Terminate active Malware with RKill

Malware this days are getting smarter and harder to remove, some malware infections will detect that you have launched an anti-malware tool such as MalwareBytes and close it down as soon as you open it, which makes malware removal much harder. This is the exact situation Rkill is designed for.

Rkill is a freeware and portable tool designed to terminate active malware processes allowing you to use other removal tools. Rkill is made by Lawrence Abrams.

RKill just kills processes, imports a Registry file that removes incorrect file associations and fixes policies that stop us from using certain tools. Then it kills Explorer.exe so it will restart and enable some of the Registry changes. When done, RKill will then create a log listing all processes that were terminated while the program was running.

Since RKill only terminates processes, after running it you should not reboot your computer as any malware processes that are set to start automatically, will just start up again. Instead, after running RKill you should scan your computer using your malware removal tool of choice (MalwareBytes' Anti-Malware, SuperAntiSpyware, and Dr.Web CureIt)

Rkill is available in 4 different extensions. An .EXE, .COM, .SCR and a .PIF file. The reason why is because some malware will block .EXE files in an attempt to prevent you from running other malware removal tools, so this gets around that problem.

Downloads

Note: When you run RKill you may see a message from the malware stating that the program could not be run because it is a virus or is infected. Ignore it and try to run Rkill with different extension. If it fails try to boot in Windows SafeMode then try again. And if it also fail try to run COMBOFIX in safemode and see if can remove that nasty malwares installed on your PC.