Solved

can't delete process in Win 7

Posted on 2010-11-29
7
448 Views
Last Modified: 2012-08-14
I picked up a few exe files while downloading; anti-virus missed them but Windows quarantined them

They show up in Task Mgr as active processes; see attached

How can I delete them? Image of Task Mgr
0
Comment
Question by:Casey83864
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Expert Comment

by:ubaiiii
ID: 34235871
you can try delete them by using 3rd party tool such as process explorer.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Open in new window


However the one you highlighted in the screenshot looks like a system process, by end this processes may harm your operating system
0
 
LVL 35

Expert Comment

by:torimar
ID: 34236038
Winlogon.exe and Csrss.exe (Client Server Runtime Process) are critical Windows system files without which Windows will not work.

The Nvvsvc.exe is the Nvidia Driver Helper Service installed together with your video file drivers. It is not critical or required, but usually certainly no virus.

0
 

Author Comment

by:Casey83864
ID: 34240052
torimar:
maybe, but when I click on the process, I can't "Open File Location" or view "Properties" . . . which I can do on all other processes
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 35

Expert Comment

by:torimar
ID: 34240367
Try this: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

It should give you an idea of where the processes are started from. If this really is malware, then the file locations should not be the \windows, \windows\system32 folders or similar, but either a temporary folder, or an application folder in the c:\users\<username>\appdata or similar.
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 34243649
Granted these are not the critical MS files as Torimar has pointed out.... (If they are, and you delete them, you now have a very large paperwight), so before proceeding with these instructions, verify the Digital Signature on them. They will be signed by MS if legit....

If you can find the files (add the Command Line column in the Task Manager to get the full path), you should be able to set DENY permissions on them so that at next boot, they will not be able to launch......

Right click the File>Properties>Security>Advanced Button>Edit Button>Uncheck "Inherit Permissions>Select "Copy" in the pop up box, >Clock OK, and in the users section at the top, remove all but your logged in user and SYSTEM. Set "Deny, Full Control" rights on the file.

Reboot, and then see if they are active. If not, go back into the file properties, and grant yourself Full control, then delete the file......

This can work to get you back in a working state, and then you can followup with your malware scans.

With that said, the key sometimes, is that if you cannot get to Explorer to perform this operation on the file, you need to kill the task. From another machine on your network,, you can use PSexec to stop the process.

DL PSExec here......
http://live.sysinternals.com/psexec.exe

From the other machine.....
start>run>cmd
<PATH TO >psexec \\infectedPCName tasklist

Then when you get the one you want to kill....

From the other machine again.....
start>run>cmd

<PATH TO >psexec \\infectedPCName taskkill /f /im randomlynamed.exe

Then you can proceed to remove the threats via explorer at the above locations.
 
0
 

Author Closing Comment

by:Casey83864
ID: 34365231
very difficult to diagnose without having the pc in front of you; so best job
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34366557
Glad youre fixed.....
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Hello I read in a discussion about a person who configured a very simple mirror RAID with two hard drives; the system and data were on the same partition. He asked how to repair the system as it was not booting up anymore. In his case running …
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now