Chances are if you use the internet you’ve encountered a fake anti-virus application. They are everywhere these days and they’re getting much better at bypassing conventional anti-virus.
There are lot’s of ways to kill these rogue’s, however Rkill makes it really easy! The guys over at bleepingcomputer are nice enough to make these tools (and make them free too!) .
Here’s how I use Rkill.
- Copy Rkill(s) to a folder on my USB stick.
- Make my stick read only (little switch on the stick).
- Put the stick in the clients computer with the fake antivirus.
- Open a copy of Rkill.
- Rkill detects the Rogue and kills the process.
- I manually delete the rogue since Rkill provides a log with the rogue’s location.
- Run Malwarebytes
- If it’s a 32-bit OS I’ll scan for rootkits as well.
Here are the Rkill downloads. Each Rkill download is essentially the same. If the fake anti-virus blocks one of them the other is probably going to work.
RKill download links:
- RKill.com Download Link
- RKill.exe Download Link
- RKill.scr Download Link
- eXplorer.exe Download Link – This renamed copy may trigger an alert from MBAM. It can be ignored and is safe.
- iExplore.exe Download Link
- uSeRiNiT.exe Download Link
- WiNlOgOn.exe Download Link