Downloaded 8674 times.
Current Version v220.127.116.11 (Released December 2nd, 2021)
The best usage case for KillEmAll to most users is to close all open web browser windows if you get a suspected malicious popup while visiting a website. The the reason you don’t simply close or “X out” the popup is because malicious code can be run even if you click the X button — it is after all just another button, you might as well be clicking “OK” or “Yes, please do what you want with my PC…” but if you don’t click anything and KillEmAll does the work, forcing the application’s process to close without any additional code execution.
- Other tasks that benefit from the advantage of quickly and forcefully closing all applications:
- before performing maintenance on your PC,
- before and during general troubleshooting,
- or before playing resource intensive games.
Simply run the .exe (from anywhere, even a flash drive or network path) and then press a key to terminate unnecessary programs; you have other options such as you can press ‘D‘ for Debug mode (more on that below), press ‘U‘ to check for updates, or press ‘C‘ to show the configuration interface. Note that pressing ‘C’ for the configuration interface or ‘U’ to check for updates requires write access to the current KillEmAll path.
If your Windows is configured with UAC enabled (default) then you can right-click and choose Run as Administrator to kill all other programs running under an Administrator/System account (this is not necessary if you configure KillEmAll to Always Run as Administrator on startup.)
After completing the task of terminating all unnecessary processes, you the option to press ‘L‘ to generate a log file. If at any time you do this, the log file will be saved with any results from terminating processes both past and future within the same KillEmAll session, even if elevating to Administrator or TrustedInstaller from within KillEmAll. The log file will be displayed when KillEmAll closes.
Hold down the CTRL key while starting KillEmAll to start immediately in DEBUG mode, allowing you to terminate each process one by one, optionally skipping termination of certain processes, and (with v21.1.4 or later) optionally allowing you to Search the web for each process name you are about to terminate. With v21.11.26 and later you have the ability to configure different web search engines so you are not restricted to Google. With v21.11.30 and later you have the options to add the process to an allowed programs list so that it is ignored in the future, and you have the option to block the program from running (this is a system wide setting that applies whether KillEmAll is running or not.)
Hold down the SHIFT key while starting KillEmAll to automatically run under the TrustedInstaller account, bypassing the security permissions of other processes.
Obviously, any data used by the applications being closed, if not previously saved, will be lost!
- Run “KillEmAll.exe /?” from a console window to see current command line arguments for scripting purposes.
- Run “KillEmAll.exe /auto” to ensure KillEmAll runs automatically without prompting the user before or after running.
- Run “KillEmAll.exe /auto /log[=file]” to run automatically and log to a file.
- ex. KillEmAll.exe /auto /log (this will create a file named “KillEmAll_Log.txt” in the current directory.)
- Optionally specify a filename or a full path and filename; if path or filename contains spaces you must wrap in quotes:
- ex. KillEmAll.exe /auto /log=log.txt
- ex. KillEmAll.exe /auto /log=”some log.txt”
- ex. KillEmAll.exe /auto /log=”c:\some path\some log.txt”
- Run “KillEmAll.exe /debug” to start KillEmAll in DEBUG mode, allowing you to terminate each process one by one, optionally skipping termination of certain processes (this will override the /auto switch.)
- Run “KillEmAll.exe /config” to force Configuration mode (requires v21.11.26 or above.)
- Run “KillEmAll.exe /update” to update only and then exit (requires v18.104.22.168 or above.)
- Pressing an invalid key in Debug mode no longer terminates the process (as if you had pressed the default ‘Y‘ key) now you can only press ‘Y‘, Spacebar, or ENTER to terminate the process.
- Added config option to always display extended file information in Debug mode.
- Added Debug mode option to Press ‘H‘ to display the Help menu.
- Added Debug mode option to Press ‘I’ to print Information on a file (e.g. version, last modified date, several internal file strings like product name, company, file description, etc., and MD5/SHA256 file hashes.)
- Added Debug mode option to Press ‘O’ to open the file path in Windows Explorer.
- Improved application flow around d7x integration, including providing additional on screen information.
- v22.214.171.124 – Added d7x integration when an active d7x session is located on the system (KillEmAll does NOT need to be located in the same directory as d7x, but only if d7x is run prior to KillEmAll.)
- Debug mode contains two additional d7x related options: (Note d7x MUST be in an active session, meaning it has been run on the system at least once before.)
- Press ‘E’ to Examine file with d7x.
- Press ‘R’ to start a Registry search with d7x.
- If a KillEmAll_Log.txt file exists in the same directory as KillEmAll.exe, it will still be used, otherwise one will be created in the current d7x Reports directory instead. (Active d7x session required.)
- Additional behaviors when an active d7x session is detected on the system (or if KillEmAll.exe is located in the same directory as a d7x vX.X.X.X.exe file, an active d7x session is not necessary):
- If a KillEmAll_Allowed.txt doesn’t exist in the current directory, the d7x KillEmAll whitelist will be used.
- If a KillEmAll.cfg file doesn’t exist in the current directory, one will be used inside the d7x Config directory. In this way, KillEmAll preferences will be saved along with your d7x Config.
- Pressing ‘I‘ at either the KillEmAll starting or finished prompt will show info on what config, definitions, and report files are being used, whether or not d7x is in an active session, and if any command line arguments were passed.
- Debug mode contains two additional d7x related options: (Note d7x MUST be in an active session, meaning it has been run on the system at least once before.)
- Since program blocking of Windows Store Apps doesn’t work like it does with native Win32 programs, this release adds detection of Windows Store Apps when in Debug mode to warn the user that program blocking won’t work with the app. The option to block a Store App may be removed entirely in the future, although it will still allow you to create the program block setting for now, just in case we discover that it works with some Store Apps.
- Added an Allow list, so programs on this list will not be terminated. You can add to the Allow list either by pressing ‘A‘ in Debug mode, or through KillEmAll Configuration.
- Added ability to Block programs from execution, meaning they cannot run. This is a system-wide setting and takes effect even after KillEmAll is closed. Add to the Blocked programs by pressing ‘B‘ in Debug mode, and remove the block in KillEmAll Configuration. Note that KillEmAll must be Run as Administrator to enable the add/remove block functionality. Note that program blocking does NOT work with Windows Store Apps!
- NOTE: Some Debug mode hotkeys have changed due to new features (see above!)
- You can now Run as TrustedInstaller directly from Standard User mode at any prompt you would normally also be allowed to Run as Administrator OR by simply holding the SHIFT key while starting KillEmAll normally (this is not available when KillEmAll is running from a network drive, from there it must progress to Administrator first then TrustedInstaller .)
- KillEmAll previously didn’t show the ending menu/prompt after process termination when it was run by typing “killemall” at a command prompt/console window, this was by design but due to other functionality it needed to be changed, so now it shows the ending menu/prompt regardless of how you launch KillEmAll.
- Fixed an issue when passing /log=”alt_log_filename.txt” but relaunching KillEmAll as Administrator or TrustedInstaller was losing the custom filename originally passed to KillEmAll.exe, now it preserves the file name (or full file path) passed when relaunching itself.
- KillEmAll now remembers if you selected to create a log file (or if the /log command line argument was passed) when relaunching itself (as Administrator or TrustedInstaller), and so it will automatically log the new sessions, showing you the final log when you close KillEmAll as expected.
- Fixes and tweaks to functionality and application flow when KillEmAll doesn’t have write access to its own directory (preventing Config from saving or Updates from being installed.)
- Other minor fixes and tweaks.
- v126.96.36.199 – Added ability to skip terminating the remaining processes (or not) when quitting Debug mode by pressing ‘Q’ before it has completed.
- v188.8.131.52 – Added a ‘dummy EXE’ to install to C:\Windows by default when blocking a program, because the program blocking requires a redirected executable, or a dummy. In the previous two releases KillEmAll configured the dummy as “cmd.exe /c echo.” which satisfied Windows so that it didn’t throw “File not found” errors when the blocked program tried to run, however this caused a brief console window (command prompt) to flash on screen every time a blocked program ran. With this release a dummy EXE runs silently and uses no resources, terminating instantly, so that your applications in the foreground do not briefly lose focus with a flashing console window. Note any programs blocked with the previous two releases should be blocked again. This setting can be disabled in Config, (uncheck “Prevent File Not Found Errors” under the Blocked Programs list.)
- Added the option to Press ‘R‘ to Run KillEmAll again after any KillEmAll process termination run, in addition to ‘D‘ for Debug mode, ‘C‘ for Config, and ‘U‘ to check for updates.
- Pressing ‘L‘ to save the log file when prompted will automatically save the entire session (both past and future results) recorded within the same KillEmAll process.
- Fixed process termination result not appearing directly under the process to terminate when selected in Debug mode (a recent problem that only occurred with the previous update.)
- Fixed an annoying issue with occasional new line characters (CRLF) appearing as a character on screen rather than moving the cursor to a new line position, causing confusing/jumbled text on the screen.
- Added config option to automatically terminate processes on startup.
- Added ability to Press ‘C’ for KillEmAll Configuration at any prompt, even during Debug mode.
- Process termination speed increased quite a bit (previously, for each process the text output was written to the console window before moving on to the next process, but writing to the console window each time was proving to be a slow task; with this version all processes are terminated before any output is written to the console window.)
- Added wrapping quotes around search strings when using the WebSearch option in Debug mode.
- Added at the startup prompt a Press ‘U’ to update KillEmAll and Press ‘C’ to access the configuration interface with several options.
- Config options include “Always Run as Administrator” on startup and you now have a choice of Web Search engines (not just Google.) This will save (and require) a KillEmAll.cfg file in the same directory as KillEmAll.exe…
- Added Debug mode option to Press ‘A’ at any time to Abort Debug mode and terminate ALL remaining processes. Starting with this release, the default is to search by filename only when searching the web for a process (this can be changed in configuration.) Introduced ‘/config’ and ‘/update’ command line arguments.
- Added additional internal whitelisting for Windows 10/11 based components
- Implemented a [Press ‘D’ for debug, or any other key to start…] prompt when initially starting KillEmAll without command line arguments or holding down special keys,
- Tweaked the command line arguments (/auto is now requried for complete automation)
- Removed the “Mini” from the name “KillEmAll Mini” while removing downloads for all other KillEmAll variations except KillEmAll.NET (which was also recently updated.)
- v21.1.27 – Corrected an issue that could cause KillEmAll to hang when attempting to terminate certain processes.
- v184.108.40.206 – Adjusted timing for an issue with incorrectly reporting ‘Terminated=FALSE’ when it was in fact terminated.
- v220.127.116.11 – Debug mode now terminates or skips multiple processes of the same name with one user prompt.
- v21.1.5 – Fixed a crash issue on Windows XP; minor tweaks to display output.
- v21.1.4 – Added option to press ‘G‘ to ‘Google’ the process name while in debug mode.
- v20.12.31 – Added options to generate a log file, to run as Administrator or TrustedInstaller, and added a debug mode!
- v18.104.22.168 – No longer attempts (and fails) to terminate a few Windows Defender processes.
- v20.12.28 – Now displays a console window showing each process terminated.
- v19.4.15 – Now terminates processes roughly 5x faster!
- All versions work with Windows Vista, 7, 8, 8.1, 10, and Windows 11.
- Windows XP compatibility has been officially abandoned in current releases, and no future support will be provided. KillEmAll does terminate processes on Windows XP, but whether or not all of the menu prompts work as expected is not guaranteed. The automation-based command line arguments /auto and /log should function as expected.
- Windows Terminal Note: KillEmAll may not function as expected when run from inside Windows Terminal; current versions will terminate the Windows Terminal process altogether and this terminates KillEmAll. Initial attempts at fixing that behavior didn’t go well, and while it’s being worked on for a future release, no guarantees will be made that it will ever be compatible. Note in Windows 11 that even when Windows Terminal is configured as the default Windows terminal application, when double-clicked on from Windows Explorer, KillEmAll will runs under the traditional console in its own window. Since KillEmAll does not start in Windows Terminal like other apps or batch files will, KillEmAll functions completely as expected.
KillEmAll is FREE for both personal and commercial usage.
An Open-Source Alternative: KillEmAll.NET
KillEmAll.NET is a very fast open-source implementation of KillEmAll minus a few features, namely it lacks the ability to create an allowed programs list, the ability to block programs, the ability to update itself, and the ability to run as TrustedInstaller. Created and recommended for anyone requiring open-source software, such as those with restrictive rules against using 3rd party products in their production environments. Unlike the standard KillEmAll, the open-source KillEmAll.NET requires the .NET Framework 4.0 to be installed.
Download the current release and/or source code here: https://github.com/FoolishTech/KillEmAll.NET
- Software advertised as “free” on this website is intended as free for personal as well as commercial usage, unless otherwise specified on the product page itself (where it would typically involve some extended functionality labeled as a ‘premium’ feature, or possibly where commercial functionality or support is desired.)
- All free software on this website is distributed “as-is” with no warranty or guarantee of any kind; this includes product support as well as any compensation monetary or otherwise for any damages resulting from the use or misuse of this software.
- See the inserted EULA.txt or product Info.txt file within the product download for the full end user license agreement.
We’re glad you wish to make a donation to our team, and even more so that whatever we’ve done for you was worth it!
Thank you for supporting our team, from the entire crew at d7xTech, Inc!
($5 minimum - do not use a $ in the price field!)
Interested in Anti-Malware?
CryptoPrevent Anti-Malware is a robust anti-virus/anti-malware software supplement, filling a huge gap that exists with traditional security solutions to provide protection against a growing multitude of new and emerging ransomware and other malicious software threats.