In this part of our malware removal series we will go through the steps in using Rkill to disable any malware processes that are running, and may prevent an effective malware removal scan from taking place.
Things to note before using Rkill
Rkill is a small program with one purpose, and one purpose only – to terminate any malware processes that may be running in the background, as these may interfere and even prevent a successful malware scan from being performed.
Rkill DOES NOT remove or disinfect any installed malware, and as it only removes any running processes DO NOT re-boot your PC after running RKill as the malware processes will run again.
Rkill should be run before any form of malware scan takes place, if you use another product to do a scan and it asks you to re-boot when it’s finished, make sure you run Rkill again before doing any more scans.
Procedure for using Rkill
Rkill is a program developed and supported by the great guys over at Bleeping Computer, so head over to http://www.bleepingcomputer.com/download/rkill/ where you can download the latest copy. If you have downloaded the program in the past, don’t be tempted to use that, download the latest ones as new malware processes are being added all the time.
Once you have downloaded Rkill, simply double click the file and wait for it to do its magic. Rkill doesn’t need to be installed, it is a standalone program. (If Rkill will not run, see our info panel in the sidebar)
While you are using Rkill you will see a screen like the one below keeping you updated on the tasks in hand.
If you have any malware processes running then there is a small possibility that that malware will attempt to stop you running Rkill by displaying a fake warning telling you that Rkill is trying to do something nefarious, simply ignore these fake messages and let Rkill finish its job.
Once Rkill has finished scanning and closing down any malware processes you will see a screen similar to the one below.
Now that you have finished using Rkill and are clear of any malware running in the background you can proceed with malware scanning / removal using your chosen tool
Using the Kaspersky Rescue Disk – Cleaning your PC without booting into Windows
Using Kaspersky TDSS Killer – The trouble free way to remove Rootkits