How to kill malicious processes

 

Typically, antivirus and antimalware applications ( like spyhunter ) kill malicious processes automatically once detected. That is a preferred way, as these tools know how to precisely recognize bad processes. However, under certain circumstances processes need killing before running a scan:

  1. You want to delete malware manually;
  2. Malware processes block removers from execution or updating their database;
  3. You can not download anti-malware tools;
  4. Malware tools do not have a particular version of parasite in database yet and can not detect it.

It is important to know, that this important first step will stop symptoms for this reboot only, you will need to proceed with removal steps for completely cleaning the PC.

In case you fail to launch spyhunter or any other program, first try rightclicking on them and running as administrator (on windows 7 or Vista).

Using safe mode

Most of malicious processes are inactive when PC operates in safe mode with networking. To reach safe mode with networking, do the following:

  1. Reboot;
  2. Press F8 early on (you can press F8 couple times);
  3. Choose Safe mode with networking (preferably) or safe mode from menu;
  4. On success you should not see any alerts that bother you under normal mode, continue to next steps of malware removal.

This will not work if a malicious process is launched using drivers, master boot record or (in safe mode with networking) launched together with a browser. Also, Safe mode might be disabled.

Killing processes using task manager

The benefit of using task manager is that you do not need to download anything. Task manager is present in all windows computers, though it might be disabled and provides little control

    1. Open task manager by either pressing ctrl+shift+esc or pressing ctrl+alt+del and choosing from menu. For the best results, try doing so just after windows login, while other processes are still loading.
    2. If it fails, go to Start->Run and type taskmgr.
    3. If this fails, go to C:\Windows\System32, copy taskmgr and rename it to 1.scr , 1.com or other random name. Launch that file. You can try right-clicking on it and choosing Run as administrator on Windows Vista or Windows 7.
    4. Choose process TAB, choose to see processes of all users (optional).
    5. Choose malicious process from the list, right click on it.
    6. Press End process.
    7. On successful stop of malicious processes alerts should disappear and you can continue to next steps of malware removal.

taskmanager

Sometimes task manager is disabled by malware. A workaround would be to go to C:\Windows\System32, Make a copy of taskmgr.exe and rename it to 1.exe or iexplore.exe . Launch the file.
If you get a message about task manager disabled by group policy, read this guide on reenabling task manager.

Killing processes using process explorer

Process explorer provides more information on how the processes were launched. Also it is not blocked together with Task Manager. If it is blocked from execution, try saving it as 1.scr, 1.com or iexplore.exe before execution.

  1. Download Process explorer from here : http://download.sysinternals.com/Files/ProcessExplorer.zip and unzip.
  2. Launch process explorer (procexp.exe ).
  3. Select malicious process and press DEL.
  4. On successful stop of malicious processes alerts should disappear and you can continue to next steps of malware removal.

processexplorer

Killing malicious processes using taskkill

Taskkill is an command line tool available on windows machines. This tool will work when malware process name is known and task manager is disabled.

  1. To use task kill, launch it by going to Start->run.
  2. Then entering taskkill /f /im [malwareprocessname].
  3. Press enter.

This approach works very well against rogues using the same process names and some Trojans.

Using automated free malware process killers build in anti-malware programs

Some Anti-malware program installers like SpyHunter and Stopzilla automatically kill all suspected processes during install. This is an aggressive approach, not so different from rkills. However, it works really well against some of the rogues that block execution and install.

Killing malicious processes using RKILL

Rkill is a useful utility by owner of bleepingcomputer.com . It kills all processes that are executed from user folder (where many of the malware resides) and couple other locations. It will not stop all malicious processes or remove malware though. It can be downloaded from http://download.bleepingcomputer.com/grinler/rkill.com.

  1. Download rkill.
  2. Run Rkill, open the saved log and see what processes were stopped.
  3. On a successful stop of malicious processes alerts should disappear and you can continue to next steps of malware removal.

The downside of this approach is that it might leave processes from windows system locations or program files running even if it is malicious.

WHAT NEXT?

 


Successful stopping of the processes will result in disappearance of alerts, advertisements and some of other symptoms of malware for this reboot only. After you reboot, the system reverts to state prior killing the process, so do not reboot till cleaning your PC completely or till explicitly required in other guides.

If you have failed to install and run Anti-Malware tools before the killing of processes or they crashed, now is the perfect time to try this again. They might detect processes you missed too. Do not forget to update them though! spyhunter might help identify files, dlls and registry entries that you have to remove or modify in next steps. The infections are not gone, they are just disabled for this boot. If you can not connect to websites, proceed to this guide on fixing redirections and internet connection problems, just do not reboot in process.

The next logical step is to unregister malicious DLLs and fix the system startup. This needs to be done before deleting the infected files as that might cripple some system functions taken over by malicious parasites.

NOTE

We recommend commenting and asking questions under a particular parasite that troubles you. These instructions are generic, there might be specific tips for a particular form of malware.

by

 

 
 
 

57 thoughts on “How to kill malicious processes

  1. Mr. I Kelsall
     

    Asking people to download anti-malware etc.doesn’t work with AntivirusIS .It blocks all attempts to INSTALL & RUN the downloaded software.It also blocks access to the registry & prevents booting up in ‘Safe’ mode,by de-activating the selection of the ‘safe’ mode function.In other words,the folk who wrote the malware are a darned sight more clever than the folks who wtite all the anti-malware etc. software.
    For example, your advice to download ‘Process Explorer’ is fine,except when you try to install & run it,AntivirusIS
    prevents it,by telling you that it’s infected !!!.It also prevents ‘Task Manager’ from launching.

     
    1. admin
       
       
      Post author

      Mr. I Kelsall
      I recommend reading particular guides related to parasites about specific process stopping techniques. For example, Antivirus IS can be stopped by creating or using another user account (and performing full system scan from it). Also, there are various workarounds how to overcome virus blocking process explorer or task manager.

       
  2. Don Jay
     

    Hi there I am tryng to do all the task show above but my computer screen goes black showing the thinkpoint screen only,when i go to the task manager and end the process the thikpoint screen goes away but the computer screen still stay black witout acess to the window os

     
    1. admin
       
       
      Post author

      Don Jay: In such cases I recommend launching explorer.exe from task manager. In fact it is written in Thinkpoint removal instructions

       
  3. Don Jay
     
     
  4. Don Jay
     

    I dont see it in the task manager, how to launch explorer.exe from the task manager

     
    1. admin
       
       
      Post author

      File->New Task. Enter explorer.exe. If it does not work, enter full path to explorer.exe.

       
  5. maryantoeko
     

    I got the same problem.
    I can’t connect to network.
    then I try with game booster, then stop the hotfix.exe application. then I can run others applications as before infected. maybe it can help. and I still can’t delete this malware. anybody help me?
    thanks…

     
    1. admin
       
       
      Post author

      maryantoeko You will find more help in removal instructions for particular parasite (thinkpoint, I assume).

       
  6. Miles
     

    How am i supposed to know which files on the task manager are the dangerous ones?

     
    1. admin
       
       
      Post author

      Miles: Read guide about specific parasite. Though good bet is to kill processes that are launched from C:\Users\ or C:\Documents and Settings\ and you do not know programs they belong to. Process explorer lets you see the launching path. Also, it is good idea to stop processes that look like random set of numbers and letters (with exception of ones that have only 32 or 64 in the end of the name).

       
  7. karen
     

    need help in stopping processes for antimalware doctor and removing from computer

     
    1. admin
       
       
      Post author

      Karen: Read the specific guide.

       
  8. Alese
     

    I have not paid for internet anti virus 2011 but when i saw the pop up open browsing the internet it showed and asked me a question. I clicked ok but to this day I have not paid for it. The prompts telling me that I need virus protection and that i should buy internet antivirus 2011 pop up more often. I tried deleting it by simply going to the folder and deleting it and then emptying my recyle bin. It said that one file could not be deleted and that i was unauthorized to do so. Then today the ones I deleted were back! I have a 2009 Hp using windows. how do i go about deleting the software without using the steps you wrote? Am I infected? I have a REAL virus scanner that says I do not.

     
    1. admin
       
       
      Post author

      Alese: Scan with Anti-Malware tools instead of your antivirus. See if they identify something. The antiviruses typically miss some of the malware infections, especially new ones.

       
  9. Colin Ryan
     

    How do I get rid of HDD Control if I it wont let me connect to the internet.

     
    1. admin
       
       
      Post author

      Colin Ryan: reboot into safe mode with networking. Basically, it is easy to disable these fake HDD defragmenters – they have a key that is widely known, available under its removal instructions : http://www.2-viruses.com/remove-hdd-control

       
  10. sravan
     

    sir,my system got affected with windows optimization center.I downloaded spywaredoctor but while installing it spyware is switchingoff what to do now……i want to install xp can i?

     
    1. admin
       
       
      Post author

      Try doing so in safe mode with networking.

       
  11. mike787pr
     

    ok im having problems removing this antimalware doctor I cant access the internet through safe mode either I ran malwarebytes but its kinda of useless when u can get an update to fully remove it…I tried the step u had to offer but when i when i went to task manger none of those files r there to delete what do i do?? thank u

     
    1. admin
       
       
      Post author

      Check for randomly named processes. Once you kill right process, anti-malware doctor window will disapear.

       
  12. mike787pr
     

    But how do I get the internet connection going im sure if I can update malawarebytes or have spyware doctor updates working i can fix the problem as i try to reset internet connection the antiware doctor counts down and goes back on icon i click on what should i do to get the internet going….

     
    1. admin
       
       
      Post author

      Speaking about malwaredoctor exactly, it is good idea to run TDSS Killer (preferably in safe mode), which can be downloaded from kaspersky page. Typically, Anti-malware doctors internet issues can be attributed to TDSS rootkit. Another option would be trying using safe mode with networking.

       
  13. salah aaa
     

    trying to remove security shiled , wish me luck

     
  14. JaCk
     

    Is there a perticular name for the virus program cause i cant find it is it related to “windows optimazion security” there wasnt any random programs either, may be it was “undercover” who knows .I used Process explorer and hijackfree but i could not fiugure it out. Before that entered in safe mode tried to open taskmgr.exe but all atempts failed. …guess only option is format!?

     
    1. admin
       
       
      Post author

      Jack:
      It might be something similar to system process names. I would suggest using process explorer and killing by one processes that run under your user account. When you hit main Windows Optimization Security process, its window will disappear. Then look where its files are located. Comment under http://www.2-viruses.com/remove-windows-optimization-security

       
  15. Bruce Kovacs
     

    Will a system restore to a setpoint prior to infection remove personal security sentinel?

     
    1. admin
       
       
      Post author

      Bruce: Likely, though likely that not completely. System restore might leave trojan downloader or rootkit infections. Only format or scan with several tools ensure that system is clean for real.

       
  16. Fab
     

    Hi, i have something called smart internet protection that has infected my PC. how do i go about removing this as when i try to use spyware doctor in safe mode, it wont allow me to launch it?

    thankyou

     
  17. desiree
     

    I cant even get on the internet to download
    anything to get rid of the Win 7 total security…even in safe mode! What do I do now?PLZ help me!

     
    1. admin
       
       
      Post author

      Desiree: have your read specific guide for http://www.2-viruses.com/remove-win-7-total-security ? Try the key mentioned in that guide, it should allow you to reenable some of PC functions.

       
  18. Frodo Baggins
     

    I recently had a bout with XP Home Security 2011 a trojan virus that I opened up in my desktop out of stupid curiosity. After trying all of the above and about to wipe my drive and reload the operating system it ocurred to me to get into the C files under programs I found my spyware called Spybot that I was totally unable to use due to this virus then I found two icons for initiating the program and lo and behold one of them worked and it came on and killed the virus in a few minutes. I have simplified but it was a desperate move and it worked by accident. Try it it may work for you…

     
  19. leopard
     

    Really bad xp internet security.
    It blocks IE and Firefox,but it does not block Googlw chrome.So it is better to have 1

     
  20. Lyndsey
     

    Hi, my computer has been infected with Antivirus Center and I was wondering if it was okay to get rid of it with Spysweeper instead of Spyware Doctor. Spysweeper has detected it, but will it help get rid of it? I do have Malwarebytes. PLease help because it’s taking over my system!

     
  21. xteive
     

    hi,i hav downloaded the spyware doctor and have already reboot computer in safe mod with networking, but stil i cannot lunch the doctor spyware . . . plx need help . . .please HELP

     
    1. admin
       
       
      Post author

      xteive: Right-click on executable and choose run as administrator on Vista/Windos 7.
      It depends on particular parasite.

       
  22. H Rudd
     

    I just did a system restore and set the date the the previous day…hmm seemed to work

     
    1. admin
       
       
      Post author

      H Rudd: After system restore is good idea to scan anyways. Depending on OS and parasite, system restore does not restore everything 100%, thus infections MIGHT remain.

       
  23. Dawson
     

    I located the exe file related to privacy protection and both renamed the file and moved it to the desktop. Once I rebooted the computer the program didn’t start. After that I simply deleted the file. I am sure that the virus isn’t completely gone, but these steps did allow me to retake control of my pc.

     
  24. ASears
     

    I am having a major malfunction with AV Protection 2011. My daughter downloaded it on her desktop and I am having problems removing it. Help please…..

     
  25. Penang island, malaysia
     

    If you see this I know you are panic now, so I will go direct to the point.
    1. JUST pull out the electric cable and plug in again, select safe mode and wait until it get in to window.
    2. Goto “START” and type in “msconfig”
    3. Inside {system congfiguration} goto “services” and disable all the application.
    4. Restart your notebook/pc until it get in to window again.
    5. If you find out everything running smoothly, just goto “start” and type in “msconfig” again.
    6. Inside {system congfiguration} goto “services” and ENABLE all application EXCEPT anti virus programe. Then restart again. <======read this again.****
    7. restart it and it work fine for me.

    (few days ago one of my friend got this problem and I did the samething for him, he is using some chinese 360 anti virus. Today my own notebook also facing same problem "after open an email in hotmail". I also used this method and it works for me)

     
  26. Damian
     

    @Mr. I Kelsall How do u figure their smart they made the thing impossible to use so guess what i don,t use it i bought another they should have me on it not off it

     
  27. Feroz Khan
     

    admin :Mr. I KelsallI recommend reading particular guides related to parasites about specific process stopping techniques. For example, Antivirus IS can be stopped by creating or using another user account (and performing full system scan from it). Also, there are various workarounds how to overcome virus blocking process explorer or task manager.

    Awsome posts like very help full an informative

     
  28. djames4019
     

    Your no different then other site promissing that this will fix your problems but you are just another out let to sell you crap insted of fixing it.

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      djames4019
      Our removal instructions (including manual) work. In some cases, there is no possible manual solution for manual removal.

       
  29. kay
     

    Help! I accidentally downloaded Windows Advanced Firewall on the computer, my parents are trying to delete all the data on the computer! I tried to show them the website but they got angry. How do I delete this malware? It doesn’t let me on the internet!

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      kay open explorer, enter %APPDATA% in file path
      You will see a file named Protector-smth.exe
      start ->run ->CMD (make sure your run it as administrator if on Vista / 7 ).
      taskkill /f /im protector-smth.ex (use the file name that is on your system). The malware windows should close.
      OR see the full guide and other options here : http://www.2-viruses.com/remove-windows-malware-firewall

       
  30. joe
     

    This message came upp but their was more than one in the list of virus and one was admin/ something and two trojans, I dont know what because I freaked, closed the alert(yes not to smart) and ran a trend-micro scan. I didn’t download any of the “antivirus” programs but am I infected by the pop-up alone, such as a dormant trojan? Please respond ASAP!

    BTW the trend-micro scan found no ttrojans nor did I find any of the programs like hotfix and tmb in my %AppData% folder.

     
  31. Ruth
     

    Since removing the virus I have no incoming sound from the Internet-how do I solve this?

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Reinstall audio drivers.

       
  32. Ruth
     

    Can I download audio drivers? The sound came back on the other day but it’s gone again……

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      Yes. Search your manufacturer’s website or use CD coming with your computer.

       
  33. doug
     

    I keep getting a windo at startup that says ” unable to access module at c:\users\doug\appdata\local\temp\wgsdgsdgddsgsd.exe” is this one of the virus files, and can I find it and delete it? Thanks

     
    1. Giedrius Majauskas (admin)
       
       
      Post author

      doug : With high certainty, the file is malicious.

       
  34. luigi442wii
     

    @leopard

    Probably because Google Chrome tracks all your internet browsing.

     
  35. Øystein Claussen
     

    Hi. I installed uTorrent and got a toolbar called uControl2 or somethinh like that. After that the linkbucks.com redirect page appeared. So I tried to format c:\ in Windows 7 install DVD and thought that everything would be nice. But after the installation was finished, the linkbucks.com popped up at once I used internet again. I have tried removal in SpyHunter (registered version), but it doesn’t fix the linkbucks.com problem, only a lot of other ones. Help!!!! What should I do?

     
  36. Ahmad TL
     

    when I setup the program ” recover my file ” this message appears and the program dosnt started ” For security purposes, this program will not run while system debuggers are active. Please remove or disable the system debugger before trying to run this program again.”
    can u help me to run the program

     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>