Auto start rkill

ComputerRepairTech said:
RKill is primarily used to restore file associations like .exe and terminate processes that may simply corrupt the file association again or other programs it mistakens for malware.
Click to expand...

Actually, the original reason why RKILL was written was to terminate currently-running rogue processes, e.g. get your foot in the door. Then you could run whatever tools you wanted to actually ferret out the malware. This has been a "go-to" tool for a long time.

The welcome ability to restore file associates, plus many other enhancements, was added in a major update (R2.0?) and subsequent revisions.

More info: http://www.bleepingcomputer.com/download/rkill/
 
glricht said:
Actually, the original reason why RKILL was written was to terminate currently-running rogue processes, e.g. get your foot in the door. Then you could run whatever tools you wanted to actually ferret out the malware. This has been a "go-to" tool for a long time.

The welcome ability to restore file associates, plus many other enhancements, was added in a major update (R2.0?) and subsequent revisions.

More info: http://www.bleepingcomputer.com/download/rkill/
Click to expand...

so did it actually used to work for that purpose, 'cause it sure wouldn't in the incarnation I've seen. what is the purpose of the app these days? like a combofix replacement?
 
glricht said:
Actually, the original reason why RKILL was written was to terminate currently-running rogue processes, e.g. get your foot in the door. Then you could run whatever tools you wanted to actually ferret out the malware. This has been a "go-to" tool for a long time.

The welcome ability to restore file associates, plus many other enhancements, was added in a major update (R2.0?) and subsequent revisions.

More info: http://www.bleepingcomputer.com/download/rkill/
Click to expand...

You are mistaken. RKill has always restored file associations.
 
Hi Nick,

I use Rkill as a custom app in D7. It is a standalone .exe and thus, doesn't need to be "added" to D7. It's just another tool in my arsenal. I've not seen it take a long time to run......about 30 seconds to a minute average.

I like the KillEmAll approach. I wasn't aware of some of the capabilities mentioned in this post.

Any luck on us getting the offline method added as mentioned previously?

Thanks,
Harold
 
TimM said:
http://www.bleepingcomputer.com/forums/t/308364/rkill-what-it-does-and-what-it-doesnt-a-brief-introduction-to-the-program/ sets out what it does... especially the later parts that refer to the faster version 2.
Click to expand...

that link just confused me, sounds like a chicken and egg thing. the author wrote the program to stop malware processes so you can run your tools, but by the own author's admission, malware will also prevent it from running, so he just offers a few suggestions like rename it to .com or iexplore.exe - why not just rename your actual tools like that and cut out the middle man? It would seem to me that by the time you got rkill to run, you could get any of your real tools to run, so it defeats the purpose of rkill entirely... So yeah, I'm still failing to see the point of it.

Also v2 something was what I tested - couldn't have been anything else it wasn't *that* long ago. I guess if it isn't expected to actually terminate malware before the malware terminates it, then it really doesn't matter how slow it is lol.
 
FoolishTech said:
that link just confused me, sounds like a chicken and egg thing. the author wrote the program to stop malware processes so you can run your tools, but by the own author's admission, malware will also prevent it from running, so he just offers a few suggestions like rename it to .com or iexplore.exe - why not just rename your actual tools like that and cut out the middle man? It would seem to me that by the time you got rkill to run, you could get any of your real tools to run, so it defeats the purpose of rkill entirely... So yeah, I'm still failing to see the point of it.

Also v2 something was what I tested - couldn't have been anything else it wasn't *that* long ago. I guess if it isn't expected to actually terminate malware before the malware terminates it, then it really doesn't matter how slow it is lol.
Click to expand...

At the time RKill was created what tool would you have renamed to reset file extensions. You wherent going to run the batch file, .reg was usually blocked, etc. I've used RKill on several occasions to get remotely connected to a client. I just have them run a .pif version.
 
ComputerRepairTech said:
At the time RKill was created
Click to expand...

You act like it's ancient. Looks like it was released in 2010. Oh yes, that's back before they invented motor cars and file association fixing applications. NOT!

ComputerRepairTech said:
what tool would you have renamed to reset file extensions.
Click to expand...

Uhh, I would use any old app laying around that performed those functions, there are dozens of them out there and I even have my own, FixEXE. Used it quite a few times by renaming it.

ComputerRepairTech said:
You wherent going to run the batch file, .reg was usually blocked, etc. I've used RKill on several occasions to get remotely connected to a client. I just have them run a .pif version.
Click to expand...

Usually when most scripts are blocked, .INF works miracles ;) I believe Symantec distributes an .INF for this fix.
 
Last edited:
FoolishTech said:
You act like it's ancient. Looks like it was released in 2010. Oh yes, that's back before they invented motor cars and file association fixing applications. NOT!



Uhh, I would use any old app laying around that performed those functions, there are dozens of them out there and I even have my own, FixEXE. Used it quite a few times by renaming it.



Usually when most scripts are blocked, .INF works miracles ;) I believe Symantec distributes an .INF for this fix.
Click to expand...

Doesn't have to be ancient just has to be around when the whole fake AV .exe file association malware got popular which if my memory serves me correct was 2010...or maybe it was 2009 im bad with dates. Anyway there was no other simple app that a user could just run themselves to quickly resolve the issue (least not that I remember) so they could run other tools that users on bleeping forum may instruct them to use. You made your own and thats great but I am not going to code my own when an existing one exists.

Good idea about the .inf.
 
ComputerRepairTech said:
Doesn't have to be ancient just has to be around when the whole fake AV .exe file association malware got popular which if my memory serves me correct was 2010...or maybe it was 2009 im bad with dates. Anyway there was no other simple app that a user could just run themselves to quickly resolve the issue (least not that I remember) so they could run other tools that users on bleeping forum may instruct them to use. You made your own and thats great but I am not going to code my own when an existing one exists.

Good idea about the .inf.
Click to expand...

I was seeing exe hijacks long before then. Symantec had the inf then, and I may be mistaken but I believe SuperAntiSpyware also had a tiny app too, I think it was only available as a separate D/L at the time and certainly didn't come with the portable edition. I know there was at least another I just cannot recall who made it.

On the other hand, your point is well taken, because I also realize that not every tech actually knows all of the tools out there!!! (if they did, I would hope my warez to be far more popular, maybe even make me rich by now LOL) Bleeping Computer has certainly been very popular for a number of years so it makes sense that their tools would be more well known and utilized. I guess I'm just jealous ;) for one thing, and for another a little weary of the fact that their tools were meant for their usage in helping end users, not so much for PC techs. And I do have to give them props because at least Combofix works very well for what it does.

Either way I'm kinda being an ass here and I apologize for that - I really owe a debt to you and most everyone on these forums for your continued support and excellent feedback - I owe what little success and popularity I do have to you all - and I shouldn't knock anyone's preferred tools of the trade just because I don't see the worth in them personally -- unless they are products made by Uniblue and the like ;)
 
Last edited:
You must log in or register to reply here.

Similar threads

Appletax
[SOLVED] Can't remove fake BSOD that might use mshta.exe
Replies
5
Views
602
NviGate Systems
NviGate Systems
HCHTech
Excel Sorting, "My data has headers" checkbox
Replies
5
Views
463
Sky-Knight
Sky-Knight
callthatgirl
Top 8 New Outlook Issues
Replies
5
Views
554
callthatgirl
callthatgirl
thecomputerguy
Punishing clients for their transgressions.
Replies
6
Views
643
sapphirescales
sapphirescales
Larry Sabo
ASUS Vivobook keyboard not functional in Windows, but does in WinPE
2
Replies
23
Views
2K
Porthos
Porthos
Back
Top