Manually remove viruses – Part 1

Posted on October 19, 2008. Filed under: Viruses | Tags: , , , , , , |

Now we will see how we can remove viruses manually. Because, sometimes the antivirus we installed does not seem to do its job. This is where we have do it the hard way. The first thing you have to do, is to locate the viruses running in memory. Press ctrl-alt-del to get the task-manager. Look for suspicious processes in that list, if you are familiar with the process list of your system (If you are not familiar, then all are suspicious). And then look up the suspicious processes in Google, and find out information on them. If the information(if you trust it) says that it is dangerous, then right-click on the entry and in the menu that pops up, click “End process tree”. Similarly, end all suspicious processes.

task

My Windows Task Manager

Some viruses will deny your access to the task-manager. If so, go to ‘Start > Run > cmd.exe’, and type in ‘tasklist’ and press enter. Then again, you will get the running processes’ list. Here, you will have to use the command ‘taskkill’, to kill a running process. Type in ‘taskkill /?’ for info on the command. For example, if you have Notepad running, you can kill that process by typing “taskkill /im notepad.exe”and pressing enter. Where ‘im’ means that the input is a process-image-name.

cmd

Tasklist in console

Please remember that System(PID=4), System Idle Process(PID =0), winlogon.exe, services.exe, lsass.exe, svchost.exe, smss.exe,… are legitimate Windows processes. It is advised not touch any processes under SYSTEM, NETWORK SERVICE, and LOCAL SERVICE unless you are confident and familiar with these things.

You can also get a full-permission Task Manager for temporary purposes from patheticcockroach.com. I have personally checked the program. It gives you access to task manager by double-clicking it, when ctrl-alt-del is denied by the virus.

Assuming that this stage is a complete success, we have stopped all running virus programs. And thus, hopefully, stopped the virus from making all our efforts go waste.

Advertisements
Read Full Post | Make a Comment ( 9 so far )

Liked it here?
Why not try sites on the blogroll...