End Process question

[Guest]

Like so many others, I have hung processes. killaps and tskill both won't do
it. It is a set of two programs that network with each other, pd.exe and
wish84.exe, of the Pure Data program of Miller Puckette. Alas, they open
anew each time and stay on the process list when closed. I can end the pd
process, but I currently have about 2 dozen wish84.exe processes with
different PIDs. They take up 200K each. They are not using CPU power, but
my system is extremely slow.

tskill doesn't give any error, it just brings up the next command line and
wish84.exe remains in place. Any ideas?

 

[Andrew Frantsuzov]

Locate where these applications are running from:

For this you can do a search.

Option 1:
Go to Administrative Tools, Open the Local Security policy, Open Up
Software Restriction Policy. Make a new path rule and then deny execution
from the path in which these applications are running.

If these applications are running in MIXED directory with needed
applications such as system32/

Option 2:

Determine the priviledges that the application is running on. in taskmgr.exe
are they started by YOU or local system? If they are started by local
system, they are probably services. Go to services.msc and de-elevate their
priviledges to run on a low-guest account.

At that point you can deny access to those application for that account by
setting the SECURITY for these EXE's. (We want to DENY the execution right)

Now kill them they dont have the right to start another process; IF THEY RUN
IN YOUR NAME.. that is they impersonate you they can set permisions back so
de-elevating them to an account below your own is crucial here.

Finally if they are not a service; you have to login onto an account that is
a "USer" buil-in group group. Then run taskmng.exe with elevated rights, by
using the RunAs command; login into you Administrator account, disable the
EXECUTE ACL (security flag) for these applications, and then kill them one
by one.

When they are not executing make sure to remove them and delete them so they
don't start again.

to do this:
1.) Delete the files from the HD
2.) open up msconfig and remove the Startup/Services from which they were
running.


HTH,

 

[Andrew Frantsuzov]

There is also an tool application called PView.exe (Process Explode) which
allows to remove ACLs from proccesses hence removing their rights on the
Windows OS.

If you play around with it you can just de-elevate their rights and kill
them off one by one.