How to Kill Spyware Processes

What are processes?


Every program has its own executable code (for example, the .exe file). A process (or task) is a program that is being executed. When you start a program, the executable code will load into the computer’s memory. This code is the process. If a process is closed or terminated, the resources used by that program will not run. To see all the processes running on your computer, you can use the Windows Task Manager, a built-in Windows utility.

The Windows Task Manager allows you to terminate almost all processes, however, there are some programs that have invisible processes running in the background and can remain on your computer without you knowing its exact location.

Why is it important to remove malicious processes?


Even though some processes are legitimate, there are other processes that come from malicious applications such as spyware, adware, trojans, malware, worms, and rootkits. It’s reported that malicious applications may run on your computer without your knowledge or consent. These malicious applications can infect your computer and compromise your privacy, security and computer performance. That’s why it is important to learn how to kill malicious processes.

The first step is to evaluate every process running on your computer to determine whether any of them is a piece of spyware. The obvious choice is to look for a process that is either out of place, does not belong to a program you remember installing or is behaving odly. In the case of an extreme malware infection, you may not be able to kill the offending program with the Task Manager and instead might get an “Access denied” error. In a case like this, an anti-spyware program might be the best approach to solve your computer’s security problem.

The instructions on how to get started depends on what Windows version you have. Learn how to remove kill spyware process from your computer.

Kill Spyware Processes Manually


Warning: Stopping system processes is a difficult and risky. If you delete the wrong file, your computer may crash and important data may be lost. As a precautionary measure, please back up important files and set a System Restore point (click Start > All Programs > Accessories > System Tools > System Restore, and follow the on-screen instructions) or run a spyware check with a trusted anti-spyware program to automatically detect spyware.

You can kill spyware proccesses in two ways:

Method A: Using the Windows Task Manager. (Recommended)

Method B: Using PsKill through the Command Prompt window.

Method A: Using Windows Task Manager to Kill a Process


Follow the steps below to manually kill a process with the Windows Task Manager:
  1. Start Windows Task Manager
    To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC. You can also press the “Start” button, select the “Run” option, type “taskmgr” in the blank field and then press the “OK” button.

    Run Task Manager
  2. Find and Kill Spyware Processes
    In the Windows Task Manager, select the “Processes” section to see all active tasks. Find the proccess by name. To make it easier, select the “Image Name” button to list tasks by name.

    Use the list of process files associated with the spyware you know or suspect your computer has been infected with. You can find a list of processes by going to our malware program list and selecting the parasite you’re interested in. If there’s a process that you don’t recognize, copy the process and search on google.

    Select the process you want to kill and click on the “End Process” button to kill it.

    Windows Task Manager

Method B: Using PsKill through the Command Prompt Window to Kill a Process


In some cases, a parasite may disable your Windows Task Manager so instead you can use “pslist” and “pskill” (a third party application by Mark Russinovich) to list and kill the unwanted proccesses.

Follow the steps below to manually search and kill the spyware processes with PsKill:
  1. Open the Command Prompt window
    Press the “Start” button on your Taskbar and select the “Run” option. Type “cmd” in the field and then press the “OK” button.

    Run Cmd
  2. Search the unwanted process
    When the Command Prompt window is opened, type the command “pslist” and press “Enter” to search processes from the list of running programs.

    Search the process
  3. Kill the unwanted process
    Once you know the name of the process you want to kill, type the command “pskill [PROCESS_NAME]” and press “Enter” to terminate the unwanted process. For example, if you wanted to kill SpyLocked (a rogue anti-spyware program), you would type pskill spy-locked.exe.

    Terminate the process
  4. If the process was terminated successfully, a confirmation message will be displayed.

Related Posts

Posted: June 5, 2006 | By
Share:
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (12 votes, average: 3.25 out of 5)
Loading ... Loading ...
Home Tutorials How to Kill Spyware Processes

230 Comments

  • nick says:

    Could i just kill the process by using msconfig so that it doesnt even start up?

  • Johnny says:

    HELP PLEASE!
    I got infected by the virus calling itself ANTIVIRUS XP 2000. The results are terrible. I can’t access the Internet, previous reestablishment points are deleted and replaced by one point, antivirus scans are not possible, just to mention a few of the problems. Attempts to uninstall the system fails, just to mention a few of the problems. I can, however still access some basic routines, including RUN…..
    I am using Windows XP SP3, but in a OEMversion, preinstalled when the PC was delivered. Reinstalling Windows through a reinstall CD supplied, will mean total loss of all emails, which are important to me. (I have not made regular backups on an external harddisc frequently,following the principle: Real men do not backup… they cry!).

    I am using an older PC, running Windows ME, and even though it’s terrible, it gives me a possibility to read and write emails, and use the internet. I amable to download possible needed routines to solve the problem, but since I can’t access such sites from my normal PC, and only the oldie, the only possibility to use programs or routines from the Internet is if they can be downloaded to for example a CD burned on the old, and used on the new PC.

    I hope somebody on this site will be able to give me a simple and understandable solution. I am NOT an expert at all, but am as normal user able to follow instructions. IF some kind and wise soul needs additional questions answered or has the solution, then I will be eternally gratefull to receive your comments or instructions, preferably through emails to mundus@newmail.dk

    Thank you in advance. I hope somebody can help me, to again get an operational PC. As far as PC knowledge is concerned: I am just a user, almost 70 years old, but still able to remember what the word “senile” means 😉

  • Chaaampaign says:

    ahh, i hate it, i have this thing called “Vista Antivirus 2008” on my computer, and I just
    can’t figure out how to get it out, its to hard! hehe. Should I just leave on there? I mean I use the task manager
    every time to end it, but should I just find some one to delete it, or just keep it there?

    What kind of hard does it really do to my computer? ahh, helppp :]

  • siva says:

    hi sir,this is siva,some problem occurs in my laptop.problem is(warning! spyware detected install antivirus or spyware remover to protect ur system)when login laptop.only display this message,no other details like(start,desktopicons).did not enterning login also.pls give me some suggestion.in my harddisk important files are there pls sir…..

  • Brandon says:

    when my comand prompt comes up, it doesn’t say just “C:\” but instead a “C:\Documents and Settings\HP_Administrator>” How can i fix that??? Help PLZ!

  • Kris says:

    I have been infective by Antivirus 2009. I followed the steps to remove but I am still being plagued by popups. the main one says “about-blocked” in the blue line and the page says “Blocked Microsoft Internet” I don’t know how to get rid of this.

  • Z.L says:

    I’ve read through all the remedies, but my biggest problem is that this wonderful Vista Antivirus 2008 has removed or hidden the things I need to do alot of these procedures. i.e I have a start button at the bottom, but no option to search or run, all of these have “disappeared”. How can I get to c: so that I can procede with all the processes? Please help before I start throwing things!!!!!

  • E.fitra says:

    Dear,

    Please help me, my task manager is lost

  • DAVE says:

    HI

    I NEED HELP PLEASE HELP ME MY COMPUTER HAS BEEN INEFTED PLEASE HELPME

    MY NAME DAVE

    PLEASE CANYOU HELP ME

    THANKS

  • breanne says:

    having troubles. I follwed each step even resarting and going on safe mode seems like spyburner has me locked and on my monitor it states: warning your computer is in danger quickly remove all spyware. Also every minute on my bottom tool bar a warning pops up stating: your computer is infected its detected a spyware infection. please help im so confused :(

  • smogger says:

    hey guys….
    u tried taskkill???
    i usaually use taskkill when taskmgr is disabled……(now i enable it though)

    take “run”
    then type taskkill /im “processname.exe” /f
    processname is the name of the process

    u can also enable taskmgr with registry key…..

  • SUM says:

    Izit just kill the process and the malwarrior will be gone? Do i need to delete other files also?
    thankz for helping..Really appreciate it..

  • Dadu says:

    I am having d same probs..i downloaded the Pstools and it shows itz not recognized as a command or file..and …well am fed up too..

  • Chante says:

    Hello all. Ok here is my dilemna. I have this ZLOB on my pc as well. I tried to use Norton 08. BOOOOO. its a waste of money. I used that SpyHunter and it found a lot more stuff than I was aware of. I was having trouble getting to my directory C:\ also. It worked when i did (case sensitive) CD:\. So i get to the C prompt and i type in PSLIST and to no avail. I also downloaded the PsTools and I still can not get it to run. I get the error message that says ‘pslist’ is not recognized as an internal or external blah blah blah. I really need this thing to GO AWAY!!! I am furious at how long this process has taken. I would really appreciate any guidance through my long haul of these stupid trojans and spyware and malware and viruses and and and and and. Aren’t u guys fed up? I really hope that we can get an answer soon because if not….well soon i hope.

  • Banner76 says:

    I’ve downloaded the additional PsTools, but still getting the “does not recognize” message.

  • ghostrider01 says:

    Connie,

    Can you use pslist or pskill in Safe Mode on your PC?

  • Connie says:

    I downloaded pstools but I am still unable to use pslist or pskill. What do I do?

  • ghostrider01 says:

    :(computer):,

    Malware often disables access to Task Manager to make manual inspection and removal more difficult.

    To enable Task Manager:

    1) Click Start > Run

    2) Type REGEDIT > OK (Registry Editor will open)

    3) Browse HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system

    4) Look for the value DisableTaskMgr (right pane) > Right click > select Delete
    *When asked “Are you sure you want to delete this value”, select Yes.

    5) Browse HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

    6) Look for the value DisableTaskMgr (right pane) > Right click > select Delete
    *When asked “Are you sure you want to delete this value”, select Yes.

    7) Close the Registry (File > Exit)

    Task Manager should be enabled. If not, reboot into Safe Mode and repeat these steps.

  • :(computer): says:

    I’m having computer problems like these people and it changed my desktop and disable my taskmgr how does that happen and I can’t use system restore too help me someone

  • :(computer): says:

    I’m having problems like this to and I can’t get my taskmgr to work and somehow its disable?? why is that?

  • ghostrider01 says:

    Patrick,

    The instructions are on this post. There are files that change or appear new on the web for a rogue anti-spyware… there’s no 100% solution, but at least you should let most of the searching be done with a real anti-spyware program rather than you manually deleting each file which can end up in you missing one file.

  • Patrick says:

    how can i completely kill all of my anti spyware on my laptop? I would like to know step by step construction so please kindly reply for my request.

  • ghostrider01 says:

    MJ,

    It may be, that the antispyware program you have, doesn’t have the latest updates for this parasite. Did you update your antispyware program? Try to boot your computer in Safe Mode and scan with your antispyware program again. Sometimes antispyware programs remove parasites from Safe Mode, which they can’t remove in Normal Mode. If this won’t help, try to scan your computer with our free SpyHunter scanner, which will detect the infected files and show their locations. Afterwards boot your computer in Safe Mode and manually delete the infected files (Shift+Del).

  • MJ says:

    I seriously need your help.

    I followed your instruction to remove UltimateDefender from my system but it’s icon stilll manages to be in my toolbar! I’ve downloaded all sorts of anti spyware but it doesn’t seem to be able to get rid of it. Why?

  • ghostrider01 says:

    Seth,

    As I mentioned above to Wes, you have to install the additional software PsTools. You can find it here http://technet.microsoft.com/lt-lt/sysinternals/bb896649(en-us).aspx After installation PsList and PsKill should work.

  • Seth says:

    Pslist and Pskill wont do anything and i know where the viruses origin file is but its protected from deletion… Why cant i use PSlist and PSkill?

  • Jay says:

    To Laurie & Amy.

    I believe CMD opens in the current or last used directory.

    To navigate, use the CD (change directory) command

    To go to C: root, firefox pointed out use CD \ or Cd C:\
    To go up one level, do CD.. Do that several times you’ll get to C: root
    To go down a level, do CD\lowerleveldirectoryname
    To see what folders / directories are in the current directory, do DIR (optionally with /P to stop it scrolling off the window)

    DOS still lives :)

    j

  • ghostrider01 says:

    Amy,

    Not all antivirus programs remove spyware. And the infections are mutating very often, so it’s nearly impossible to catch and clean them very easy. You should contact the support team of your antivirus and they will help you with DioCleaner removal. Also, you can follow the DioCleaner manual removal instructions which are on http://spywareremove.com/removeDioCleaner.html . You can use our free scanner which is not removing, but detecting the infected files, so it will help you to find the locations of the infected files and then you can try to remove them manually. Otherwise, you can get a reliable anti-spyware program.

  • Amy says:

    Hello! Can someone, anyone help my hubby & me!? I’ll beg if necessary..lol I just got Norton back on our computer, but somehow, most likely before I did that I got dioCleaner infected & I can’t get rid of it through the ways I’ve tried on here, this thing is WAY smater then me!! I thought by reinstalling Norton it would get rid of the DioCleaner…nope! So do I have to buy like an additional $30 spyware program or something to get rid of it? It won’t even let us look at our email’s either! I keep going to ask.com & reading as much as I can…gona be a long night! Maybe I can look at my hotmail at least. That’s meme71973@hotmail.com if anyone has any advice for us! Thanks for everything!!
    Amy S.

  • ghostrider01 says:

    wes,

    You have to install the additional software PsTools. You can find it here http://technet.microsoft.com/lt-lt/sysinternals/bb896649(en-us).aspx After installation PsList and PsKill should work.

  • wes says:

    now my computer is telling me it can’t do the pslist thing either. “pslist is not recognized as an external or internal command”

  • wes says:

    so, i don’t think AWOLA actually got installed cos it won’t appear in the task manager – but it won’t go away either. it keeps displaying messages in the task bar and keeps opening its program. how can i get rid of it?

  • ghostrider01 says:

    pat,

    Very likely, that no. But it’s possible that there are many other parasites on your computer. Perhaps some of them don’t let you to connect to some pages on the internet.

  • ghostrider01 says:

    lol,

    There can be a few different Zlob processes. Their names are changing very often. The best solution is to scan your computer with our free scanner and remove the infected files. Our free scanner will separate the processes so you can easy find their names.

  • lol says:

    wads da process name fer zlob?

  • pat says:

    I can’t even get into google because my computer tells me that I am not connected to the internet. Does Ultimate defender cause this as well?

  • samredsea says:

    rachel and amy:
    just add dir
    C:/documents and settings\user>dir
    that brings up the directories
    im all for killing all these unwanted spyware junk using any weapon available

  • jan says:

    i can’t open taskmanager and RUN in start menu

  • ghostrider01 says:

    Josh,

    It seems that you have got malware on your system. You have to fix your computer by using anti-spyware programs. You said taht you can’t access Task Manager. Press Start, click Run and then paste “REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f” (without quotation marks). This should enable Task Manager.

  • Josh says:

    I’m experiencing the exact same problem. The background shows a false error message. I can’t access task manager because it says it’s been disabled by the administrator. If I didn’t have Firefox for a browser, the computer would be totally useless. I’ve gone through all the advice, but it seems they are one step ahead. It’s like the computer “lets” me use it, other than that, its in total control.

  • firefox user says:

    have you tried this command
    C:\documents and settings\user\ cd\
    and if not. try to
    run msconfig from cmd and choose selective start up
    disable your system restore from system icon located at control panel
    restart PCin safe mode with networking
    and from there do an online scan on you system

    firefox user

  • tom swartz says:

    Have an error: SETUPAPI.DLL file is linked to missing export NTDLL.DLL:NTCLOSE. It seems the only thing affected is any IE6 toolbar, they won’t appear or reload. Had a file STARWARE TOOLBAR that my Spy Sweeper found and removed, but still no toolbar’s. I would like software that would make this right, put the missing file back. Will yours accomplish this or can you recommend one that would?
    running win98/acer aspire 333mhz,ie6

    missing ntdll.dll:ntclose

  • ghostrider01 says:

    Rachel, Lauri and Amy,

    Maybe you can be more specific? Give the detailed description what is happening on your system.

  • Amy says:

    Rachel.
    Have you found a way to get around that? Mine is doing the same thing. Can anyone help?

  • Lauri says:

    The same thing with me. DOS opens with C:/documents and settings\user. Can’t change the directory. Anyone have any other ideas?

  • Rachel says:

    Some clever spyware programer has found a way to circumvent this method of removal. The directory that comes up when I open my DOS is “C:\documents and settings\ user” and I am unable to change the directory. I’ve tried every command, but it seems to be ignored. I guess its reformatting the hard drive for me!

  • winston arcamo says:

    so long & more power……….. no fees just follow the manual.

  • winston arcamo says:

    natural,easy to use,& effective

  • Blackest says:

    I am curious, in order for ultimate cleaner to find its way to your PC, do you have to manually download it or does it find its way through an open port or something ?

  • marsha whitthorne says:

    i will try these things as win antispyward 206+207 have loaded in my computer a lot of times and locked it up yesterdday and it took me 2 hours to get it out thanks m

1 2 3 5

Leave a Reply

What is 12 + 11 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)