www.FoolishIT.com

KillEmAll

KillEmAll.scr is a tiny tool now included in D7, but available for download here as a separate resource for those interested, or who have downloaded the full D7 package prior to recent versions, and that release does not have KillEmAll included.

KillEmAll has one purpose, to terminate every process on your computer except essential Windows processes.

The underlying idea is that when you have malware preventing you from running applications (like D7) you can launch KillEmAll to terminate that malware before it has a chance to terminate D7 or your other tool of preference.

Admittedly, KillEmAll isn’t perfect – it too can be stopped by the malware – but hopefully it will kill the malware processes before they kill it.

In my testing, occasionally I’ve had to run KillEmAll several times before it was able to terminate the malware – what happens is KillEmAll gets busy terminating legitimate processes while the malware finds and terminates it. But luckily, after several launches of KillEmAll, it was able to finally terminate the malware! From there, I was able to launch D7 and finish the cleanup. But as always, your mileage may vary.

KillEmAll is included in the latest version of D7.zip but can be downloaded here by itself, for those who don’t use D7 or already have D7 without KillEmAll.

Instructions:

  • Run by itself for normal operation.
  • Hold the SHIFT key while executing to run in Service mode.  (formerly KillEmAllPlus)  This mode elevates KillEmAll to the local system account giving it more process terminating power, and also as a service it will continue to restart KillEmAll.scr (should it be terminated by malware) until you close the app manually.
  • Hold the CTRL key while executing to run in Debug mode.  This mode will ask you to terminate each process one by one, and is most useful for debug purposes.

Whitelist Instructions:

NEW: with the 1-2-12 update and in D7 v5+ you can now simply select a process and click the Whitelist button in the KillEmAll GUI.

Simply create a plain text file named “KEA_Whitelist.txt” in a subdirectory called “Config”. Inside the file, put the executable name(s) you wish to whitelist, each on their own separate line. Include the file extension. Keep the whitelist small to avoid impacting execution time / effectiveness of KillEmAll. The idea of the whitelist is pretty much only to add your remote support software executable(s), so you don’t disconnect yourself from a remote support session by when running KEA.

Example whitelist of two items:

  • teamviewer.exe
  • my support app.exe

News:

  • Updated on 2-18-13
    • Introducing KillEmAll Service mode:  (hold SHIFT while executing)
      • Simulates old behavior of KillEmAllPlus, but better without the interactive services detection prompts..
      • See usage instructions above.
    • Introducing KillEmAll Debug mode:  (hold CTRL while executing)
  • Updated on 9-13-12 (included with D7 7.6.1 or better)
    • KillEmAllPlus now runs as an unstoppable Windows service continually restarting itself if malware terminates it.
  • Updated on 9-10-12 (included with D7 7.5.40 or better)
    • Modified KillEmAllPlus to startup significantly faster making it far more effective.
  • Updated on 1-2-12
    • Added a Whitelist button to the GUI.
  • Updated on 11-11-11
    • Added KillEmAllPlus.scr to the package.
  • Updated on 9-18-11 to v1.2.5 (included with D7 4.5.3 or better)
    • Added the ability to use a user-defined whitelist of executable names.
  • Updated on 7-25-11 (included with D7 4.1.2 or better)
    • Added ability to verify file signatures with sigcheck.exe from Sysinternals, provided it is in the 3rd Party Tools dir, that is.
  • Updated on 7-2-11 (included with D7 3.8.6 or better)
    • Added D7 (Malware Scan v2) Out of Place Files scan to KillEmAll. KillEmAll makes extra atempts to terminate potentially running processes (hidden or otherwise) of the files found by the Out of Place Files scan routine.
    • Added File attributes, Google, IFEO, Rename, and Delete options for selected files/processes.
  • Updated on 7-14-11 (included with D7 4.0 or better)
    • KillEmAll should now be slightly faster at terminating processes.

License:  

  • This software completely FREE for personal and commercial use under the terms of this license.
  • This program is provided with no warranties or guarantees of any kind, and that you and only you are held as the bearer of sole responsibility for any use or misuse of this software and any resulting damages in any form, monetary or otherwise.

 

Leave a Reply