Rkill.exe detected

Avast Free Antivirus / Premium Security
1

Sorry if this is an old chestnut, but a search doesn’t reveal any relevant discussion on these boards.

I downloaded rkill last year sometime - just in case - and today (and not for the first time) I ran a full scan with Malwarebytes - nothing showed up. But when I ran a full scan with AIS it raised the alarm on rkill.exe and a couple of other files in the same directory I’d stored them in. Lots of warning bells and whistles about a blocked attack also when I subsequently tried to list that directory’s contents.

Was this a false alarm on Avast’s part or could the files really have been changed since the last time I ran the scans?

Thanks

2

Hi onepk :slight_smile:

You can find out more about Rkill here:
http://www.bleepingcomputer.com/download/rkill/

Also, some info about how it works here, what is does and what is does not do:
http://www.bleepingcomputer.com/forums/topic308364.html

Personally, it does not surprise me that there were some alarms with Rkill,
due to the fact of how it operates. I would suggest downloading the latest
version, if necessary, but know that because it is mainly used to try and stop malware processes,
the file may be viewed as a “PUP” potentially unwanted program due to its purpose. I have seen some
problems regarding Rkill mainly that it cannot always stop a malware process, or it simply may not run properly, etc.
But it can be handy to use if used properly. It IS possible that you may have downloaded from a rogue site at the time.
The developer is Lawrence Abrams and it appears the official site to download is from bleeping computer, at least what I
find with it. It is possible of course that the file(s) may have been altered, or it was not the ‘real’ rkill program.

Their website and the other site I gave you should assist in understanding what Rkill does and does not do.

I would not at this time be too alarmed at the warnings, only because it could easily be viewed by an AV as
potentially unwanted program. But as stated, I have seen some sites that offer “rkill” but it may or may not be
the legit file. Do you remember where you originally got it from? The above site is where you should download it from
as far as I can tell.

I would not dismiss avast warnings…but it would wise to download the rkill file again from the above site, and see if you
get any warnings from avast. If not, then your current file may not be legit inlcuding some of the other files in that directory
you stated.

Hope this helps in some way.

All my best!
Jim

3

Jim,

Many thanks for the comprehensive reply and info. I’m pretty sure I would have downloaded Rkill originally from a site recommended around these parts, but I’ll download it again to have it in reserve and see how Avast views it anew. I guess I was mainly puzzled by the apparent change of attitude on the part of Avast, but not Malwarebytes, towards the old files, which I’m sure have been scanned before with PUP detection on. Though if it was caused by a change in Avast definitions for instance I would have expected others to have noticed too.

Probably hard or even impossible to get closure on these occasional hiccups, but thanks again.

4

Downloaded several differently-named versions of Rkill from Bleepingcomputer site and Avast seems happy with them!

5

Thank you for reporting back onepk :slight_smile:

Good to hear the latest files caused no warnings, etc.

Glad to be of help.

All my best!
Jim