How to Stop a Virus in Windows - Stopping malware and viruses
(Page 4 of 4 )
Processes are typically started in one of three ways: as a standalone process, as a system service, or as a child process for another program such as Internet Explorer. Learning to differentiate between the three can greatly aid you in trying to stop them.
Processes are perhaps the most common, so we'll start there. You can activate Windows Task Manager by pressing Ctrl + Alt + Del to stop many running processes. Task Manager will show you most of the processes running on your computer and tell you what user owns them.
This can be deceptive and it's a good idea to use a third-party process viewer instead. Combining that with the fact that Task Manager isn't very efficient at ending processes only adds to the need for an alternative.
By far the best process viewer available today is Microsoft (formerly SysInternals) Process Explorer. Amazingly enough it's also freeware!
Process Explorer will give you a detailed look at the processes running on your system. It also allows you to end them. Its detailed process view allows you to quickly identify a process as well as its parent process. This can be useful information for determining how a process starts.
As an example, let's assume a process is listed as a child process of Winlogon.exe. This is a necessary program required for Windows start up, but its child processes are always spawned from a specific place in the Registry.
From time to time you will run into a process that you cannot end. This is because the process belongs to another that is critical to system functionality. Microsoft prevents those processes from being ended.
Enter Unlocker by Cedrick Collomb. If you've ever come across a process you couldn't end or a file that you couldn't delete because of the infamous in-use message, Unlocker is the tool you've been missing.
Why does this work? It works because Unlocker does not attempt to kill the parent process. Instead, it focuses on the specific handle that is locking your file. This explanation is far beyond the scope of this article, so for now just trust me that it works.
The second method of starting a process is as a system service. These are hidden from Task Manager. However, they can be controlled by the Services snap-in for the Microsoft Management Console.
Just choose Run... from the start menu and enter services.msc to start it. You can browse the list of available processes and start and stop them from their respective properties dialog boxes. Setting a service to Manual start up will prevent it from automatically loading the next time Windows starts.
The last method of starting processes is typical of unwanted BHOs in Internet Explorer. Make sure that all Internet Explorer and Windows Explorer windows are closed and these can typically be removed by HijackThis. Occasionally you may stumble upon one that can't be, but having Unlocker installed at the time will ensure the job is done.
Now that you've learned how to stop a malware or virus, stayed tuned for the next article to learn how to make sure it doesn't start up again the next time you reboot. Until next time...
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
/ 16 
