KpRm is a freeware tool that can help finalize cleaning up after removing a nasty infection by removing most known antimalware apps, backing up the registry, create and delete System Restore points, UAC restore, and restore system settings.
We've all been there, forced to install numerous antimalware apps to get rid of a nasty infection. Now we have multiple applications and files scattered all over the hard drive. We could remove them one-at-a-time and waste even more time, or you can download KpRm and take it with you.
KpRm is small and easy to use. Delete tools is the only option on, by default, but other options are available. You can back up the registry, delete System Restore points, UAC restore, create a Restore Point, and restore system settings.
KpRm is a tool to use to finalize a disinfection; the current list of apps that KpRm can remove includes:
- AdliceDiag (Tigzy)
- Ads (Gen-Hackman)
- AdsFix (Gen-Hackman)
- AdwCleaner (Malwarebytes)
- AHK_NavScan (Batch_Man)
- AlphaDecrypter (Michael Gillespie)
- AswMBR (Avast!Software)
- AuroraDecrypter (Michael Gillespie)
- AutorunsVTChecker (regist)
- AVCertClean (fr33tux)
- Offline CryptoMix Ransomware Decryptor (Avast!Software)
- Avenger (swandog46)
- BitKangarooDecrypter (Michael Gillespie)
- BitStakDecrypter (Michael Gillespie)
- BlitzBlank (Emsisoft)
- BTCWareDecrypter (Michael Gillespie)
- Catchme (Gmer)
- Check Browsers LNK (Alex Dragokas & regist)
- CKScanner (askey127)
- Clean_DNS (Gen-Hackman)
- ClearLNK (Alex Dragokas)
- CMD_Command (Gen-Hackman)
- CoinVaultDecryptor (Kaspersky Labs)
- Combofix (sUBs)
- Crypt38Decrypter (Michael Gillespie)
- CryptoSearch (Michael Gillespie)
- DDS (sUBs)
- CryptON Ransomware Decryptor (Emsisoft)
- Defogger (jpshortstuff)
- DCryDecrypter (Michael Gillespie)
- Docteur Web LiveCD
- EasyRestorePoint (kernel-panik)
- ESET AES-NI Decryptor (Eset)
- ESET Bedep Cleaner (Eset)
- ESET Bubnix Cleaner (Eset)
- ESET CodplatAA Cleaner (Eset)
- ESET Conficker Cleaner (Eset)
- ESET Crypt888 Decryptor (Eset)
- ESET Crysis Decryptor (Eset)
- ESET Daonol Cleaner (Eset)
- ESET Dorkbot Cleaner (Eset)
- ESET ELEX Cleaner (Eset)
- ESET Eternal Blue Checker (Eset)
- ESET Filecoder.AA Cleaner (Eset)
- ESET Filecoder.AE Cleaner (Eset)
- ESET Filecoder.AR Cleaner (Eset)
- ESET Filecoder.NAC Cleaner (Eset)
- ESET Filecoder.R Cleaner (Eset)
- ESET GandCrab Decoder (Eset)
- ESET Goblin Cleaner (Eset)
- ESET JS/Bondat Fixer (Eset)
- ESET Mabezat Decryptor (Eset)
- ESET Mebroot Cleaner (Eset)
- ESET Necurs.A Cleaner (Eset)
- ESET Medre Cleaner (Eset)
- ESET Olmarik Cleaner (Eset)
- ESET Online Scanner (Eset)
- ESET Poweliks Cleaner (Eset)
- ESET Quervar.C Cleaner (Eset)
- ESET Retefe Detector (Eset)
- ESET Retacino Cleaner (Eset)
- ESET Simda Cleaner (Eset)
- ESET Sirefef Cleaner (Eset)
- ESET Spy.Tuscas Cleaner (Eset)
- ESET SpyEye Cleaner (Eset)
- ESET Spy.Zbot.ZR Cleaner (Eset)
- ESET Superfish Cleaner (Eset)
- ESET SysRescue (Eset)
- ESET TeslaCrypt Decryptor (Eset)
- ESET Trustezeb.A Decoder (Eset)
- ESET VB.NAX Cleaner (Eset)
- ESET VB.OGJ Cleaner (Eset)
- ESET Virlock Cleaner (Eset)
- ESET Zimuse Cleaner (Eset)
- FilesLockerDecrypter (Michael Gillespie)
- FixExec (BleepingComputer)
- FixPurge (McVivien2)
- FRST (Farbar)
- FSS (Farbar)
- GetSystemInfo (Kaspersky Labs)
- GhostCryptDecrypter (Michael Gillespie)
- GIBON Ransomware Decryptor (Michael Gillespie)
- GooredFix (jpshortstuff)
- GrantPerms (Farbar)
- HiddenTear Bruteforcer (Michael Gillespie)
- HiddenTear Decrypter (Michael Gillespie)
- HostsXpert (funkytoad)
- Hosts-perm.bat (BleepingComputer)
- InsaneCryptDecrypter (Michael Gillespie)
- JavaRa (Fred de Vries et Paul McLain)
- Jigsaw Decrypter (Michael Gillespie)
- Junkware Removal Tool (Malwarebytes corporation)
- KPLive (kernel-panik)
- ListCWall (BleepingComputer)
- ListParts (Farbar)
- LogOnFix (Xplode)
- MBAR (Malwarebytes corporation)
- MBRCheck (a_d_13)
- MbrScan (Eric_71)
- mbr.exe (Gmer)
- McAfee Labs RootkitRemover (McAfee)
- MicroCop Decryptor (Michael Gillespie)
- Miniregtool (Farbar)
- Minitoolbox (Farbar)
- MKV (El Desaparecido & C_XX)
- Mole02Decryptor (M AV)
- OneClick2RP (Laddy)
- OTA (Old_Timer)
- OTC (Old_Timer)
- OTH (Old_Timer)
- OTL (Old_Timer)
- OTM (Old_Timer)
- OTS (Old_Timer)
- PCHunter (epoolsoft)
- Pre_Scan (Gen-Hackman)
- PowerLockyDecrypter (Michael Gillespie)
- ProcessClose (Gen-Hackman)
- QuickDiag (Gen-Hackman)
- RakhniDecryptor (Kaspersky Lab)
- Rannoh Decryptor (Kaspersky Lab)
- RansomNoteCleaner (Michael Gillespie)
- RegtoolExport (Xplode)
- Remediate VBS Worm (bartblaze)
- Report_Antivir (Laddy)
- Report_CHKDSK (Laddy)
- ResetNavigator (SoftwareQuality)
- Rkill (Grinler)
- RogueKiller (Tigzy)
- Rooter (Team IDN)
- RootkitRevealer (Microsoft)
- RstAssociations (Xplode) (scr) (exe)
- RstHosts (Xplode)
- ScanRapide (Lydem)
- ShadeDecryptor (Kaspersky Labs)
- Shortcut Cleaner (BleepingComputer)
- Seaf (C_XX)
- SecurityCheck (screen317)
- ServicesRepair (Eset)
- SMBCheck (Webroot)
- StrikedDecrypter (Michael Gillespie)
- StupidDecryptor (Michael Gillespie)
- Symantec Kovter Removal Tool (Symantec)
- SystemLook (jpshortstuff)
- SFTGC (Pierre13)
- TDSSkiller (Kaspersky Labs)
- TFC (Old_Timer)
- ToolsDiag (Amesam)
- UAC-LEVEL (Amesam)
- UAC Manager (Xplode)
- UnHide (BleepingComputer)
- Unlock92Decrypter (Michael Gillespie)
- Usb File Resc (Streuner Corporation)
- UsbFix (El desaparecido & C_XX)
- UnZacMe (Gen-Hackman)
- Webroot DE-BUG (Webroot)
- WildfireDecryptor (Kaspersky Labs)
- WinChk (Xplode)
- WinsockAnalyzer (Xplode)
- WinUpdatefix (Xplode)
- XoristDecryptor (Kaspersky Labs)
- ZHPCleaner (Nicolas Coolman)
- ZHPDiag (Nicolas Coolman)
- ZHPLite (Nicolas Coolman)
- ZHPFix (Nicolas Coolman)
- Zoek (Smeenk)
The search for executables downloaded by the user is only performed in the Desktop and the download folder. To respect Nicolas Coolman's choice, the quarantine of ZHP tools located under AppData\ZHP is no longer deleted, however a line in the report indicates its presence.
Homepage: https://kernel-panik.me/tool/kprm/
Download page: https://toolslib.net/downloads/viewdownload/951-kprm/
Changelog: https://toolslib.net/downloads/viewdownload/951-kprm/history/
v1.10:
- Always Grant All Access in last pass
- Added the ESET Online Scanner link for removal
- Added the following tools for removal
- Dr.Web LiveDisk
- KPLive
- ESET Zimuse Cleaner
- ESET Virlock Cleaner
- ESET VB.OGJ Cleaner
- ESET VB.NAX Cleaner
- ESET Trustezeb.A Decoder
- ESET SpyEye Cleaner
- ESET Spy.Zbot.ZR Cleaner
- ESET Spy.Tuscas Cleaner
- ESET Simda Cleaner
- ESET Retacino Cleaner
- ESET Rovnix.A Cleaner
- ESET Retefe Detector
- ESET Quervar.C Cleaner
- ESET Olmarik Cleaner
- ESET Necurs.A Cleaner
- ESET Mebroot Cleaner
- ESET Mabezat Decryptor
- ESET JS/Bondat Fixer
- ESET Goblin Cleaner
- ESET GandCrab Decoder
- ESET Filecoder.R Cleaner
- ESET Filecoder.NAC Cleaner
- ESET Filecoder.AR Cleaner
- ESET Filecoder.AE Cleaner
- ESET Filecoder.AA Cleaner
- ESET Eternal Blue Checker
- ESET ELEX Cleaner
- ESET Dorkbot Cleaner
- ESET Daonol Cleaner
- ESET Crysis Decryptor
- ESET Crypt888 Decryptor
- ESET CodplatAA Cleaner
- ESET Bubnix Cleaner
- ESET Bedep Cleaner
- ESET AES-NI Decryptor
- ESET Superfish Cleaner
- ESET Medre Cleaner
- ESET Conficker Cleaner
- ESET Poweliks Cleaner
- ESET TeslaCrypt Decryptor
- ESET Sirefef Cleaner
- ESET SysRescue
v1.9:
- Optimise Restore Points Create/Delete
- Adding a RunOnce key + restart to delete undeleted files/folders
The search for executables downloaded by the user is only performed in the Desktop and the download folder. To respect Nicolas Coolman's choice, the quarantine of ZHP tools located under AppData\ZHP is no longer deleted, however a line in the report indicates its presence.
Additional Tools:
- Save the registry
To restore hives easily, it is possible to use KPLive.
- Delete recovery points
- Create a restore point
During this phase, KpRm first activates system recovery and then deletes recovery points that were created less than 24 hours ago. After creating a restore point, this tool will list all the points on the machine. It is important to always check in this list if the restore point has been created, especially if the machine is running on Windows 10.
- Restore system settings
Reset DNS cache
Reset the WinSock catalog
Hide hidden files
Hide protected files
Show known file extensions
- Restore the UAC
ConsentPromptBehaviorAdmin (5)
ConsentPromptBehaviorUser (3)
EnableInstallerDetection (0)
EnableLUA (1)
EnableSecureUIAPaths (1)
EnableUIADesktopToggle (0)
EnableVirtualization (1)
FilterAdministratorToken (0)
PromptOnSecureDesktop (1)
ValidateAdminCodeSignatures (0)
Download: https://download.toolslib.net/download/file/951/2136?s=poqUMRMWhCNtwbH6AUSVra0uy3hOgZ4D
Editor's Note:
Some security software will flag this app as malicious.