RKill: terminate known malware processes to help you remove them
Blocking malware before it manages to infect your PC is relatively easy. Your antivirus package scans the file, email attachment or whatever it might be, recognises the threat, and deletes it before any damage can be done: simple.
Should the malware bypass your protection, though, and manage to install itself, then it’s a very different story. Now the threat may be able to hide from your security software, prevent you running particular programs, reaching certain sites – and that can make removing it a very real challenge. Unless you’ve a copy of RKill on hand to help.
The program is small, simple and straightforward, and has one major purpose: to terminate any malware processes, so they’ll no longer be able to interfere with your security software. Temporarily, anyway. As RKill doesn’t remove the malware, even if it does manage to kill everything in memory, if you reboot the virus will just take control again.
Still, the program can be very helpful in certain circumstances. If your PC has been infected by malware, and that’s stopping you from accessing or properly using security software, then running RKill may be able to delete any malicious processes. And then you can try running a deep scan with your existing antivirus package, or perhaps using some other tool to try and detect and remove the threat (Malwarebytes Chameleon is a great tool for these situations, as we discussed earlier this month).
And there’s no doubt RKill is easy to use. There’s no configuration, no options to consider, not even any interface, really – just launch the executable, and watch as a console window shows you what it’s doing (then a text report gives you a little more detail).
For all this, you should be careful about how and when you use the program, because it can cause problems in itself. In our tests we found RKill would regularly kill processes which weren’t malicious at all, for instance. Most of the time this shouldn’t cause any critical problems, because it’s not touching the application files, so even if your system crashes then you can always just reboot. But it’s hard to say precisely what will happen, so we’d still recommend you save any work and close all open programs before you give RKill a try.
As long as you keep this in mind, though, RKill could prove a very useful tool of last resort. And it’s probably a good idea to add a copy to your portable security toolkit, just so you’re prepared for any malware emergencies.