Solved

can't delete process in Win 7

Posted on 2010-11-29
7
449 Views
Last Modified: 2012-08-14
I picked up a few exe files while downloading; anti-virus missed them but Windows quarantined them

They show up in Task Mgr as active processes; see attached

How can I delete them? Image of Task Mgr
0
Comment
Question by:Casey83864
  • 2
  • 2
  • 2
  • +1
7 Comments
 

Expert Comment

by:ubaiiii
ID: 34235871
you can try delete them by using 3rd party tool such as process explorer.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Open in new window


However the one you highlighted in the screenshot looks like a system process, by end this processes may harm your operating system
0
 
LVL 35

Expert Comment

by:torimar
ID: 34236038
Winlogon.exe and Csrss.exe (Client Server Runtime Process) are critical Windows system files without which Windows will not work.

The Nvvsvc.exe is the Nvidia Driver Helper Service installed together with your video file drivers. It is not critical or required, but usually certainly no virus.

0
 

Author Comment

by:Casey83864
ID: 34240052
torimar:
maybe, but when I click on the process, I can't "Open File Location" or view "Properties" . . . which I can do on all other processes
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 35

Expert Comment

by:torimar
ID: 34240367
Try this: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

It should give you an idea of where the processes are started from. If this really is malware, then the file locations should not be the \windows, \windows\system32 folders or similar, but either a temporary folder, or an application folder in the c:\users\<username>\appdata or similar.
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 34243649
Granted these are not the critical MS files as Torimar has pointed out.... (If they are, and you delete them, you now have a very large paperwight), so before proceeding with these instructions, verify the Digital Signature on them. They will be signed by MS if legit....

If you can find the files (add the Command Line column in the Task Manager to get the full path), you should be able to set DENY permissions on them so that at next boot, they will not be able to launch......

Right click the File>Properties>Security>Advanced Button>Edit Button>Uncheck "Inherit Permissions>Select "Copy" in the pop up box, >Clock OK, and in the users section at the top, remove all but your logged in user and SYSTEM. Set "Deny, Full Control" rights on the file.

Reboot, and then see if they are active. If not, go back into the file properties, and grant yourself Full control, then delete the file......

This can work to get you back in a working state, and then you can followup with your malware scans.

With that said, the key sometimes, is that if you cannot get to Explorer to perform this operation on the file, you need to kill the task. From another machine on your network,, you can use PSexec to stop the process.

DL PSExec here......
http://live.sysinternals.com/psexec.exe

From the other machine.....
start>run>cmd
<PATH TO >psexec \\infectedPCName tasklist

Then when you get the one you want to kill....

From the other machine again.....
start>run>cmd

<PATH TO >psexec \\infectedPCName taskkill /f /im randomlynamed.exe

Then you can proceed to remove the threats via explorer at the above locations.
 
0
 

Author Closing Comment

by:Casey83864
ID: 34365231
very difficult to diagnose without having the pc in front of you; so best job
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 34366557
Glad youre fixed.....
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
In this article we will discuss all things related to StageFright bug, the most vulnerable bug of android devices.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now