KpRm 1.13.2 Release

KpRm is a tool to use to finalize a disinfection, it removes the following software:

  • AdliceDiag (Tigzy)
  • Ads (Gen-Hackman)
  • AdsFix (Gen-Hackman)
  • AdwCleaner (Malwarebytes)
  • AHK_NavScan (Batch_Man)
  • AlphaDecrypter (Michael Gillespie)
  • AswMBR (Avast!Software)
  • AuroraDecrypter (Michael Gillespie)
  • AutorunsVTChecker (regist)
  • AVCertClean (fr33tux)
  • Offline CryptoMix Ransomware Decryptor (Avast!Software)
  • Avenger (swandog46)
  • BitKangarooDecrypter (Michael Gillespie)
  • BitStakDecrypter (Michael Gillespie)
  • BlitzBlank (Emsisoft)
  • BTCWareDecrypter (Michael Gillespie)
  • Catchme (Gmer)
  • Check Browsers LNK (Alex Dragokas & regist)
  • CKScanner (askey127)
  • Clean_DNS (Gen-Hackman)
  • ClearLNK (Alex Dragokas)
  • CMD_Command (Gen-Hackman)
  • CoinVaultDecryptor (Kaspersky Labs)
  • Combofix (sUBs)
  • Crypt38Decrypter (Michael Gillespie)
  • CryptoSearch (Michael Gillespie)
  • DDS (sUBs)
  • CryptON Ransomware Decryptor (Emsisoft)
  • Defogger (jpshortstuff)
  • DCryDecrypter (Michael Gillespie)
  • Docteur Web LiveCD
  • EasyRestorePoint (kernel-panik)
  • ESET AES-NI Decryptor (Eset)
  • ESET Bedep Cleaner (Eset)
  • ESET Bubnix Cleaner (Eset)
  • ESET CodplatAA Cleaner (Eset)
  • ESET Conficker Cleaner (Eset)
  • ESET Crypt888 Decryptor (Eset)
  • ESET Crysis Decryptor (Eset)
  • ESET Daonol Cleaner (Eset)
  • ESET Dorkbot Cleaner (Eset)
  • ESET ELEX Cleaner (Eset)
  • ESET Eternal Blue Checker (Eset)
  • ESET Filecoder.AA Cleaner (Eset)
  • ESET Filecoder.AE Cleaner (Eset)
  • ESET Filecoder.AR Cleaner (Eset)
  • ESET Filecoder.NAC Cleaner (Eset)
  • ESET Filecoder.R Cleaner (Eset)
  • ESET GandCrab Decoder (Eset)
  • ESET Goblin Cleaner (Eset)
  • ESET JS/Bondat Fixer (Eset)
  • ESET Mabezat Decryptor (Eset)
  • ESET Mebroot Cleaner (Eset)
  • ESET Necurs.A Cleaner (Eset)
  • ESET Medre Cleaner (Eset)
  • ESET Olmarik Cleaner (Eset)
  • ESET Online Scanner (Eset)
  • ESET Poweliks Cleaner (Eset)
  • ESET Quervar.C Cleaner (Eset)
  • ESET Retefe Detector (Eset)
  • ESET Retacino Cleaner (Eset)
  • ESET Rogue Applications Remover (Eset)
  • ESET Simda Cleaner (Eset)
  • ESET Sirefef Cleaner (Eset)
  • ESET Spy.Tuscas Cleaner (Eset)
  • ESET SpyEye Cleaner (Eset)
  • ESET Spy.Zbot.ZR Cleaner (Eset)
  • ESET Superfish Cleaner (Eset)
  • ESET SysRescue (Eset)
  • ESET TeslaCrypt Decryptor (Eset)
  • ESET Trustezeb.A Decoder (Eset)
  • ESET VB.NAX Cleaner (Eset)
  • ESET VB.OGJ Cleaner (Eset)
  • ESET Virlock Cleaner (Eset)
  • ESET Zimuse Cleaner (Eset)
  • FilesLockerDecrypter (Michael Gillespie)
  • FixExec (BleepingComputer)
  • FixPurge (McVivien2)
  • FRST (Farbar)
  • FSS (Farbar)
  • GetSystemInfo (Kaspersky Labs)
  • GhostCryptDecrypter (Michael Gillespie)
  • GIBON Ransomware Decryptor (Michael Gillespie)
  • GooredFix (jpshortstuff)
  • GrantPerms (Farbar)
  • HiddenTear Bruteforcer (Michael Gillespie)
  • HiddenTear Decrypter (Michael Gillespie)
  • HostsXpert (funkytoad)
  • Hosts-perm.bat (BleepingComputer)
  • InsaneCryptDecrypter (Michael Gillespie)
  • JavaRa (Fred de Vries et Paul McLain)
  • Jigsaw Decrypter (Michael Gillespie)
  • Junkware Removal Tool (Malwarebytes corporation)
  • KPLive (kernel-panik)
  • ListCWall (BleepingComputer)
  • ListParts (Farbar)
  • LogOnFix (Xplode)
  • MBAR (Malwarebytes corporation)
  • MBRCheck (a_d_13)
  • MbrScan (Eric_71)
  • mbr.exe (Gmer)
  • McAfee Labs RootkitRemover (McAfee)
  • MicroCop Decryptor (Michael Gillespie)
  • Miniregtool (Farbar)
  • Minitoolbox (Farbar)
  • MKV (El Desaparecido & C_XX)
  • Mole02Decryptor (M AV)
  • OneClick2RP (Laddy)
  • OTA (Old_Timer)
  • OTC (Old_Timer)
  • OTH (Old_Timer)
  • OTL (Old_Timer)
  • OTM (Old_Timer)
  • OTS (Old_Timer)
  • PCHunter (epoolsoft)
  • Pre_Scan (Gen-Hackman)
  • PowerLockyDecrypter (Michael Gillespie)
  • ProcessClose (Gen-Hackman)
  • QuickDiag (Gen-Hackman)
  • RakhniDecryptor (Kaspersky Lab)
  • Rannoh Decryptor (Kaspersky Lab)
  • RansomNoteCleaner (Michael Gillespie)
  • RegtoolExport (Xplode)
  • Remediate VBS Worm (bartblaze)
  • Report_Antivir (Laddy)
  • Report_CHKDSK (Laddy)
  • ResetNavigator (SoftwareQuality)
  • Rkill (Grinler)
  • RogueKiller (Tigzy)
  • Rooter (Team IDN)
  • RootkitRevealer (Microsoft)
  • RstAssociations (Xplode) (scr) (exe)
  • RstHosts (Xplode)
  • ScanRapide (Lydem)
  • ShadeDecryptor (Kaspersky Labs)
  • Shortcut Cleaner (BleepingComputer)
  • Seaf (C_XX)
  • SecurityCheck (screen317)
  • ServicesRepair (Eset)
  • SMBCheck (Webroot)
  • StrikedDecrypter (Michael Gillespie)
  • StupidDecryptor (Michael Gillespie)
  • Symantec Kovter Removal Tool (Symantec)
  • SystemLook (jpshortstuff)
  • SFTGC (Pierre13)
  • TDSSkiller (Kaspersky Labs)
  • TFC (Old_Timer)
  • ToolsDiag (Amesam)
  • UAC-LEVEL (Amesam)
  • UAC Manager (Xplode)
  • UnHide (BleepingComputer)
  • Unlock92Decrypter (Michael Gillespie)
  • Usb File Resc (Streuner Corporation)
  • UsbFix (El desaparecido & C_XX)
  • UnZacMe (Gen-Hackman)
  • Webroot DE-BUG (Webroot)
  • WildfireDecryptor (Kaspersky Labs)
  • WinChk (Xplode)
  • WinsockAnalyzer (Xplode)
  • WinUpdatefix (Xplode)
  • XoristDecryptor (Kaspersky Labs)
  • ZHPCleaner (Nicolas Coolman)
  • ZHPDiag (Nicolas Coolman)
  • ZHPLite (Nicolas Coolman)
  • ZHPFix (Nicolas Coolman)
  • Zoek (Smeenk)

 

The search for executables downloaded by the user is only performed in the Desktop and the download folder. To respect Nicolas Coolman's choice, the quarantine of ZHP tools located under AppData\ZHP is no longer deleted, however a line in the report indicates its presence.

 

- Save the registry

To restore hives easily, it is possible to use KPLive.

 

- Delete recovery points

 
- Create a restore point

During this phase, KpRm first activates system recovery and then deletes recovery points that were created less than 24 hours ago. After creating a restore point, this tool will list all the points on the machine. It is important to always check in this list if the restore point has been created, especially if the machine is running on Windows 10.

 
- Restore system settings

    Reset DNS cache
    Reset the WinSock catalog
    Hide hidden files
    Hide protected files
    Show known file extensions

 
- Restore the UAC

    ConsentPromptBehaviorAdmin (5)
    ConsentPromptBehaviorUser (3)
    EnableInstallerDetection (0)
    EnableLUA (1)
    EnableSecureUIAPaths (1)
    EnableUIADesktopToggle (0)
    EnableVirtualization (1)
    FilterAdministratorToken (0)
    PromptOnSecureDesktop (1)
    ValidateAdminCodeSignatures (0)

 

Project website: https://kernel-panik.me/tool/kprm/

Source code: https://github.com/KernelPan1k/KpRm

 

Downloads 13,477
Weekly downloads 1,309
Publisher kernel-panik
By kernel-panik
Created on 27 May 2019
Last update 14 October 2019
Category Cleaners
Operating system Windows

More