Killing malicious processes and removing harmful files
Processes
Each program is a collection of files. To start the program you must launch an executable file that runs the entire program or some of its components.
When you launch an executable, part of its code is being loaded into computer’s memory. This code is the process. It allows the system to run the corresponding program. In other words, every running program is represented by its main process or task. If such process doesn’t exist, the application doesn’t run at the moment.
Parasites are programs and also have processes. However, unlike regular software, their processes run without user knowledge. You cannot terminate a parasite like a common application by simply closing its window. That’s why you have to learn how to kill malicious processes.
Files
Each program consists of files. Even spyware, a virus or a different parasite - all have their own files. Removing a parasite often means deleting all its files. However, some files cannot be easily erased. You cannot delete the file while it’s used by an active application. Furthermore, some files are "invisible".
Imagine the situation: your anti-spyware program keeps detecting a parasite, and you know where its files reside. You open the corresponding folder, but see nothing in there! The parasite continues performing malicious actions and its files remain in that "empty" directory. You wonder how this happens?
Files can really be "invisible". However, it’s not their exceptional feature - the operating system simply hides them from you. Such OS behavior can be a result of recent malware activity. Fortunately, there are several ways to make your system display such files, and thus allow you to delete them.
In this guide manual process termination methods are described. These methods can be applied to all modern Windows operating system versions. The following instructions also explain how to find a file, make it visible (in case it’s hidden) and completely remove it from the system. This information is also fully applicable to folders (directories).
I. FIND THE PROCESS AND TRY TERMINATING IT
1. Start Windows Task Manager
Use the following key combination: press CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open the Windows Task Manager.
Alternatively, you can use another method. Press the Start button and click on the Run… option. This will start the Run tool. Type in taskmgr and press OK. This will start the Windows Task Manager.
Image 1. Start the Task Manager
2. Find and terminate the process
Within the Windows Task Manager select the Processes tab (it is shown in the red box). This will display the full list of all active tasks. Then find the required process by name. Names are listed in the first column from the left. To sort task in alphabetical order click on the Image Name column heading (it is designated by the blue box). Find the required process. Select it with your mouse or keyboard and click on the End Process button (in the green box). This will kill the process.
Image 2. Terminate the process
II. LOCATE THE MALICIOUS FILES AND TRY DELETING IT
Let us suppose that you know the file name or at least a part of it. In such case run Windows default search tool: Start > Search > For Files and Folders. Type the full name of the file or its part into the search field. Define search location. In order to obtain better results select "Look in: Local Hard Drives" or "Look in: My Computer" and start searching. The file should appear in the right pane.
Image 3. Search for the file
If you don’t know how to spell a filename, but you suppose, where it can possibly be, then try to find this file manually. Most of the time, parasites try to hide their tracks, so you must enable the displaying of hidden and system protected files. To do so, open Windows Explorer. Click on the Tools menu and select Folder Options (see the image below) from the list.
Image 4. Make hidden files visible
Select the View tab. In the Advanced Settings list find the option Show hidden files and folders (it is designated by the red box on the image below) and select it. Then remove a checkmark next to the line Hide protected operating system files (Recommended) (in the blue box).
Image 5. Change view settings
It is possible that some files may still be invisible. To make them visible, launch the Command Prompt. Press the Start button and then select Run. This will open the Run dialog. Type in cmd and press enter or click on the OK button. This will open Command prompt window.
Image 6. Open the Command Prompt
Then type in dir /A name_of_the_folder to the window. This will list all the files that reside in that folder, including hidden ones.
Image 7. View folder content
Delete the file using the Windows Explorer or any other program that you use to browse the file system. You must empty the Recycle Bin too. In some cases an error message may appear saying that certain file is in use and cannot be removed. In such case, terminate the associated process and then delete the file. To do this, open the Windows Task Manager (press CTRL+ALT+DEL or CTRL+SHIFT+ESCAPE). Select the corresponding process in the Processes and click on the End Process button.
However, some processes will be loaded immediately after you terminate them. In such case reboot your computer and run system in Windows Safe Mode. In Safe mode many system services are disabled and programs do not run automatically on startup.
It is possible to delete any malicious file from the Command Prompt. To do this, open the Command Prompt and navigate to the folder, where the harmful file is. Use the following command: cd name_of_the_folder. Then type this command: del name_of_the_file. The entire folder can be deleted using this command: rmdir /S name_of_the_folder.
Image 8. Delete the folder from the Command Prompt
III. USING POCKET KILLBOX FOR REMOVAL OF DIFFICULT MALWARE
Sometimes harmful files cannot be deleted normally or even in Safe Mode. This is because some parasites use rootkits and special methods in order to lock their files and prevent them from being deleted. Usually, such files run processes that cannot be terminated by the Task Manager. In such cases specially designed third-party tools should be used. One of them is Pocket KillBox, a tiny, but priceless utility designed for terminating harmful processes, deleting malicious files and folders containing malware.
If the above steps did not help you to delete a parasite file or kill its process, please do the following.
1. Download Pocket KillBox
This tool is absolutely free. You can get it either from the official web site, or from one of the trusted distributor sites such as Bleeping Computer.
There is no need to install the tool. Pocket KillBox comes as a single executable file. Just unpack (if you downloaded Pocket KillBox as an archive) and run the downloaded file. This will launch the utility.
2. Delete the file
Type in the full path of file you want to delete as shown on Image 9. Make sure that the Standard File Kill option is selected (it is designated by the blue box). Then click on the Delete file button (it is designated by the green box).
Image 9. Delete the file with KillBox
As parasites becoming more complex and sophisticated, there is always a possibility that even Pocket KillBox or similar powerful tool may fail removing certain files. In such case it is highly recommended to repeat the removal procedure in Windows Safe Mode.
Each program is a collection of files. To start the program you must launch an executable file that runs the entire program or some of its components.
When you launch an executable, part of its code is being loaded into computer’s memory. This code is the process. It allows the system to run the corresponding program. In other words, every running program is represented by its main process or task. If such process doesn’t exist, the application doesn’t run at the moment.
Parasites are programs and also have processes. However, unlike regular software, their processes run without user knowledge. You cannot terminate a parasite like a common application by simply closing its window. That’s why you have to learn how to kill malicious processes.
Files
Each program consists of files. Even spyware, a virus or a different parasite - all have their own files. Removing a parasite often means deleting all its files. However, some files cannot be easily erased. You cannot delete the file while it’s used by an active application. Furthermore, some files are "invisible".
Imagine the situation: your anti-spyware program keeps detecting a parasite, and you know where its files reside. You open the corresponding folder, but see nothing in there! The parasite continues performing malicious actions and its files remain in that "empty" directory. You wonder how this happens?
Files can really be "invisible". However, it’s not their exceptional feature - the operating system simply hides them from you. Such OS behavior can be a result of recent malware activity. Fortunately, there are several ways to make your system display such files, and thus allow you to delete them.
In this guide manual process termination methods are described. These methods can be applied to all modern Windows operating system versions. The following instructions also explain how to find a file, make it visible (in case it’s hidden) and completely remove it from the system. This information is also fully applicable to folders (directories).
I. FIND THE PROCESS AND TRY TERMINATING IT
1. Start Windows Task Manager
Use the following key combination: press CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open the Windows Task Manager.
Alternatively, you can use another method. Press the Start button and click on the Run… option. This will start the Run tool. Type in taskmgr and press OK. This will start the Windows Task Manager.
Image 1. Start the Task Manager
2. Find and terminate the process
Within the Windows Task Manager select the Processes tab (it is shown in the red box). This will display the full list of all active tasks. Then find the required process by name. Names are listed in the first column from the left. To sort task in alphabetical order click on the Image Name column heading (it is designated by the blue box). Find the required process. Select it with your mouse or keyboard and click on the End Process button (in the green box). This will kill the process.
Image 2. Terminate the process
II. LOCATE THE MALICIOUS FILES AND TRY DELETING IT
Let us suppose that you know the file name or at least a part of it. In such case run Windows default search tool: Start > Search > For Files and Folders. Type the full name of the file or its part into the search field. Define search location. In order to obtain better results select "Look in: Local Hard Drives" or "Look in: My Computer" and start searching. The file should appear in the right pane.
Image 3. Search for the file
If you don’t know how to spell a filename, but you suppose, where it can possibly be, then try to find this file manually. Most of the time, parasites try to hide their tracks, so you must enable the displaying of hidden and system protected files. To do so, open Windows Explorer. Click on the Tools menu and select Folder Options (see the image below) from the list.
Image 4. Make hidden files visible
Select the View tab. In the Advanced Settings list find the option Show hidden files and folders (it is designated by the red box on the image below) and select it. Then remove a checkmark next to the line Hide protected operating system files (Recommended) (in the blue box).
Image 5. Change view settings
It is possible that some files may still be invisible. To make them visible, launch the Command Prompt. Press the Start button and then select Run. This will open the Run dialog. Type in cmd and press enter or click on the OK button. This will open Command prompt window.
Image 6. Open the Command Prompt
Then type in dir /A name_of_the_folder to the window. This will list all the files that reside in that folder, including hidden ones.
Image 7. View folder content
Delete the file using the Windows Explorer or any other program that you use to browse the file system. You must empty the Recycle Bin too. In some cases an error message may appear saying that certain file is in use and cannot be removed. In such case, terminate the associated process and then delete the file. To do this, open the Windows Task Manager (press CTRL+ALT+DEL or CTRL+SHIFT+ESCAPE). Select the corresponding process in the Processes and click on the End Process button.
However, some processes will be loaded immediately after you terminate them. In such case reboot your computer and run system in Windows Safe Mode. In Safe mode many system services are disabled and programs do not run automatically on startup.
It is possible to delete any malicious file from the Command Prompt. To do this, open the Command Prompt and navigate to the folder, where the harmful file is. Use the following command: cd name_of_the_folder. Then type this command: del name_of_the_file. The entire folder can be deleted using this command: rmdir /S name_of_the_folder.
Image 8. Delete the folder from the Command Prompt
III. USING POCKET KILLBOX FOR REMOVAL OF DIFFICULT MALWARE
Sometimes harmful files cannot be deleted normally or even in Safe Mode. This is because some parasites use rootkits and special methods in order to lock their files and prevent them from being deleted. Usually, such files run processes that cannot be terminated by the Task Manager. In such cases specially designed third-party tools should be used. One of them is Pocket KillBox, a tiny, but priceless utility designed for terminating harmful processes, deleting malicious files and folders containing malware.
If the above steps did not help you to delete a parasite file or kill its process, please do the following.
1. Download Pocket KillBox
This tool is absolutely free. You can get it either from the official web site, or from one of the trusted distributor sites such as Bleeping Computer.
There is no need to install the tool. Pocket KillBox comes as a single executable file. Just unpack (if you downloaded Pocket KillBox as an archive) and run the downloaded file. This will launch the utility.
2. Delete the file
Type in the full path of file you want to delete as shown on Image 9. Make sure that the Standard File Kill option is selected (it is designated by the blue box). Then click on the Delete file button (it is designated by the green box).
Image 9. Delete the file with KillBox
As parasites becoming more complex and sophisticated, there is always a possibility that even Pocket KillBox or similar powerful tool may fail removing certain files. In such case it is highly recommended to repeat the removal procedure in Windows Safe Mode.
If the file cannot be deleted in Safe Mode too, repeat the removal once again, but this time select the Delete on Reboot option instead of Standard File Kill. Then restart your computer. Pocket KillBox will attempt to delete the file on next system startup.
Login
Spyware news
Compare Removers
