• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 458
  • Last Modified:

can't delete process in Win 7

I picked up a few exe files while downloading; anti-virus missed them but Windows quarantined them

They show up in Task Mgr as active processes; see attached

How can I delete them? Image of Task Mgr
0
Casey83864
Asked:
Casey83864
  • 2
  • 2
  • 2
  • +1
1 Solution
 
ubaiiiiCommented:
you can try delete them by using 3rd party tool such as process explorer.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Open in new window


However the one you highlighted in the screenshot looks like a system process, by end this processes may harm your operating system
0
 
torimarCommented:
Winlogon.exe and Csrss.exe (Client Server Runtime Process) are critical Windows system files without which Windows will not work.

The Nvvsvc.exe is the Nvidia Driver Helper Service installed together with your video file drivers. It is not critical or required, but usually certainly no virus.

0
 
Casey83864Author Commented:
torimar:
maybe, but when I click on the process, I can't "Open File Location" or view "Properties" . . . which I can do on all other processes
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
torimarCommented:
Try this: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

It should give you an idea of where the processes are started from. If this really is malware, then the file locations should not be the \windows, \windows\system32 folders or similar, but either a temporary folder, or an application folder in the c:\users\<username>\appdata or similar.
0
 
johnb6767Commented:
Granted these are not the critical MS files as Torimar has pointed out.... (If they are, and you delete them, you now have a very large paperwight), so before proceeding with these instructions, verify the Digital Signature on them. They will be signed by MS if legit....

If you can find the files (add the Command Line column in the Task Manager to get the full path), you should be able to set DENY permissions on them so that at next boot, they will not be able to launch......

Right click the File>Properties>Security>Advanced Button>Edit Button>Uncheck "Inherit Permissions>Select "Copy" in the pop up box, >Clock OK, and in the users section at the top, remove all but your logged in user and SYSTEM. Set "Deny, Full Control" rights on the file.

Reboot, and then see if they are active. If not, go back into the file properties, and grant yourself Full control, then delete the file......

This can work to get you back in a working state, and then you can followup with your malware scans.

With that said, the key sometimes, is that if you cannot get to Explorer to perform this operation on the file, you need to kill the task. From another machine on your network,, you can use PSexec to stop the process.

DL PSExec here......
http://live.sysinternals.com/psexec.exe

From the other machine.....
start>run>cmd
<PATH TO >psexec \\infectedPCName tasklist

Then when you get the one you want to kill....

From the other machine again.....
start>run>cmd

<PATH TO >psexec \\infectedPCName taskkill /f /im randomlynamed.exe

Then you can proceed to remove the threats via explorer at the above locations.
 
0
 
Casey83864Author Commented:
very difficult to diagnose without having the pc in front of you; so best job
0
 
johnb6767Commented:
Glad youre fixed.....
0

Featured Post

Take Control of Web Hosting For Your Clients

As a web developer or IT admin, successfully managing multiple client accounts can be challenging. In this webinar we will look at the tools provided by Media Temple and Plesk to make managing your clients’ hosting easier.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now