Solved

can't delete process in Win 7

Posted on 2010-11-29
7
451 Views
Last Modified: 2012-08-14
I picked up a few exe files while downloading; anti-virus missed them but Windows quarantined them

They show up in Task Mgr as active processes; see attached

How can I delete them? Image of Task Mgr
0
Comment
Question by:Casey83864
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Expert Comment

by:ubaiiii
ID: 34235871
you can try delete them by using 3rd party tool such as process explorer.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Open in new window


However the one you highlighted in the screenshot looks like a system process, by end this processes may harm your operating system
0
 
LVL 35

Expert Comment

by:torimar
ID: 34236038
Winlogon.exe and Csrss.exe (Client Server Runtime Process) are critical Windows system files without which Windows will not work.

The Nvvsvc.exe is the Nvidia Driver Helper Service installed together with your video file drivers. It is not critical or required, but usually certainly no virus.

0
 

Author Comment

by:Casey83864
ID: 34240052
torimar:
maybe, but when I click on the process, I can't "Open File Location" or view "Properties" . . . which I can do on all other processes
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 35

Expert Comment

by:torimar
ID: 34240367
Try this: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

It should give you an idea of where the processes are started from. If this really is malware, then the file locations should not be the \windows, \windows\system32 folders or similar, but either a temporary folder, or an application folder in the c:\users\<username>\appdata or similar.
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 34243649
Granted these are not the critical MS files as Torimar has pointed out.... (If they are, and you delete them, you now have a very large paperwight), so before proceeding with these instructions, verify the Digital Signature on them. They will be signed by MS if legit....

If you can find the files (add the Command Line column in the Task Manager to get the full path), you should be able to set DENY permissions on them so that at next boot, they will not be able to launch......

Right click the File>Properties>Security>Advanced Button>Edit Button>Uncheck "Inherit Permissions>Select "Copy" in the pop up box, >Clock OK, and in the users section at the top, remove all but your logged in user and SYSTEM. Set "Deny, Full Control" rights on the file.

Reboot, and then see if they are active. If not, go back into the file properties, and grant yourself Full control, then delete the file......

This can work to get you back in a working state, and then you can followup with your malware scans.

With that said, the key sometimes, is that if you cannot get to Explorer to perform this operation on the file, you need to kill the task. From another machine on your network,, you can use PSexec to stop the process.

DL PSExec here......
http://live.sysinternals.com/psexec.exe

From the other machine.....
start>run>cmd
<PATH TO >psexec \\infectedPCName tasklist

Then when you get the one you want to kill....

From the other machine again.....
start>run>cmd

<PATH TO >psexec \\infectedPCName taskkill /f /im randomlynamed.exe

Then you can proceed to remove the threats via explorer at the above locations.
 
0
 

Author Closing Comment

by:Casey83864
ID: 34365231
very difficult to diagnose without having the pc in front of you; so best job
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34366557
Glad youre fixed.....
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question