A forum for reverse engineering, OS internals and malware analysis 

Forum for announcements and questions about tools and software.
 #1312  by egomoo
 Wed Jun 23, 2010 3:01 am
SuperRKill is an improved tool for RKill.com which failed while rogue AV Security Suite up and running first.

MBAM,SAS do can not run while “rogue AV Security Suite ” is running.

IceSword also failed to run but XueTr is ok.

SuperRKill.com terminate most of unknown processed running on your system.

SuperRKill.com save a log at C:\SuperRKill.log.
This log file is located at C:\SuperRKill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Author: http://www.xdelbox.com

Processes terminated by SuperRKill or while it was running:


SuperRKill completed on 2010-6-23 9:15:21 .
SuperRKill.com download :

SuperRKill.exe have upload to virustotal for scan
http://www.virustotal.com/zh-cn/analisi ... 1277260304

AV Security Suite Sample:


API hooks by the wcctxsitssd.exe process
[*]wcctxsitssd.exe->USER32.dll:EnumWindows 0×77D1CD97->0×74C33AFC Iat FC 3A C3 74 97 CD D1 77
wcctxsitssd.exe->USER32.dll:GetWindowTextA 0×77D3212B->0×74C08436 Iat 36 84 C0 74 2B 21 D3 77
[*]wcctxsitssd.exe->USER32.dll:SetWindowTextA 0×77D2F52B->0×74E33AEF[C:\WINDOWS\system32\wbem\wbemsvc.dll] Iat EF 3A E3 74 2B F5 D2 77
wcctxsitssd.exe->USER32.dll:CreateWindowExA 0×77D1FF33->0×74E48427 Iat 27 84 E4 74 33 FF D1 77
[*]wcctxsitssd.exe->USER32.dll:DestroyWindow 0×77D1DAEA->0×10E8C1E7 Iat E7 C1 E8 10 EA DA D1 77
[*]wcctxsitssd.exe->KERNEL32.dll:GetModuleHandleA 0×7C80B6A1->0xDC74C084 Iat 84 C0 74 DC A1 B6 80 7C
wcctxsitssd.exe->KERNEL32.dll:GetStartupInfoA 0×7C801EEE->0×0674E33A Iat 3A E3 74 06 EE 1E 80 7C
[*]wcctxsitssd.exe->KERNEL32.dll:LoadResource 0×7C809FB5->0xD474E484 Iat 84 E4 74 D4 B5 9F 80 7C
wcctxsitssd.exe->KERNEL32.dll:FreeResource 0×7C8260C2->0×5F5E96EB Iat EB 96 5E 5F C2 60 82 7C
[*]wcctxsitssd.exe->KERNEL32.dll:LockResource 0×7C80CC97->0×5BFF428D Iat 8D 42 FF 5B 97 CC 80 7C
wcctxsitssd.exe->KERNEL32.dll:ExitProcess 0×7C81CDDA->0xFE428DC3 Iat C3 8D 42 FE DA CD 81 7C
[*]wcctxsitssd.exe->KERNEL32.dll:TerminateProcess 0×7C801E16->0xC35B5F5E Iat 5E 5F 5B C3 16 1E 80 7C
 #1551  by Gabethebabe
 Thu Jul 15, 2010 2:30 pm
Grinler´s RKill has been around for a long time and has proven to be very effective.
Could you elaborate on why exactly malware fighters should use your tool over RKill?

 #1582  by Maniac
 Sat Jul 17, 2010 9:54 pm
Grinler is a specialist, founder of a very big community, he has access to many resources and work closely with many specialists in the field. I think you could hardly maintain that level.
 #1645  by Crush
 Thu Jul 22, 2010 1:48 pm
Copyright violation notice has been issued and the name has been changed. Still not sure what this does that RKill does not