How to Kill Spyware Processes

What are processes?


Every program has its own executable code (for example, the .exe file). A process (or task) is a program that is being executed. When you start a program, the executable code will load into the computer’s memory. This code is the process. If a process is closed or terminated, the resources used by that program will not run. To see all the processes running on your computer, you can use the Windows Task Manager, a built-in Windows utility.

The Windows Task Manager allows you to terminate almost all processes, however, there are some programs that have invisible processes running in the background and can remain on your computer without you knowing its exact location.

Why is it important to remove malicious processes?


Even though some processes are legitimate, there are other processes that come from malicious applications such as spyware, adware, trojans, malware, worms, and rootkits. It’s reported that malicious applications may run on your computer without your knowledge or consent. These malicious applications can infect your computer and compromise your privacy, security and computer performance. That’s why it is important to learn how to kill malicious processes.

The first step is to evaluate every process running on your computer to determine whether any of them is a piece of spyware. The obvious choice is to look for a process that is either out of place, does not belong to a program you remember installing or is behaving odly. In the case of an extreme malware infection, you may not be able to kill the offending program with the Task Manager and instead might get an “Access denied” error. In a case like this, an anti-spyware program might be the best approach to solve your computer’s security problem.

The instructions on how to get started depends on what Windows version you have. Learn how to remove kill spyware process from your computer.

Kill Spyware Processes Manually


Warning: Stopping system processes is a difficult and risky. If you delete the wrong file, your computer may crash and important data may be lost. As a precautionary measure, please back up important files and set a System Restore point (click Start > All Programs > Accessories > System Tools > System Restore, and follow the on-screen instructions) or run a spyware check with a trusted anti-spyware program to automatically detect spyware.

You can kill spyware proccesses in two ways:

Method A: Using the Windows Task Manager. (Recommended)

Method B: Using PsKill through the Command Prompt window.

Method A: Using Windows Task Manager to Kill a Process


Follow the steps below to manually kill a process with the Windows Task Manager:
  1. Start Windows Task Manager
    To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC. You can also press the “Start” button, select the “Run” option, type “taskmgr” in the blank field and then press the “OK” button.

    Run Task Manager
  2. Find and Kill Spyware Processes
    In the Windows Task Manager, select the “Processes” section to see all active tasks. Find the proccess by name. To make it easier, select the “Image Name” button to list tasks by name.

    Use the list of process files associated with the spyware you know or suspect your computer has been infected with. You can find a list of processes by going to our malware program list and selecting the parasite you’re interested in. If there’s a process that you don’t recognize, copy the process and search on google.

    Select the process you want to kill and click on the “End Process” button to kill it.

    Windows Task Manager

Method B: Using PsKill through the Command Prompt Window to Kill a Process


In some cases, a parasite may disable your Windows Task Manager so instead you can use “pslist” and “pskill” (a third party application by Mark Russinovich) to list and kill the unwanted proccesses.

Follow the steps below to manually search and kill the spyware processes with PsKill:
  1. Open the Command Prompt window
    Press the “Start” button on your Taskbar and select the “Run” option. Type “cmd” in the field and then press the “OK” button.

    Run Cmd
  2. Search the unwanted process
    When the Command Prompt window is opened, type the command “pslist” and press “Enter” to search processes from the list of running programs.

    Search the process
  3. Kill the unwanted process
    Once you know the name of the process you want to kill, type the command “pskill [PROCESS_NAME]“ and press “Enter” to terminate the unwanted process. For example, if you wanted to kill SpyLocked (a rogue anti-spyware program), you would type pskill spy-locked.exe.

    Terminate the process
  4. If the process was terminated successfully, a confirmation message will be displayed.
Posted: June 5, 2006 | By
Share:
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (12 votes, average: 3.25 out of 5)
Loading ... Loading ...
Home Tutorials How to Kill Spyware Processes

230 Comments

  • steve eniss says:

    Fantastic blog article.Really thank you! Awesome.

  • social says:

    Really enjoyed this blog article.Thanks Again. Cool.

  • Adolph Virrueta says:

    Very helpful reply, now it’s perfect Thank you!

  • Jeana Haerr says:

    I have to say that for the past couple of hours i have been hooked by the amazing posts on this blog. Keep up the great work.

  • equity says:

    really beneficial stuff, all round I picture this is worthy of a book mark, thanks a lot

  • KEVIN says:

    A cool blog post right there mate . Cheers for it !

  • reliance says:

    This website has some very useful stuff on it! Thank you for informing me.

  • bangalore says:

    Hey there, I just hopped over to your webpage through StumbleUpon. Not somthing I would typically read, but I liked your thoughts none the less. Thank you for creating something worthy of reading.

  • brenden says:

    Jesus Christ. finally found something that works to kill this mess. attempting to get rid of them or installing a plugin maybe for easier ways?

  • howard says:

    Thank you so much. It worked 100% You are perfect (Y)

  • pawowgold says:

    very good, it’s very useful to me, thank you very much!

  • NICHOLAS says:

    Heya, I just hopped over to your website via StumbleUpon. Not somthing I would usually read, but I enjoyed your views none the less. Thanks for making some thing worth reading through.

  • gary says:

    This really solved my problem, thank you!

  • RUSSELL says:

    When are you going to post again? You really entertain a lot of people!

  • fly me to the moon says:

    This website has lots of extremely useful information on it! Cheers for informing me.

  • go says:

    A cool post right there mate ! Thanks for posting .

  • Carol says:

    How to you get rid of a virus when it takes over your computer and will not let you type any thing without closing your page, browser, command, or website? – Window Xp

  • chris says:

    Am I the only one too lazy to try and remove this stuff? I usually end up just reformatting because I don\’t trust that I won\’t miss a part somewhere.

  • Alexander says:

    Really useful appreciate it. Help allowed me to remove two programs that load at Windows startup. Before killing their processes it would give errors trying to delete. thanks spywareremove guys!

  • mahesh says:

    This is detailed instructions with images,but is there any other way to do this on an older windows xp? I am having trouble.

  • Johnny Miles says:

    Oh my heck, I should have never purchased mcafee … what an absolute waste of my time and money. Mcafee could not find spyware let alone end any of the running processes. Tried many times with it while all along I could have done it manually. Thanks you all at spywareremove for the assistance. I will be considering your malware scanner for purchase.

  • Michael Smith says:

    Really useful appreciate it, thanks for helping me with my PC problems. I can now boot up my Windows XP machine without all of the pop-ups.

  • Georgia says:

    When I type in “pslist” into the method B one, it comes up saying that it isn’t a command.

  • Willis says:

    Hi I was playing World of Warcraft and had a problem so i googled it and I clicked a site…..dont know what it was called, but it told me i had a virus but it wasnt my security system so i closed it but it kept popping up and it auto downloaded or something and it keeps telling me everything i open is infected with a virus and i cant do anything, im using my bros laptop cuz mines infected and i dont know how to fix it D:

  • ghostrider01 says:

    Eric,

    The task manager and your ability to surf certain sites were disabled due to the parasite infection. You may try the following in attempt to restore the ability to install security tools and remove the parasite:

    1. Switching to another web browser.
    2. Check for hosts file hijacking.
    3. Disable DNS caching.

    Alternatively, you can view our section that explains how malware blocks installation of anti-spyware software or blocks access to the web here: http://www.spywareremove.com/security/malware-blocks-spyhunter-or-access-to-web/

  • Eric says:

    Hello, I woke up this morning and this thing was running on my computer, I tried using Command Prompt and it said “Command Prompt.exe is infected, would you like to start a search now”, and I tried the Task Manager, said “Task Manager.exe is infected, would you like to start a search now.”. So, what do I do? It blocks the internet saying such sites as Google and MSN aren’t ‘Safe’ to go on, and so it prompts me to buy their product to ‘ensure’ my safety. Anything I try to open to get rid of this will be ‘infected’, and closes it for me.

  • ghostrider01 says:

    Asya,

    Unfortunately the version of Security Shield that you have is preventing you from running Windows tools. You must manually find the file that is doing this before you are able to install security software to completely remove Security Shield.

    I have listed a few steps you may take before attempting to remove Security Shield:

    1. Restart your System Into Safe Mode
    2. Switch to an Alternate Web Browser to Download Security Software
    3. Check for Hosts File Hijacking
    4. Disable DNS Caching

    If you are unfamiliar with any of those steps, please visit our report that explains what to do in the event that Malware Blocks Anti-Spyware Software or your access to the Web at http://www.spywareremove.com/security/malware-blocks-spyhunter-or-access-to-web/. Here you will find out how to perform many different alternate methods to disable malware and repair your PC as well.

  • Asya says:

    hi, I am trying to get rid of security sheild. when I start my task manager- it quickly exits out. and when I try to run cmd- it brings up a “fake” virus. Seeing that those are the only two solutions, how do I go about removing the process or virus? please PLEASE help

  • Jacky says:

    me too !!!!!!!!!!!!!!!!!!!!!!!
    that what happned to me
    =(

  • infected computer says:

    hello, i believe my computer has been infected with system tool. This virus is not allowing me to use task mgr, command prompt, notepad , etc. Basically the things i need to proceed in the steps given on all of the above to remove it. If anybody has any suggestions please leave a comment. I NEED HELP QUICK ,thank you !

  • Richard says:

    Thanks for your help, but the Antiviruis Scan won’t let me use the Task Manager or the Comand prompt, therefore I have not been able to remove the virus etc.
    Could you please help me?
    Richard

  • Brandon says:

    I am experiencing everything that mia is, i try 2 open my command using the run on the start menu, everything i try 2 do the System Tool will say that it cannot be executed and because the file is infected. It will not let me use any of the software mentioned.

  • Mia says:

    I have McAfee but the System Tool 2011 won’t let me use it…

  • Mia says:

    Ok System Tool 2011 won’t let me open The task manger of either ways you explained above…It says “Application cannot be executed. The file taskmgr.exe is infected. Please activate your antivirus software. I need help badly because I have tryed mostly everything. It doesn’t let me download any other Anti-Virus softwares…So all I can really do is use the internet and stuff..HELP!!

  • Anindya says:

    HI, FOR THOSE OF YOU HAVING PROBLEMS WITH “wscntfy.exe” OR “wuauclt.exe” VIRUSES, THIS IS THE COMPLETE SOLUTION (I SUCCESSFULLY USE IT IN MY PC RUNNING XP SERVICE PACK 2):

    1. OPEN ANY FOLDER AND GOTO FOLDER OPTIONS MENU AND UNCHECK “Hide extensions for known file types”

    2. CREATE A FILE WWR.bat IN ANY FOLDER

    3. RIGHT-CLICK ON THE FILE>OPEN WITH AND SELECT NOTEPAD.

    4. ENTER THE FOLLOWING CODE:

    echo off
    cls

    attrib %windir%\prefetch\wuauclt.exe-??????????.pf -a -s -h -r
    :01
    del %windir%\prefetch\wuauclt.exe-??????????.pf
    if exist %windir%\prefetch\wuauclt.exe-??????????.pf goto 01

    attrib %windir%\system32\wuauclt.exe -a -h -r -s
    :02
    taskkill /f /im wuauclt.exe
    del %windir%\system32\wuauclt.exe
    if exist %windir%\system32\wuauclt.exe goto 02

    attrib %windir%\prefetch\wscntfy.exe-??????????.pf -a -s -h -r
    :03
    del %windir%\prefetch\wscntfy.exe-??????????.pf
    if exist %windir%\prefetch\wscntfy.exe-??????????.pf goto 03

    attrib %windir%\system32\wscntfy.exe -a -h -r -s
    :04
    taskkill /f /im wscntfy.exe
    del %windir%\system32\wscntfy.exe
    if exist %windir%\system32\wscntfy.exe goto 04

    cls
    echo :ALL CLEANED………….!!!!!!!!!
    ECHO :
    echo :WSCNTFY and WUAUCLT AUTO-REMOVER — [BY ANINDYA]
    ECHO :
    pause

    5. SAVE AND RUN THE FILE

    6. THE VIRUS SHOULD BE REMOVED

    7. TO PREVENT IT FROM REAPPEARING COPY THE FILE WWR.bat TO THE STARTUP FOLDER (START MENU>ALL PROGRAMS>STARTUP)

    IMPORTANT NOTE:: IN STEP 4, REMOVE ALL INSTANCES OF DOUBLE FORWARD SLASHES. THEY ARE NORMAL PATH NAMES AND SHOULD BE SET AS PER NORMAL RULES…..THANK YOU. I WILL BE GRATEFUL TO RECIEVE ANY COMPLAINTS/ABNORMALITIES ABOUT THE CODE/RESULT

  • Anindya says:

    HI THIS IS ANINDYA AGAIN, LAST TIME MY REPLY WAS NOT POSTED AS IT WAS TYPED (DUE TO ) AND IT TURNED OUT TO BE QUITE AMBIGIOUS, SO FOLLOW THESE NEW STEPS IF YOUR RUN COMMAND AND TASK MANAGER ARE NOT WORKING, AND YOU WANT TO KILL A PROCESS:

    1. CREATE A FILE PCALL.bat IN ANY FOLDER

    2. RIGHT-CLICK ON THE FILE>OPEN WITH AND SELECT NOTEPAD.

    3. ENTER THE FOLLOWING CODE:

    ECHO OFF
    CLS
    :01
    psrm exampleprocess.exampleextension
    GOTO 01

    4. SAVE THE FILE (REPLACE THE EXAMPLES WITH THE REAL VALUES)

    5. CREATE ANOTHER FILE \”psrm.bat\” IN THE WINDOWS\\SYSTEM32 FOLDER

    6. RIGHT-CLICK ON THE FILE>OPEN WITH AND SELECT NOTEPAD.

    7. ENTER THE FOLLOWING CODE:

    echo off
    cls

    attrib %windir%\\prefetch\\%1.exe-??????????.pf -a -s -h -r
    :01
    del %windir%\\prefetch\\%1.exe-??????????.pf
    if exist %windir%\\prefetch\\%1.exe-??????????.pf goto 01

    attrib %windir%\\system32\\%1.exe -a -h -r -s
    :02
    taskkill /f /im %1.exe
    del %windir%\\system32\\%1.exe
    if exist %windir%\\system32\\%1.exe goto 02

    attrib %windir%\\system\\%1.exe -a -h -r -s
    :04
    taskkill /f /im %1.exe
    del %windir%\\system\\%1.exe
    if exist %windir%\\system\\%1.exe goto 04

    cls
    echo :ALL CLEANED………….!!!!!!!!!
    ECHO :
    echo :%1 AUTO-REMOVER — [BY ANI-THE-GR8-FUCKER]
    ECHO :
    pause

    8. SAVE THE FILE

    9. NOW RUN THE FILE PCALL.BAT

    HOPE IT WORKED —- IT WORKS IN MY PC. I USE XPSP2

  • tom says:

    i found this hope it helps all http://www.youtube.com/watch?v=PpCdA9x2ATM

  • tom says:

    Please, please someone help i have the same problem all above have. help find a solution!

  • ryan says:

    so i have windows vista and i am unable to do ne of the process listed above..my task manager is being blocked by the malware and my cmd doesnt recognize pslist or pskill. and i tried the registry editor and got no where..what can i do? (i have antispysafeguard)

  • Frank Siino says:

    I ran chkdsk on my computer and ended up with a virus. An ms window scaned my system and said I had the Trojan Horse. I was then given a number of companies that had free downloads, knowing better I downloaded 2 companies, Antimalware and Red Cross Antivirus. They want $69.00+. I can’t remove them from my system. The Antimalware has remove on the controll panel but its just a dummy. Red Cross I can’t even find. Task Manager does not work pslist does not work. If I do get them off how do I get the Trojan Horse out?

    Frank

  • sammi says:

    my computer wont let me do any of these things,,, its completely controled by the virus,,, what else can i do ?

  • michelle says:

    I have the same problem as “confused” I am infected by peak protection 2010 and I have tried to stop it in task manager but when I stop it my computer goes into a blank black screen. I also am having a hard time in run, it says that pslist is not recognizable as an interal or external command operable progran or hatch files. I am trying to avoid cleaning out the whole computer I have important information on there I just need this virus off. I can’t get onto the internet or a lot of things without it stopping me

  • confused says:

    when i type in “pslist” in the cmd its saying it doesnt recognize the command, what should i do?

  • tundra_seed says:

    I am happy to say that SpyHunter did everythng it needed to do. My wife invited “Security Tool” into our laptop today and wthin minutes it had taken over virtually every aspect of the machine. I could not apply any of the manual fixes mentioned for removal of the infection. I also was locked out of my task manager and control panel. I tried to load a couple of other products and was not able to instal them… SpyHunter got through and removed all traces of Security Tool.

    Thanks,

  • Josie says:

    Hey Guys! I downloaded the Security Master AV and Now it keeps Saying fake viruses on my computer! And As you said that i have to acces the Task Manager, I press it but it wont show up! Also The windows command promt, when i type in pslist it says that it doesnt recognize a command for that! This is really bugging me and my family! So please help!!!!

    Thanks, Josie.

  • Rebekah says:

    NEED help! whenever I plug in my portable drive, I will see 2 programs running. One of them is call “Server061″, I googled and found it is a spyware, how to kill it??

  • Michael says:

    The characteristics of this nussiance is amazing. As for most of the response I’ve read about asking if this causes this, the answer is most likely yes. I’ve reviewed the virus and saw what it can do. Some people are asking why I can’t get on the internet. The virus does cause a overrule in the browser tools to display one of their messages. IT restricts access to all sites excluding the purchasing one. As for people having problems with doing run, cmd, or task manager, the virus does cause and restricts theses processes from starting. It displays a warning and in order for it to run, you must “buy” the software. The virus isn’t a bad thing, it’s a nuissances. It’s not like a worm that takes over your computer to use it as a clone. The simpilest way to get rid of it if your cmd won’t run would be to reformat. Simply put, restart, press f8, repair, and complete restore.

  • Helena Magnér says:

    I want to get rid of the annoying “pareto logic Anti-Spyware” which often block a part of my pages so I cann´t see them in full size. Sometimes I can´t click to get more information about something. I am not very good at computers but I have tried as much as I can how to do. Have now used 30 bloody minutes for this – nothing
    works. Now I can´t see my text for example.

    what am I to do?

  • darkangel_riq says:

    @Ghost Rider. Thnx a lot.

  • Roni says:

    Need help! When I run cmd it does not it does not stay visual long enough to do the next. Is there a way to copy to a cd the removal process? The message I am receiving is that the file wscntfy.exe is infected.

1 2 3 5

Leave a Reply

What is 10 + 6 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)