does not mean that those processes are malicious.

The next thing to do is open your antivirus software and run a scan. A prior scan did not pick those cookies up before running Rkill. The advantage is obvious. Select all and delete from quarantine. It is a good idea to use MalwareBytes, another free utility to run a basic malware scan. This can be run in conjunction with the antivirus scan on Windows 7 as long as your PC processor can handle the load. The general rule is to run MalwareBytes separately to avoid confusion. It has been found favorable to run a good antivirus scan first and then run MalwareBytes. Obtain the free download for MalwareBytes here:

Use the free download or purchase the full version. The free download is sufficient as long as your antivirus is up to date. After following the prompts, MalwareBytes will open and you should just run a quick scan. It will detect any remaining malware that your antivirus may have missed. By running the antivirus before MalwareBytes, everything was removed. When MalwareBytes completes a scan, it shows a screen with the results. Nothing was found here because my resident malware protection removed the malware already.

That is all there is to it. If in doubt about malware, try Rkill and see what is actually going on in the background.

Please note that Malwarebytes is just a suggestion. There are other free tools out there that you can use to scan your system, Dr. Web Cure It for instance.


© Melanie Gross for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , ,

Link to Original Content

Tags: , , ,

Comments are closed.