How to kill malicious processes

 

Typically, antivirus and antimalware applications ( like spyhunter ) kill malicious processes automatically once detected. That is a preferred way, as these tools know how to precisely recognize bad processes. However, under certain circumstances processes need killing before running a scan:

  1. You want to delete malware manually;
  2. Malware processes block removers from execution or updating their database;
  3. You can not download anti-malware tools;
  4. Malware tools do not have a particular version of parasite in database yet and can not detect it.

It is important to know, that this important first step will stop symptoms for this reboot only, you will need to proceed with removal steps for completely cleaning the PC.

In case you fail to launch spyhunter or any other program, first try rightclicking on them and running as administrator (on windows 7 or Vista).

Using safe mode

Most of malicious processes are inactive when PC operates in safe mode with networking. To reach safe mode with networking, do the following:

  1. Reboot;
  2. Press F8 early on (you can press F8 couple times);
  3. Choose Safe mode with networking (preferably) or safe mode from menu;
  4. On success you should not see any alerts that bother you under normal mode, continue to next steps of malware removal.

This will not work if a malicious process is launched using drivers, master boot record or (in safe mode with networking) launched together with a browser. Also, Safe mode might be disabled.

Killing processes using task manager

The benefit of using task manager is that you do not need to download anything. Task manager is present in all windows computers, though it might be disabled and provides little control

    1. Open task manager by either pressing ctrl+shift+esc or pressing ctrl+alt+del and choosing from menu. For the best results, try doing so just after windows login, while other processes are still loading.
    2. If it fails, go to Start->Run and type taskmgr.
    3. If this fails, go to C:\Windows\System32, copy taskmgr and rename it to 1.scr , 1.com or other random name. Launch that file. You can try right-clicking on it and choosing Run as administrator on Windows Vista or Windows 7.
    4. Choose process TAB, choose to see processes of all users (optional).
    5. Choose malicious process from the list, right click on it.
    6. Press End process.
    7. On successful stop of malicious processes alerts should disappear and you can continue to next steps of malware removal.

taskmanager

Sometimes task manager is disabled by malware. A workaround would be to go to C:\Windows\System32, Make a copy of taskmgr.exe and rename it to 1.exe or iexplore.exe . Launch the file.
If you get a message about task manager disabled by group policy, read this guide on reenabling task manager.

Killing processes using process explorer

Process explorer provides more information on how the processes were launched. Also it is not blocked together with Task Manager. If it is blocked from execution, try saving it as 1.scr, 1.com or iexplore.exe before execution.

  1. Download Process explorer from here : http://download.sysinternals.com/Files/ProcessExplorer.zip and unzip.
  2. Launch process explorer (procexp.exe ).
  3. Select malicious process and press DEL.
  4. On successful stop of malicious processes alerts should disappear and you can continue to next steps of malware removal.

processexplorer

Killing malicious processes using taskkill

Taskkill is an command line tool available on windows machines. This tool will work when malware process name is known and task manager is disabled.

  1. To use task kill, launch it by going to Start->run.
  2. Then entering taskkill /f /im [malwareprocessname].
  3. Press enter.

This approach works very well against rogues using the same process names and some Trojans.

Using automated free malware process killers build in anti-malware programs

Some Anti-malware program installers like SpyHunter and Stopzilla automatically kill all suspected processes during install. This is an aggressive approach, not so different from rkills. However, it works really well against some of the rogues that block execution and install.

Killing malicious processes using RKILL

Rkill is a useful utility by owner of bleepingcomputer.com . It kills all processes that are executed from user folder (where many of the malware resides) and couple other locations. It will not stop all malicious processes or remove malware though. It can be downloaded from http://download.bleepingcomputer.com/grinler/rkill.com.

  1. Download rkill.
  2. Run Rkill, open the saved log and see what processes were stopped.
  3. On a successful stop of malicious processes alerts should disappear and you can continue to next steps of malware removal.

The downside of this approach is that it might leave processes from windows system locations or program files running even if it is malicious.

WHAT NEXT?

 


Successful stopping of the processes will result in disappearance of alerts, advertisements and some of other symptoms of malware for this reboot only. After you reboot, the system reverts to state prior killing the process, so do not reboot till cleaning your PC completely or till explicitly required in other guides.

If you have failed to install and run Anti-Malware tools before the killing of processes or they crashed, now is the perfect time to try this again. They might detect processes you missed too. Do not forget to update them though! spyhunter might help identify files, dlls and registry entries that you have to remove or modify in next steps. The infections are not gone, they are just disabled for this boot. If you can not connect to websites, proceed to this guide on fixing redirections and internet connection problems, just do not reboot in process.

The next logical step is to unregister malicious DLLs and fix the system startup. This needs to be done before deleting the infected files as that might cripple some system functions taken over by malicious parasites.

NOTE

We recommend commenting and asking questions under a particular parasite that troubles you. These instructions are generic, there might be specific tips for a particular form of malware.

by