Saturday, 29 April 2017

Detecting fake antivirus with RKill

Detecting fake antivirus with RKill
RKill is a program that detects malware processes and services that are not detected by conventional antivirus programs because they are capable of stopping the execution of them or of passing unnoticed.

A typical case of software detected by RKill are known as Rogue or FakeAv, which are usually fake antivirus, but can also simulate some other type of tool, such as cleaners, optimizers, antispyware, video codecs, etc. Usually these programs are installed involuntarily or are part of some type of misleading advertising.

While most popular antivirus programs, such as Avast or AVG (among others), are capable of detecting such malicious files, new variants may appear that may not be noticed until a future update of their virus databases. This antimalware is able to detect them and kill those processes or services to stop them from running.

It is important that the user understands that Rkill kills processes but does not remove viruses, so if the computer is restarted, they will be re-run. What is achieved by slowing the processes of these false applications is that the conventional antivirus can resume its action and can be responsible for eliminating them after a system analysis.

After running Rkill and scanning the system, you get a file that is stored on the desktop where the scan results are detailed, with a list of finished processes, completed services and suspicious Windows Registry entries that have been taken To eliminate.

After completing the analysis and generating the report, the user is warned that he can run the antivirus normally, therefore in case of any suspicion that the antivirus is not working properly or can not be opened, this utility can be a good solution to clear The doubts and to repair the problems in case of being infected by some malicious file (troyanos, fakes, etc.). Suspicions should also be generated when the computer is too slow, when the browser's home page is changed, the default browser is changed, or some other anomaly.

RKill 2.6.8.0 is the latest version, available for Windows 7, Vista and XP. The file being downloaded is simply executed (not installed). It is a product developed by BleepingComputer, who offers it for free to download.

Share this

Hi I am a techno lover, as an author of this blog, I give you the most actual news for you daily. Hope you enjoy it

0 Comment to "Detecting fake antivirus with RKill"

Post a Comment