Spyware, Viruses, & Security forum

General discussion

How do I get rkill to run?

by claddagh143 / January 26, 2010 3:58 PM PST

Hi. I have Windows Vista and am trying to run rkill because I have Malware Defense. I had Internet Security 2010 as well, but I was forced to do a system restore and that went away (I think). When running Windows normally, it would not let me run any version of rkill because it said, "pev.exe has stopped working, windows will try find a solution" etc. I have tried all four. I thought I would try to run it in safe mode, but now the black screen will pop up and then immediately disappear. Can I run the mbam program without doing rkill first? Or is there another way to run rkill? I don't know if these things are also important, but I have also tried the "exterminate" from the PC Pitstop program, and it will not run either. Also, whenever I log in it says, "Windows Defender User Interface has stopped working" and at one point I got a message that said "MSASCui.exe failed to initiate (0x80000003)" Thanks for the help in advance! Erin

Post a reply
Discussion is locked
You are posting a reply to: How do I get rkill to run?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: How do I get rkill to run?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
If rkill will not run at all, give exeHelper a try
by Donna Buenaventura / January 26, 2010 4:23 PM PST

exeHelper works like Rkill and you can download two format:

Also, please use the guide in http://www.bleepingcomputer.com/virus-removal/remove-malware-defense
There's a method to do before using Rkill. If you've done that, see below:

See if exeHelper will run or if the guide will help. If not, I suggest posting your log in http://www.bleepingcomputer.com/forums/forum22.html
Please mention to them the tools you've tried, including Rkill.

Collapse -
Just a Calming Note & Warning...
by tobeach / January 27, 2010 2:39 PM PST

My Avira Guard ( I assume most real time protectors)will set off Alarm Bells & Trojan warnings for the .Scr version of RKill & for BOTH versions of exeHelper.

You will need to tell protectors to ignore these to download & save.
In Avira they re-trigger every time I plug in USB Flash Drive containing them. Or open MY Docs where another copy resides. If given the option, probably best to have them added to your ignore list. Sandy Grin

Collapse -
Thanks for pointing that, Sandy
by Donna Buenaventura / January 27, 2010 2:44 PM PST

An obvious FP by some antivirus program but a good work by them. Thanks for noting so the member is aware but let's note also that the infected machine will fail to make the AV run or work to provide the said alert because the 'ransomware, rogue, scareware' is preventing anything from antivirus or other application.

Thanks again, Sandy! Happy

Collapse -
by claddagh143 / January 27, 2010 3:49 PM PST

Thank you!!

I got the scr version of exehelper to work, but had to rename the "mbam-setup" program before I could run it. The infected computer would not let me go to any site anti-virus or anti-malware related, and just copying that second file to a USB didn't work. (From bleepingcomputer.com's directions on removal). I had to e-mail myself the shortcut to the file that is supposed to be downloaded into the anti-malware folder.

However, I did get it all started, and it is running a scan now. Happy

Before this happened, I was running McAffee. It obviously is not working anymore. I hope that once Malware Defense is gone it will come back up. Does anyone have suggestions for the best Anti-Virus/Anti-Malware? Is Malwarebytes paid version worth it?


Collapse -
You're welcome, Erin!
by Donna Buenaventura / January 27, 2010 4:04 PM PST
In reply to: exehelper

Glad to hear that exeHelper has helped to bypass Malware Defense and good job in working-around to make the program work (MBAM).

Hope the scan will finished and that MBAM will deal with it. If not, you can try SUPERAntispyware, CounterSpy (trial) or A-squared to eradicate that nasty Malware Defense.

If you still have issue in visiting antivirus or anti-malware sites after MBAM have finished scanning/removal, try using Microsoft's Fix It to reset the Hosts file

Your McAfee should be working again if Malware Defense has been removed. MBAM paid edition offers real-time protection which is a good addition to good AV.
I'm not sure if you are using McAfee AV only or with firewall or suite but if you are looking for alternative antivirus program, try Avira or Avast (both free edition).
If you want paid edition of standalone AV, go for NOD32 or Kaspersky or Avast Pro or AntiVir Premium.

Collapse -
exeHelper & Malware run but the virus(es) are still there
by dizzer23 / March 14, 2010 1:30 AM PST

Good morning.

On 3/09 I got a virus(es). I didn't have anti-virus software on my computer due to other issues that were still being worked on, but I had spysweeper software that runs every night at 8 p.m.

On 3/10 I followed my sister's instructions and downloaded rkill in safe mode. Rkill ran for one second. I tried downloading it again and it did the same thing. So I tried moving on and downloading Malware. I ran Malware in safe mode and after 11 minutes it said my computer was clean. I ran it in normal mode and after 2.5 hours it was still running. Since it ran so quickly in safe mode, I thought there was something wrong and aborted it.

On 3/11 I opened my computer and got no messages about a virus or needing to run a spy sweeper scan. I opened my control panel to turn off my screen saver before I started the Malware scan again and it wouldn't open. So I assumed I still had virus(es) and waited until I was at work the next day to review some of the Cnet forum suggestions about why rkill and malware weren't working.

On 3/13 I downloaded the first exeHelper from this post. In safe mode, it ran in about 30 seconds and said that my computer was clean. So I ran Malware again. This time it ran for about 13.5 minutes before saying my computer was clean. Then I ran it in normal mode. It ran for about 4.5 hours before saying my computer was clean. this finished around 7:30 p.m.

At 8 p.m., my computer automatically runs a spysweeper scan. It was still running this morning after 12 hours. Not normal.

Any suggestions for why these fixes aren't working when exeHelper and Malware seem to be running normally?

Thank you for your help.

Collapse -
Hi dizzer23

You need to try again but please do not scan in safe mode. Also, do not reboot the computer after using Rkill or exehelper. What you need to do is... immediately run a scan using Malwarebytes Anti-Malware after using rkill or exehelper.

Note: If you could temporary disable SpySweeper's real-time protection, please do so. This is necessary action before allowing another malware scanner to remove infection.

Collapse -
exeHelper & Malware run but the virus(es) are still there
by dizro / March 16, 2010 6:58 AM PDT
In reply to: Hi dizzer23


Thanks for the information.

Just to clarify:
* I did not reboot after using Rkill or exehelper. I immediately ran the scan using Malwarebytes Anti-Malware. First in safe mode, then in normal mode.
* I will run it again in normal mode with SpySweeper disabled. Do you think Spysweeper interfered with the previous scan in normal mode?

Thanks again.

Collapse -
Yes, there are incidents before that a real-time

protection by another malware scanner can interfere with the scanning and removal process by another malware scanner. That is true on scanning, if the scanner is decompressing/extracting a file to temporary location to proceed in scanning.

You could try also scanning the computer again using MBAM or even using SUPERAntispyware or A2 Free because not all scanners will find everything.
SUPERAntispyware (SAS) http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
A2 Free (A2) http://download.cnet.com/A-squared-Free/3000-2239_4-10262215.html

Collapse -
Can't get rid of "Security Sheild"
by atate10 / January 31, 2011 1:36 PM PST

I'm trying to get RKill and even tried exeHelper, but everytime I go to run it "Security Sheild" (the virus I'm trying to remove which is a fake antivirus) keeps killing it and saying its a trojan. Any help on how to remove "Security Sheild"?

Collapse -
Did you try..
by Carol~ Forum moderator / February 1, 2011 6:05 AM PST


Did you try ALL versions of RKill? If not, go to the RKill Download Page and (continue to) try a different filename.

See RKill - What it does and What it Doesn't - A brief introduction to the program.

Scroll down to where you see "Depending on the malware that is installed on the computer, when you run RKill you may see a message from the malware stating that the program could not be run because it is a virus or is infected". See the screenshot. ⇐ The fact that it's for Security Tool (instead of Security Shield) shouldn't matter.

It's noted the warnings are fake alerts by the malware that has hijacked your computer trying to protect itself. Two methods you can try to get past this and allow RKill to run are:

• When you receive the warning message, leave the message on the screen and try running RKill again.
• If that does not work, just keep launching RKill until it catches and stays up long enough to kill the malware

Were you following all the steps in the below uninstall guide? To include step #2 which states:

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Remove Security Shield or SecurityShield (Uninstall Guide)

Try leaving the message on the screen, and running RKill again. It's certainly worth the try! Nothing ventured. Nothing gained.

Best of luck..

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions

CNET Holiday Gift Guide

Looking for great gifts under $100?

Trendy tech gifts don't require a hefty price tag. Choose from these CNET-recommended useful and high-quality gadgets.