Skip to content
KpRm is a tool to delete all removal tools used during a disinfection
Branch: master
Clone or download
Latest commit f7b9dfd Jul 22, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
src Fix accent in path Jul 22, 2019
.gitignore Update .gitignore Jul 5, 2019
LICENSE Create LICENSE May 28, 2019
README.md README.md: update list tools Jul 22, 2019

README.md

KpRm

KpRm is a tool to use to finalize a disinfection, it removes the following software:

  • AdliceDiag (Tigzy)
  • Ads (Gen-Hackman)
  • AdsFix (Gen-Hackman)
  • AdwCleaner (Malwarebytes)
  • AHK_NavScan (Batch_Man)
  • AlphaDecrypter (Michael Gillespie)
  • AswMBR (Avast!Software)
  • AuroraDecrypter (Michael Gillespie)
  • AutorunsVTChecker (regist)
  • AVCertClean (fr33tux)
  • Offline CryptoMix Ransomware Decryptor (Avast!Software)
  • Avenger (swandog46)
  • BitKangarooDecrypter (Michael Gillespie)
  • BitStakDecrypter (Michael Gillespie)
  • BlitzBlank (Emsisoft)
  • BTCWareDecrypter (Michael Gillespie)
  • Catchme (Gmer)
  • Check Browsers LNK (Alex Dragokas & regist)
  • CKScanner (askey127)
  • Clean_DNS (Gen-Hackman)
  • ClearLNK (Alex Dragokas)
  • CMD_Command (Gen-Hackman)
  • CoinVaultDecryptor (Kaspersky Labs)
  • Combofix (sUBs)
  • Crypt38Decrypter (Michael Gillespie)
  • CryptoSearch (Michael Gillespie)
  • DDS (sUBs)
  • CryptON Ransomware Decryptor (Emsisoft)
  • Defogger (jpshortstuff)
  • DCryDecrypter (Michael Gillespie)
  • EasyRestorePoint (kernel-panik)
  • Eset Online Scanner (Eset)
  • FilesLockerDecrypter (Michael Gillespie)
  • FixExec (BleepingComputer)
  • FixPurge (McVivien2)
  • FRST (Farbar)
  • FSS (Farbar)
  • GetSystemInfo (Kaspersky Labs)
  • GhostCryptDecrypter (Michael Gillespie)
  • GIBON Ransomware Decryptor (Michael Gillespie)
  • GooredFix (jpshortstuff)
  • GrantPerms (Farbar)
  • HiddenTear Bruteforcer (Michael Gillespie)
  • HiddenTear Decrypter (Michael Gillespie)
  • HostsXpert (funkytoad)
  • Hosts-perm.bat (BleepingComputer)
  • InsaneCryptDecrypter (Michael Gillespie)
  • JavaRa (Fred de Vries et Paul McLain)
  • Jigsaw Decrypter (Michael Gillespie)
  • Junkware Removal Tool (Malwarebytes corporation)
  • ListCWall (BleepingComputer)
  • ListParts (Farbar)
  • LogOnFix (Xplode)
  • MBAR (Malwarebytes corporation)
  • MBRCheck (a_d_13)
  • MbrScan (Eric_71)
  • mbr.exe (Gmer)
  • MicroCop Decryptor (Michael Gillespie)
  • Miniregtool (Farbar)
  • Minitoolbox (Farbar)
  • MKV (El Desaparecido & C_XX)
  • Mole02Decryptor (M AV)
  • OneClick2RP (Laddy)
  • OTA (Old_Timer)
  • OTC (Old_Timer)
  • OTH (Old_Timer)
  • OTL (Old_Timer)
  • OTM (Old_Timer)
  • OTS (Old_Timer)
  • Pre_Scan (Gen-Hackman)
  • PowerLockyDecrypter (Michael Gillespie)
  • ProcessClose (Gen-Hackman)
  • QuickDiag (Gen-Hackman)
  • RakhniDecryptor (Kaspersky Lab)
  • Rannoh Decryptor (Kaspersky Lab)
  • RansomNoteCleaner (Michael Gillespie)
  • RegtoolExport (Xplode)
  • Remediate VBS Worm (bartblaze)
  • Report_Antivir (Laddy)
  • Report_CHKDSK (Laddy)
  • ResetNavigator (SoftwareQuality)
  • Rkill (Grinler)
  • RogueKiller (Tigzy)
  • Rooter (Team IDN)
  • RstAssociations (Xplode) (scr) (exe)
  • RstHosts (Xplode)
  • ScanRapide (Lydem)
  • ShadeDecryptor (Kaspersky Labs)
  • Shortcut Cleaner (BleepingComputer)
  • Seaf (C_XX)
  • SecurityCheck (screen317)
  • ServicesRepair (Eset)
  • SMBCheck (Webroot)
  • StrikedDecrypter (Michael Gillespie)
  • StupidDecryptor (Michael Gillespie)
  • Symantec Kovter Removal Tool (Symantec)
  • SystemLook (jpshortstuff)
  • SFTGC (Pierre13)
  • TDSSkiller (Kaspersky Labs)
  • TFC (Old_Timer)
  • ToolsDiag (Amesam)
  • UAC-LEVEL (Amesam)
  • UAC Manager (Xplode)
  • UnHide (BleepingComputer)
  • Unlock92Decrypter (Michael Gillespie)
  • Usb File Resc (Streuner Corporation)
  • UsbFix (El desaparecido & C_XX)
  • UnZacMe (Gen-Hackman)
  • Webroot DE-BUG (Webroot)
  • WildfireDecryptor (Kaspersky Labs)
  • WinChk (Xplode)
  • WinsockAnalyzer (Xplode)
  • WinUpdatefix (Xplode)
  • XoristDecryptor (Kaspersky Labs)
  • ZHPCleaner (Nicolas Coolman)
  • ZHPDiag (Nicolas Coolman)
  • ZHPLite (Nicolas Coolman)
  • ZHPFix (Nicolas Coolman)
  • Zoek (Smeenk)

The search for executables downloaded by the user is only performed in the Desktop and the download folder. To respect Nicolas Coolman's choice, the quarantine of ZHP tools located under AppData\ZHP is no longer deleted, however a line in the report indicates its presence.

- Save the registry

- Delete recovery points

- Create a restore point

During this phase, KpRm first activates system recovery and then deletes recovery points that were created less than 24 hours ago. After creating a restore point, this tool will list all the points on the machine. It is important to always check in this list if the restore point has been created, especially if the machine is running on Windows 10.

- Restore system settings

  • Reset DNS cache
  • Reset the WinSock catalog
  • Hide hidden files
  • Hide protected files
  • Show known file extensions

- Restore the UAC

  • ConsentPromptBehaviorAdmin (5)
  • ConsentPromptBehaviorUser (3)
  • EnableInstallerDetection (0)
  • EnableLUA (1)
  • EnableSecureUIAPaths (1)
  • EnableUIADesktopToggle (0)
  • EnableVirtualization (1)
  • FilterAdministratorToken (0)
  • PromptOnSecureDesktop (1)
  • ValidateAdminCodeSignatures (0)

Project website: https://kernel-panik.me/tool/kprm/

Contributors

You can’t perform that action at this time.