Solved

can't delete process in Win 7

Posted on 2010-11-29
7
454 Views
Last Modified: 2012-08-14
I picked up a few exe files while downloading; anti-virus missed them but Windows quarantined them

They show up in Task Mgr as active processes; see attached

How can I delete them? Image of Task Mgr
0
Comment
Question by:Casey83864
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Expert Comment

by:ubaiiii
ID: 34235871
you can try delete them by using 3rd party tool such as process explorer.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Open in new window


However the one you highlighted in the screenshot looks like a system process, by end this processes may harm your operating system
0
 
LVL 35

Expert Comment

by:torimar
ID: 34236038
Winlogon.exe and Csrss.exe (Client Server Runtime Process) are critical Windows system files without which Windows will not work.

The Nvvsvc.exe is the Nvidia Driver Helper Service installed together with your video file drivers. It is not critical or required, but usually certainly no virus.

0
 

Author Comment

by:Casey83864
ID: 34240052
torimar:
maybe, but when I click on the process, I can't "Open File Location" or view "Properties" . . . which I can do on all other processes
0
WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

 
LVL 35

Expert Comment

by:torimar
ID: 34240367
Try this: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

It should give you an idea of where the processes are started from. If this really is malware, then the file locations should not be the \windows, \windows\system32 folders or similar, but either a temporary folder, or an application folder in the c:\users\<username>\appdata or similar.
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 34243649
Granted these are not the critical MS files as Torimar has pointed out.... (If they are, and you delete them, you now have a very large paperwight), so before proceeding with these instructions, verify the Digital Signature on them. They will be signed by MS if legit....

If you can find the files (add the Command Line column in the Task Manager to get the full path), you should be able to set DENY permissions on them so that at next boot, they will not be able to launch......

Right click the File>Properties>Security>Advanced Button>Edit Button>Uncheck "Inherit Permissions>Select "Copy" in the pop up box, >Clock OK, and in the users section at the top, remove all but your logged in user and SYSTEM. Set "Deny, Full Control" rights on the file.

Reboot, and then see if they are active. If not, go back into the file properties, and grant yourself Full control, then delete the file......

This can work to get you back in a working state, and then you can followup with your malware scans.

With that said, the key sometimes, is that if you cannot get to Explorer to perform this operation on the file, you need to kill the task. From another machine on your network,, you can use PSexec to stop the process.

DL PSExec here......
http://live.sysinternals.com/psexec.exe

From the other machine.....
start>run>cmd
<PATH TO >psexec \\infectedPCName tasklist

Then when you get the one you want to kill....

From the other machine again.....
start>run>cmd

<PATH TO >psexec \\infectedPCName taskkill /f /im randomlynamed.exe

Then you can proceed to remove the threats via explorer at the above locations.
 
0
 

Author Closing Comment

by:Casey83864
ID: 34365231
very difficult to diagnose without having the pc in front of you; so best job
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34366557
Glad youre fixed.....
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
#Citrix #POC #XenDesktop #vCenter #VMware #ESX
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question