 |
Windows 7: Rkill – Repair Tool of the Week.
|
15 Jan 2010
|
| |
Win 7 Ultimate 64-bit. SP1. 1,236 posts |
Rkill – Repair Tool of the Week.
Comments from Corrine & Jacee sought!
Refer link - https://mvp.support.microsoft.com/co...awrence+Abrams
Rkill is made by a Microsoft MVP “Lawrence Abrams” and is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF Quote: The malware world is changing. It’s getting smarter.
In fact, some infections will detect that you have launched an anti-malware tool such as MalwareBytes and close it down as soon as you open it, which makes your job much harder. This is the exact situation Rkill is designed for. Read more - Rkill – Repair Tool of the Week | Technibble | My System Specs |
| System Manufacturer/Model Number LAPTOP. HP Pavilion dv7-4010TX .
OS Win 7 Ultimate 64-bit. SP1.
CPU Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory 8 DDR 3 RAM. 1066MHZ
Graphics Card ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays 17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution 1600 x 900.
Mouse Logitech Anywhere mouse. MX.
Case Laptop / notebook.
Hard Drives 640GB
Internet Speed ADSL [ but too slow ]
|
15 Jan 2010
|
| |
Win7 Enterprise, Win7 x86 (Ult 7600), Win7 x64 Ult 7600, TechNet RTM on AMD x64 (2.8Ghz) 8,577 posts SomeWhere in the HOT Arizona Desert ! |
Thanks JMH, I have a friend that just got hit by Internet Security 2010 Fake AntiVirus
Having a terrible time removing it, since it has dis-abled IE, MalwareBytes, Trojan Remover, etc. Hope this works  | | My System Specs | | Computer type PC/Desktop
System Manufacturer/Model Number Built them myself, Science Experiments !
OS Win7 Enterprise, Win7 x86 (Ult 7600), Win7 x64 Ult 7600, TechNet RTM on AMD x64 (2.8Ghz)
CPU AMD fx8350 4ghz, AMD-32 2400mhz, AMD-64 3200mhz, AMDx64 2.8G
Motherboard SIS 755, ECS-K8M890M-M (Ult 7600), GigaByte & others
Memory 2gb, 4gb on the Ult 7600, 4gb on Technet RTM, 32gb on FX8350
Graphics Card Draw my own Graphics, several nVidia cards
Sound Card on motherboard
Monitor(s) Displays 19" flat scr, 28" I-Inc widescr,22" Emprex Widescr, 23" Acer
Screen Resolution 1280 x 1024, 1440 x 900, 1920 x 1080
Keyboard Compaq & Dell recycled from GoodWill
Mouse Made in China Optical Wired Mouse
PSU 430w, 550w, 600w, 700, 800, etc
Case All Generic Full Towers
Cooling Open Air & a few fans, some w/ colored LEDs
Hard Drives 6 pata Ide HD's & 2 Sata HD's
added 80gb external on Ult 7600 computer,
numerous extra 1tb, 2TB, 3Tb SATA HD's
A collection of ext HD Docks w/ HDs
Internet Speed Fast Cable InterNet
Antivirus AVG Free on 24 different Desktops, NO Problems!
Browser IE 8 is preferred, but use FireFox sometimes
Other Info Linksys Routers, switches, & Hubs
Too Many USB Flash Drives to count, Biggest is 64GB !
Eight computers in my home network.
Sixteen computers at my business network.
Linked via TeamViewer !
Lots of old used spare computer parts everywhere!
|
15 Jan 2010
|
| |
Windows 7 SP1, Home Premium, 64-bit 7,566 posts |
I have never used Rkill, but I have made some notes on it from a respected source:
It is intended to terminate active rootkits. If your anti-virus program flags it as a malicious process, ignore the flag.
If a rootkit is active it may lie to or block access to MBAM.
DO NOT REBOOT after running Rkill, until you have run MBAM.
Note any malware Rkill reports as having terminated.
Open and run MBAM to fix any malware problems it detects. Save the report.
Delete any restore points
Run online scanners
Run Rkill again, don't reboot, then rerun MBAM. | | My System Specs | | System Manufacturer/Model Number Ignatz Special; 4 speed manual gearbox; factory air conditioning; one of one
OS Windows 7 SP1, Home Premium, 64-bit
CPU Intel Sandy Bridge i5-2500, not overclocked
Motherboard Gigabyte H67A-UD3H-B3, full ATX
Memory 4 GB Crucial DDR3-1333
Graphics Card none; graphics are integrated on CPU
Sound Card onboard: Realtek ALC892; external: USB Behringer UF0-202
Monitor(s) Displays NEC 90GX2-BK 19" LCD
Screen Resolution 800 x 640
Keyboard Leopold Tenkeyless with Cherry Blue switches, USB
Mouse Logitech or Microsoft optical wired; either USB or PS 2
PSU Seasonic SS-560KM, modular
Case Antec Solo II
Cooling CPU: Scythe Big Shuriken; Case: Scythe Slipstream 800 & 500
Hard Drives System: Intel 320 Series SSD, 80 GB;
Data: Samsung Spinpoint 103SJ, 1 TB;
Backup: WD Caviar Green WD15EADS-00P8B0, 1.5TB
Other Info Power consumption of this system, including monitor: 68 watts at idle; 144 watts at full load
|
15 Jan 2010
|
| |
Windows 7 & Windows Vista Ultimate 2,476 posts Upstate NY |
Quote: Originally Posted by JMH  Comments from Corrine & Jacee sought! rkill definitely has come in handy when people I am helping cannot launch standard programs such as MBAM because they are blocked by the infection.
Quote: Originally Posted by DocBrown I have a friend that just got hit by Internet Security 2010 Fake AntiVirus Take a look at the instructions here: Remove Internet Security 2010 (Uninstall Guide)
Quote: Originally Posted by ignatzatsonic I have never used Rkill, but I have made some notes on it from a respected source:
Delete any restore points
Run online scanners
Run Rkill again, don't reboot, then rerun MBAM. 1) Do NOT delete restore points until the computer is clean. The only harm in an infected restore point is having to start the cleanup process over again. That is better than a borked system by a bad removal process.
2) It is only necessary to run rkill again if unable to run MBAM or other programs after the restart. Note, however, if you get a message that rkill is an infection, the message is most likely a fake warning by the rogue. Leave the warning on the screen and then run Rkill again. | | My System Specs | | OS Windows 7 & Windows Vista Ultimate
|
15 Jan 2010
|
| |
Win 7 Ultimate 64-bit. SP1. 1,236 posts |
Quote: Originally Posted by Corrine
Quote: Originally Posted by JMH Comments from Corrine & Jacee sought! rkill definitely has come in handy when people I am helping cannot launch standard programs such as MBAM because they are blocked by the infection.
Quote: Originally Posted by DocBrown I have a friend that just got hit by Internet Security 2010 Fake AntiVirus Take a look at the instructions here: Remove Internet Security 2010 (Uninstall Guide)
Quote: Originally Posted by ignatzatsonic I have never used Rkill, but I have made some notes on it from a respected source:
Delete any restore points
Run online scanners
Run Rkill again, don't reboot, then rerun MBAM. 1) Do NOT delete restore points until the computer is clean. The only harm in an infected restore point is having to start the cleanup process over again. That is better than a borked system by a bad removal process.
2) It is only necessary to run rkill again if unable to run MBAM or other programs after the restart. Note, however, if you get a message that rkill is an infection, the message is most likely a fake warning by the rogue. Leave the warning on the screen and then run Rkill again. A big "THANKS" for that.  | | My System Specs | | System Manufacturer/Model Number LAPTOP. HP Pavilion dv7-4010TX .
OS Win 7 Ultimate 64-bit. SP1.
CPU Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory 8 DDR 3 RAM. 1066MHZ
Graphics Card ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays 17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution 1600 x 900.
Mouse Logitech Anywhere mouse. MX.
Case Laptop / notebook.
Hard Drives 640GB
Internet Speed ADSL [ but too slow ]
|
15 Jan 2010
|
| |
Windows 7 SP1, Home Premium, 64-bit 7,566 posts |
I have no reason to believe I have a rootkit, but I just ran the program.
I ran the exe version and the com version. Both completed within maybe 15 seconds. I got no onscreen report of any kind--the window simply disappeared.
Is this normal behavior when no issues are found? I would have guessed I would see a notice of some kind onscreen. | | My System Specs | | System Manufacturer/Model Number Ignatz Special; 4 speed manual gearbox; factory air conditioning; one of one
OS Windows 7 SP1, Home Premium, 64-bit
CPU Intel Sandy Bridge i5-2500, not overclocked
Motherboard Gigabyte H67A-UD3H-B3, full ATX
Memory 4 GB Crucial DDR3-1333
Graphics Card none; graphics are integrated on CPU
Sound Card onboard: Realtek ALC892; external: USB Behringer UF0-202
Monitor(s) Displays NEC 90GX2-BK 19" LCD
Screen Resolution 800 x 640
Keyboard Leopold Tenkeyless with Cherry Blue switches, USB
Mouse Logitech or Microsoft optical wired; either USB or PS 2
PSU Seasonic SS-560KM, modular
Case Antec Solo II
Cooling CPU: Scythe Big Shuriken; Case: Scythe Slipstream 800 & 500
Hard Drives System: Intel 320 Series SSD, 80 GB;
Data: Samsung Spinpoint 103SJ, 1 TB;
Backup: WD Caviar Green WD15EADS-00P8B0, 1.5TB
Other Info Power consumption of this system, including monitor: 68 watts at idle; 144 watts at full load
|
15 Jan 2010
|
| |
Windows 7 & Windows Vista Ultimate 2,476 posts Upstate NY |
@JMH -- You're welcome.
ignatzatsonic, Rkill isn't the only tool of its nature nor is it a fancy program -- it is a tool Grinler created to accompany the tutorials and for our use in the forums. Since it did not find any known malware processes to kill, it closed.
| | My System Specs | | OS Windows 7 & Windows Vista Ultimate
|
15 Jan 2010
|
| |
Windows 7 SP1, Home Premium, 64-bit 7,566 posts |
OK.
Thanks Corrine; I just wanted to confirm I understood default behavior. I will keep it around and hope I never need it. | | My System Specs | | System Manufacturer/Model Number Ignatz Special; 4 speed manual gearbox; factory air conditioning; one of one
OS Windows 7 SP1, Home Premium, 64-bit
CPU Intel Sandy Bridge i5-2500, not overclocked
Motherboard Gigabyte H67A-UD3H-B3, full ATX
Memory 4 GB Crucial DDR3-1333
Graphics Card none; graphics are integrated on CPU
Sound Card onboard: Realtek ALC892; external: USB Behringer UF0-202
Monitor(s) Displays NEC 90GX2-BK 19" LCD
Screen Resolution 800 x 640
Keyboard Leopold Tenkeyless with Cherry Blue switches, USB
Mouse Logitech or Microsoft optical wired; either USB or PS 2
PSU Seasonic SS-560KM, modular
Case Antec Solo II
Cooling CPU: Scythe Big Shuriken; Case: Scythe Slipstream 800 & 500
Hard Drives System: Intel 320 Series SSD, 80 GB;
Data: Samsung Spinpoint 103SJ, 1 TB;
Backup: WD Caviar Green WD15EADS-00P8B0, 1.5TB
Other Info Power consumption of this system, including monitor: 68 watts at idle; 144 watts at full load
|
16 Jan 2010
|
| |
Windows 7 & Windows Vista Ultimate 2,476 posts Upstate NY |
No need to keep it around. It is best downloaded fresh if needed so you can benefit from updates that would include additional processes. | | My System Specs | | OS Windows 7 & Windows Vista Ultimate
Rkill – Repair Tool of the Week. problems? All times are GMT -5. The time now is 01:11 AM. |  |
Laptop has gone into startup repair 4 times in one week 
