pskill.exe

Sysinternals PsTools - PsKill

Utility ToolSafeProcess Killer

CPU Usage

1-5%

Memory

1-10 MB

Location

C:\SysinternalsSuite\PsTools

Publisher

Microsoft / Sysinternals

Quick Answer

pskill.exe is safe. A Sysinternals PsTools utility used to forcibly terminate a Windows process by PID or image name, typically run by admins in local or remote contexts.

Is it a Virus?

✔ NO - Safe

Must be located in C:\SysinternalsSuite\PsTools\pskill.exe or C:\Program Files\Sysinternals\PsTools\pskill.exe and digitally signed by "Mark Russinovich" / "Sysinternals"

Warning

Potentially disruptive

Kills processes immediately; terminating a critical system service or editor may cause data loss. Use with admin rights and verify target.

Can I Disable?

✔ YES

pskill.exe is a tool, not a background service. It won't run unless invoked by a user or script.

What is pskill.exe?

pskill.exe is the command-line utility from Sysinternals PsTools that terminates a targeted Windows process. It supports killing by PID or image name, and can operate locally or across a network when proper credentials are supplied.

pskill.exe uses Windows APIs to terminate processes; it requires appropriate permissions and may target multiple IDs. It is designed for administrators to manage processes across machines without rebooting.

Quick Fact: PsTools was created by Mark Russinovich and is widely used by IT pros to manage processes across machines.

Types of PsKill Operations

Local Termination: Kills a process on the current machine by PID or image name
Remote Termination: Targets a process on a remote machine using credentials
Forced Termination: Termination without prompting to save data (use with caution)
Graceful Alternatives: Suggests closing via graceful methods where possible before forceful kill

Is pskill.exe Safe?

Yes, pskill.exe is safe when obtained from the official Sysinternals PsTools package and run with the proper permissions.

Is pskill.exe a Virus or Malware?

The real pskill.exe is NOT a virus. Malware may imitate names, so verify signature and path.

How to Tell if pskill.exe is Legitimate or Malware

File Location: Must be in C:\SysinternalsSuite\PsTools\pskill.exe or C:\Program Files\Sysinternals\PsTools\pskill.exe.
Digital Signature: Right-click pskill.exe -> Properties -> Digital Signatures. Should show signed by "Mark Russinovich" / "Sysinternals."
Resource Usage: Normal usage is minimal when idle; monitor if it spikes unexpectedly while idle.
Behavior: The tool runs only when invoked from a prompt or script; no background activity should occur.

Red Flags: If pskill.exe is found outside Sysinternals PsTools folders or lacks a valid signature, or runs unsolicited in the background, run a malware scan.

Why Is pskill.exe Running on My PC?

pskill.exe runs when invoked by an administrator or automation to terminate a misbehaving process. It can be started locally or via script to stop a frozen or unwanted task immediately.

Reasons it's running:

Active Administrative Termination: You're actively terminating a process as part of troubleshooting or maintenance.
Remote Management: A remote admin session or management script is terminating a process on another machine.
Automated Cleanups: Maintenance scripts or monitoring tools may invoke pskill to shut down stuck processes.
Security Scans: Security software may terminate suspected malicious processes during containment.
Startup or Background Usage: Less common, but some admin tools preload utilities at startup to manage processes quickly.

Can I Disable or Remove pskill.exe?

Yes, you can remove or avoid running pskill.exe. It is not a core Windows component; removing the PsTools suite reduces available admin tooling.

How to Stop pskill.exe

Close Prompt or Script: Terminate any active console or script that is invoking pskill.exe.
Prevent Access: Do not run ps* tools from shared folders; restrict admin tooling to authorized admins.
Stop Startup: If invoked on startup via a task, disable or delete the task in Task Scheduler.
Audit and Incident Response: Review logs and endpoints to ensure not abused by malware.
Reinstall Clean PsTools: If you need PsTools, reinstall from official source and ensure proper antivirus scanning.

How to Uninstall PsTools (pskill.exe)

✔ Uninstall PsTools from the Sysinternals package or delete the PsTools folder if you manage distributions manually.
✔ Delete the pskill.exe file from its PsTools folder to prevent accidental usage.
✔ Run a security scan and verify no other ps* tools remain in system paths.

Common Problems: High CPU or Memory Usage

If pskill.exe is consuming unusual resources or appears to run unexpectedly, check usage patterns and ensure legitimate invocation.

Common Causes & Solutions

Incorrect Invocation: Double-check the syntax and target PID or image name; use 'pskill <pid>' or 'pskill <image>' to specify correctly.
Ambiguous Target: If multiple processes share the same image, specify unique identifiers or list processes first.
Malicious Script: Scan scripts for malicious payloads that spawn pskill.exe; ensure scripts come from trusted sources.
Remote Termination Fail: Ensure proper credentials and firewall permissions for remote endpoints.
Lack of Privileges: Run as Administrator to terminate protected processes.
Outdated PsTools: Update to the latest PsTools suite to ensure compatibility with newer Windows versions.

Quick Fixes:
1. Open a Command Prompt as Administrator and run 'pskill -l' to list processes.
2. Verify target and retry with the exact PID or image name.
3. Ensure the PsTools folder is accessible and not blocked by antivirus.
4. Update PsTools to the latest version from the official source.
5. Seek alternatives: close applications gracefully when possible before killing tasks.

Frequently Asked Questions

Is pskill.exe a virus?

No, the official pskill.exe from Sysinternals PsTools is not a virus. Verify location: C:\SysinternalsSuite\PsTools\pskill.exe and signature from Mark Russinovich.

How do I use pskill.exe to kill a process by PID?

Open a privileged command prompt and run: pskill.exe <PID> or pskill.exe -t <pid> for termination of a single process.

Can I kill a process on a remote computer with pskill.exe?

Yes. Use: pskill.exe \\RemoteComputer <PID> or pskill.exe \\RemoteComputer -u <user> -p <password> <image> to terminate remotely.

Where is pskill.exe located?

Common locations are: C:\SysinternalsSuite\PsTools\pskill.exe or C:\Program Files\Sysinternals\PsTools\pskill.exe.

Do I need to install PsTools to use pskill?

Yes, pskill.exe is part of the PsTools suite. Install PsTools from the official Sysinternals site to obtain pskill.exe and other utilities.

Is pskill.exe safe to remove?

Yes, if you do not use PsTools, you can remove pskill.exe by uninstalling PsTools or deleting the folder carefully after backups.