Deleting Malicious Processes

[Guest]

Hi, if you find you have malicious processes running in the backgorund (Task
Manager), how do you locate these processes on your hard drive and get rid of
them for good?

regards

 

[R. McCarty]

The Taskmgr view should indicate the name of the executable.
Use Search, Advanced options
Search System folders
Search Hidden Files and Folders
Search Subfolders
to locate the file. (common location is C:\Windows\System32)

Before ending process & deleting the file - verify that it is indeed
malicious.
http://castlecops.com/StartupList.html

Also, many of these executables will be locked, and you won't be
able to delete them while in use. However, you can open a Cmd
prompt, navigate to it's location and rename it to an non-executable
extension like Junk.jnk

 

[Ramesh, MS-MVP]

Sysinternals Freeware - Process Explorer:
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Malware removal tools:

1. Lavasoft Ad-Aware - http://www.lavasoftusa.com
2. SpyBot Search & Destroy - http://www.safer-networking.org
3. CWShredder - http://www.intermute.com/spysubtract/cwshredder_download.html

Update 1 & 2 before running a scan.

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


Hi, if you find you have malicious processes running in the backgorund (Task
Manager), how do you locate these processes on your hard drive and get rid of
them for good?

regards

 

[Rock]

Hi, if you find you have malicious processes running in the backgorund (Task
Manager), how do you locate these processes on your hard drive and get rid of
them for good?

regards

Regularly run a recent up to date anti-virus program with current
definitions, several of the online scans, and a combination of the good
freeware anti-spware programs.