Tag Archives: Rkill

Download RKill – Free Antimalware Specialty Removal Tool

Multiple antimalware developers are now reporting, we are currently being exposed to approximately 70,000 new malware threats EVERY day!

Unfortunately for those of us who have to deal with this onslaught, much of this malware is smart – very smart. So smart in fact, that in many cases malware will recognize that the infected user is attempting to launch an antimalware application, and abort the launch.

At this point, many users give up and resort to more drastic measures, including a disk wipe, reformat, and an OS re-install. Thankfully, there is another option.

Larry Abrams over at BleepingComputer, perhaps the best web site of its type, where free help is available for many computer related problems, including the removal of rogue software, has developed an excellent free tool to deal with this problem.

Here’s how Larry describes RKill –

“RKill is a program developed at BleepingComputer.com that was originally designed for the use in our malware removal guides. It was created so that we could have an easy to use tool that kills known processes that stop the use of our normal anti-malware applications. Simple as that. Nothing fancy. Just kill known malware processes so that anti-malware programs can do their job.”

Graphic courtesy of Bleeping Computer.

If you deal with malware removal on a regular basis, or you’re a “super user”, and I know many of you are, I highly recommend that you add RKill to your antimalware toolbox.

RKill is available at the following download sites:

RKill.com Download Link

RKill.exe Download Link

RKill.scr Download Link

eXplorer.exe Download Link

iExplore.exe Download Link

Note: Because RKill may exhibit behavior similar to the malware it is designed to shut down, your AV may recognize it as malware. This condition is not unusual when dealing with antimalware specialty tools. RKill is a safe application.

Before using RKill get more complete instructions here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Anti-Malware Tools, downloads, Free Anti-malware Software, Freeware, Geek Software and Tools, Malware Removal, Manual Malware Removal, Recommended Web Sites, Software, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

Life in the Malware Trenches – Killing Worm.Win32.NetSky and Internet-Security 2010

Guest writer PJ Liberatore (aka as Cappydawg, to many of my fellow bloggers), takes you into the real world of virus removal, by relating her successful experience in removing Worm.Win32.NetSky, a component of the insidious scareware application, Internet Security 2010.

Recently, I had the experience of helping a co-worker with a virus on his Netbook.  He had mentioned to me, that his Netbook was popping up all kinds of strange messages, stating he was infected with numerous Trojans – so he was going to take it to the “geek people”.  I offered to take a look at it for him instead, and maybe save him some money.

When I turned on the Netbook, right away I noticed it took much too long to boot.  I made sure I had turned off the WIFI connection so that it wouldn’t go out to the net, and attempt to download more suspicious files. When it finally reached the desktop, it told me:

Security Warning! Worm.Win32.NetSky detected on your machine.

Immediately, another screen popped up listing more Trojans! This screen looked suspicious to me, since my co-worker had McAfee Antivirus installed and yet, the screen read “Internet Security 2010“.

At this point, I had 3 screens open, all of them warning me of these potential hazards on this Netbook.  One of these screens started up Internet Explorer (I wasn’t worried, since I had WIFI off), and I noticed the web address read: buyinternet-security 2010.com. I knew then, I had a bugger of a virus staring at me.

Before I show you how I got this cleared up, let me tell you a little bit about this virus.

Internet Security 2010 gets installed via malware, and will quickly setup to start every time Windows is booted.  It will also load a number of Trojans on your computer.  Once infected, the next time you boot up your computer you will be notified that you are infected with Worm.Win32.Netsky. This is exactly what happened on the computer I was trying to fix.

What makes the virus a real bugger is, it blocks certain applications and when that happens, you get the warning “File is infected”. It will then recommend that you activate your antivirus.

But it is really trying to get you to buy Internet Security 2010.  DON’T DO IT! Second, another Trojan that comes with this virus warns you to purchase a codec called, VSCoded Pro.  DON’T DO IT!  All this virus wants is your credit card number, and whoever is behind it, will have a field day with it.

Now that you have a little information about this virus, let me tell you what I did to remove it.

My first step was to research this on the internet using my own Laptop. I began my search with “buy internet security 2010.com”.  I choose a few articles from the results, and read through them to get some advice on squishing this bugger.

It recommended in the articles, that I download a program called Rkill.  Rkill is a small, freeware program, developed by Microsoft MVP, Lawrence Abrams, that helps stop malware processes; it’s also portable.

It’s available in four file formats; .exe, .com, .scr and .pif.  If you are wondering why four different formats, it’s because malware is getting smarter all the time – some malware can block the execution of an anti-malware tool executable file. For more information on this tool, check out Technibble’s write up.

I ran Rkill first, to stop the process of this virus. It took a while, but it did stop the process. I then pulled out my little USB tool drive, where I keep some of my favorite antispyware and malware tools, and downloaded the latest free versions of SuperAnti-spyware, and MalwareBytes Antimalware.

Next, I ran MalwareBytes in quick scan mode, and sure enough it found about 40 different Trojans. I cleared those, and then ran SuperAnti-Spyware in full scan mode.  It also found a few, so I proceeded with the removal process thru SuperAnti-Spyware. I then decided to run MalwareBytes again, but in full system scan, just to make sure nothing was missed in the quick scan. It found nothing.

Now feeling pretty confident that it was under control, I rebooted the machine. It booted quicker, and had no messages stating that Worm.Win32.NetSky was on the machine, or any other annoying pop ups. For added protection I ran Dr. Web Antivirus and it found nothing. One more re-boot, and all was good.

Since I was at it, I updated his antivirus definitions, and installed the free edition of SuperAntispyware.

It’s been 2 weeks now, and all is going well.

By doing a little research on the web, and taking it step by step, I was successful in removing this virus and, helped a co-worker save a little money.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Anti-Malware Tools, cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Free Anti-malware Software, Free Security Programs, Guest Writers, internet scams, Malware Advisories, Malware Removal, Rogue Software, scareware, Scareware Removal Tips, trojans, Viruses, Windows Tips and Tools, worms