How to Kill Spyware Processes
What are processes?
Every program has its own executable code (for example, the .exe file). A process (or task) is a program that is being executed. When you start a program, the executable code will load into the computer’s memory. This code is the process. If a process is closed or terminated, the resources used by that program will not run. To see all the processes running on your computer, you can use the Windows Task Manager, a built-in Windows utility.
The Windows Task Manager allows you to terminate almost all processes, however, there are some programs that have invisible processes running in the background and can remain on your computer without you knowing its exact location.
Why is it important to remove malicious processes?
Even though some processes are legitimate, there are other processes that come from malicious applications such as spyware, adware, trojans, malware, worms, and rootkits. It’s reported that malicious applications may run on your computer without your knowledge or consent. These malicious applications can infect your computer and compromise your privacy, security and computer performance. That’s why it is important to learn how to kill malicious processes.
The first step is to evaluate every process running on your computer to determine whether any of them is a piece of spyware. The obvious choice is to look for a process that is either out of place, does not belong to a program you remember installing or is behaving odly. In the case of an extreme malware infection, you may not be able to kill the offending program with the Task Manager and instead might get an “Access denied” error. In a case like this, an anti-spyware program might be the best approach to solve your computer’s security problem.
The instructions on how to get started depends on what Windows version you have. Learn how to remove kill spyware process from your computer.
Kill Spyware Processes Manually
Warning: Stopping system processes is a difficult and risky. If you delete the wrong file, your computer may crash and important data may be lost. As a precautionary measure, please back up important files and set a System Restore point (click Start > All Programs > Accessories > System Tools > System Restore, and follow the on-screen instructions) or run a spyware check with a trusted anti-spyware program to automatically detect spyware.
You can kill spyware proccesses in two ways:
Method A: Using the Windows Task Manager. (Recommended)
Method B: Using PsKill through the Command Prompt window.
Method A: Using Windows Task Manager to Kill a Process
Follow the steps below to manually kill a process with the Windows Task Manager:
- Start Windows Task Manager
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC. You can also press the “Start” button, select the “Run” option, type “taskmgr” in the blank field and then press the “OK” button.
- Find and Kill Spyware Processes
In the Windows Task Manager, select the “Processes” section to see all active tasks. Find the proccess by name. To make it easier, select the “Image Name” button to list tasks by name.
Use the list of process files associated with the spyware you know or suspect your computer has been infected with. You can find a list of processes by going to our malware program list and selecting the parasite you’re interested in. If there’s a process that you don’t recognize, copy the process and search on google.
Select the process you want to kill and click on the “End Process” button to kill it.
Method B: Using PsKill through the Command Prompt Window to Kill a Process
In some cases, a parasite may disable your Windows Task Manager so instead you can use “pslist” and “pskill” (a third party application by Mark Russinovich) to list and kill the unwanted proccesses.
Follow the steps below to manually search and kill the spyware processes with PsKill:
- Open the Command Prompt window
Press the “Start” button on your Taskbar and select the “Run” option. Type “cmd” in the field and then press the “OK” button.
- Search the unwanted process
When the Command Prompt window is opened, type the command “pslist” and press “Enter” to search processes from the list of running programs.
- Kill the unwanted process
Once you know the name of the process you want to kill, type the command “pskill [PROCESS_NAME]“ and press “Enter” to terminate the unwanted process. For example, if you wanted to kill SpyLocked (a rogue anti-spyware program), you would type pskill spy-locked.exe.
- If the process was terminated successfully, a confirmation message will be displayed.
Posted: June 5, 2006 | By SpywareRemove
MoreRate this article:
(7 votes, average: 3.71 out of 5)
Loading ...
Well, I had to take this virus off my dad’s computer today. If you let it load windows, anything you try to open will stop and bring up an error message telling you to get antivirus and it will offer a yes’ and no’ option, clicking yes takes you to the antivirus” website and tries to get your money. If you restart and click the start menu as soon as it pops up and quickly start task manager you can kill the process before it can get started. I found that trying to open task manager with the virus still active will cancel it but, it will put it on your recent programs list so it is readily available and easy to click fast when u need to beat the virus’ load time. However if that doesnt work for you, restart windows in safe mode and do a system restore to a previous date. If you don’t have a restore point, then I am not sure what else you could do to get rid of this
I got this Malwear on my computer tonight and after alot of hair pulling i found what worked for me.
I am using XP 64 on my machine. I did what the people above recomended, but i typed in cmd in run on first boot up. I type too slow to use the windows task manager. In dos command I dropped it all the way to C:\ directory. Use cd.. or type c:\ to get to it. If you type help at the prompt you can see all your commands needed. Mine was tasklist to pull up task manager in dos and taskkill to end process. My malwear name was dyrusysguard.exe. once i typed
taskkill /IM dyrusysguard.exe i got this message under it. SUCCESS: Sent termination signal to the process “dyrusysguard.exe” with pid 1052. i was then able to install and open removal tools. running windows malwear removal tool as i type this. If you have problems killing the process you can pull up the examples on killing it by typing taskkill /? it will give you a list and examples of what to type i hope this helps.
This page was wonderful. I had been struggling with “personal security” for days. One little click and I am all set again. Thank you so very much for this information. Just follow the directions and all will be well.
I have scrolled through all of this page, and knighthawke, your comments above were great to get the processes up and running with task manager. Thank you… but, how do I know what the name of the Anti Virus Pro’s .exe document is, so that I can delete it from my machine. It is okay to stop rocesses, but I have no idea how to choose which one it is. Would it be running of my name… or system, or local service, network service. Brilliant so far, but now I would like to delete it. If anyone could answer me soon that would be great.
Warm regards
Duncan
I cant open any programs. I try to open task mgr and it closes before i can even try to use it. I tried what Phil said, but there is nothing in task manager for me to kill. The one and only website that will work is Antivirus Pro’s website that is trying to sell me a $50 antivirus program. I find it strange that i cant even open google or any other site because Windows doesn’t trust it, but this anti virus’ site is ok? Is Antivirus Pro the one that sent the virus to my computer?
Wendy, I had the same problem you describe (found this page at work, will take the instructions home tonight).
I haven’t cleaned the trojan out yet, but here is what has worked for me so far – reboot your machine, and once the task bar at the bottom appears (and before much of anything starts loading), right click the blank space, and select Task Manager. It will take a while to pop up, since the PC is working hard to load everything. If you can do this before the virus/trojan loads, you will be able to go in and kill the trojan once it loads. If you wait for everything to load, you can’t start ANYTHING, as you no doubt have found. Then, once you have killed it, you can proceed.
HELP MY LAPTOP HAS BEEN HI JACKED BY ANTIVIRUS SYSTEM PRO. IT HAS TAKEN OVER EVERYTHING. WON’T LET ME INTO SYSTEM RESTORE, RUN, TASK MANAGER, NOTHING. I HAVE AN IBM THINKPAD AND IT WON’T EVEN LET ME INTO THINK ADVANTAGE PROGRAM. IT SAYS EVERYTHING I TRY IS INFECTED. IT HAS ALSO DRAGGED IN PORN SITES, THE ONLY THING IT WILL ALLOW ONLINE. IT WON’T LET ME ONLINE FOR NOTHING. ANY HELP WOULD BE APPRECIATED.
… also, i’m scared to restart my computer right now to try KnightHawke’s advice because i’m afraid my desktop won’t turn on anymore. (sorry, i’m really going crazy over this)
i tried all your guys’ advice but to no avail. i couldn’t open task manager and using start > run > cmd doesn’t work for me either. not only that but every time i try to open anything a message pops up saying that the file is infected and i’m unable to open it.i believe my cousin downloaded by accident the same thing alex from above have said. i really need help. i’m losing my sanity right now. thanks god i have my laptop still working so i was able to find this site. please help me. also i’m computer illiterate.
For those having a hard time getting your task manager or command prompt to open after getting these “Antivirus” programs, you will have to be quick, but here’s how to do it (I run XP so I can’t say if it works for any other OS): Restart your computer. Once you see the “start” button come up immediately click on it then click run. Enter “taskmgr” in the box and hit “enter”. This will get your task manager up so you can kill the main processes for these “antivirus” programs. Since there are different variations of the processes ( I got hit with a variation of Antivirus System Pro, the main processes were “xtxnsysguard.exe” and a process that was just numbers) you will have to figure out which processes you have kill. Once you kill the main processes in task manager you will be able to continue removal without hindrance.
In attempting to rid my life of Cyber Security (thanks alot, kids), I downloaded the PsTools suite hoping to make use of pslist and pskill. However, I still am receiving the message on command prompt that pslist is not recognized as internal/external file… etc… I have not seen an answer to this issue that others had as well – what is the answer? Thanks.
i hate this security words, they ae so stupid, and i never get them right and i don’t know why
I have a quick question. While its obvious that my desktop has problems, it was not obvious that my laptop did. I ran the spyhunter on both and found out that i have malware. If I purchase the spyhunter for 29 euros, can I use it on both? They are running on the same router, but are not connected via LAN. Thanks in advance for any info. Oh, and THANK YOU for giving me my task administrator back on the desktop!!!!!!
i too am one of those computer illiterates and i,m bugged by cyber security that i did not sign for and when i go to add/remove i,m blocked from doing so. i want to remove cyber security from my computer i am covered by mcfee. can you help me? I hope this is not another fake help me program.
i am one of those ‘computer iliterates’ that got stuck with this stupid fake personal anti virus thingy.
can i say a BIG Thank you for putting up some simple & might i add effective instructions to DESTROY that God awful program that was making me tear my hair out!
thank god for sites like this you gave me back my sanity,
Hi i need your HELP! I was just trying to download ADOBE PHOTOSHOP CS4 in limewire, when i opened the set up,AVG informed me that i have a Trojan (i didnt take note the virus) I was in panic,and i see this a.exe and d.exe in my task manager,when i go to regedit,nordbull and poprock and xml is present…I tried to remove them through AVG and i thought i got rid of it but when i tried to scan on Norton internet security High Risks for Suspicious:MH690.A – Heuristic Virus located in at C:\windows\system32\rorzl.exe and C:\windows\system32\etxx06563.exe, and W32.irc robot…..These high risks virus are BLOCKED and i cant do anything to get rid of it…When i go to msconfig, theres 2 POP ROCK in the start up registry…
I was really scared yesterday night so I deleted Pop rock,Nordbull and XML from regedit…I also deleted d.exe and a.exe in the search…but still it keeps on running…i tried to follow your instructions here,i tried to go to cmd,when i try to type pslist it says its not a correct command………Pls i really need your help,AVG and Norton and Spyhunter didnt take effect……………………I also have hijack this but i dont wanna make mistakes…..
I tried to remove Total Security from the add/ remove on my computer, but it says this is a read only program in order to fix the problem download Total Security and the problem will be fixed.
Total security is the (PROBLEM)!!!!!!!
HELP!!!!
I have been also attack by total security , its very nasty and hard to get read off. can anybody help please
Hey i’ve been infected by antivirus plus and it keeps popping up every 10 seconds and i want to uninstall it but when i went to uninstall program it wasn’t there and i went online and it appears it is a rogue. I dont want to pay to uninstall it but i dont understand how to do the manual uninstall people provided. If someone can give me an easy guide to eradicate this scumware i would appreciate it very much.
ive been infected unfortunately not sure where from but probably from that shitty Limewire n or
from the community networks…it made the laptop go dead at the weekend,but when i took it from my boyfriends house to mine it just worked again…Tele @ safety & windows defender cant find anything…then i downloaded trojanhunter and did lots of scans which came out clear ,except for 4 permant scan report notifications as follows : Port 5151/TCP is open (matches optixlite 0.20),Port 5151/TCP is open (matches optixlite 0.30),Port 5151/TCP is open (matches optixlite 0.40) & Port 5151/TCP is open (matches optixlite 500)…which ive found out now to be trojans…pls urgent help with the best way to remove this pest/virus…lol…its so annoying…thanks
Ive been blessed with the Total Security somethingware and cant get rid of it. I have read and tried all that you have posted. I cant get in to task manager, cant log on to the internet. none of the commands work and cant get into the add/remove programs. I cant find anything in the program files or even know what to look for. Please help!
Jacob, I too have been taken over by TOTAL SECURITY and need help getting rid of it. Have tried some of the “solutions” on the net but to no avail. Seems like it popped up after I downloaded, bought & installed Paretologic antivirus & spyware. Don’t know if this TOTAL SECURITY was attacted to the download are not but it only appeared after using the Paretologic download. Hopefully someone will help.
Bill
Jacob, I too have been taken over by
To kill personal AV , just find it in the task Manager like the method 1, its name is: PAV. Good luck
I have “windows police pro” on my computer. This has taken over everything. I can not run a search or open any porgrams. I can log onto the internet, but can not open any links to scan my computer. HELP
Well I can open folders but i cant open any programs to get rid of this TOTAL SECURITY!!!!
OMg ThiS really Works I hate does personal antivirus.I will never accept one Thank You AlOt
My computer was infected by Total Security 2009.
I tried removing it with anti-spyware (3 different applications) without success.
I tried to remove the various parts manually, which only caused more problems.
Now I am at the stage where nothing works and on trying to reinstall Windows, the disc reads but cycles back to the beginning without getting to the welcome page.
Any fixes with this please !!?
Gil
I have been infected with da virus : Personal antivirus and its so annoying. It won’t let me in to websites keeps tellin me dat the site contain things that might harm my computer when they dont. I have googled the site and it says its a fake antivirus and when i try to remove it i have 2 download things and then it scans the pc then you have 2pay to remove it? Is there any way i don’t have 2pay? And i can’t unistall it? I didnt download this personal antivirus it just came by its self! I have tryed so much and i cant seem to get rid of it please sum1 help and tell me how
Total Security has taken over my computer. I am not able to open anything except the internet. I can not download anything to get rid of it because it blocks it from acessing the internet. I can not manually do it either. How can I get rid of this Total Security.
Thanks very helpful
hi the other day, this popup comes up on screen telling me that i have 32 different viruses on my(brand new) computer, wich i now know i didnt.So i clicked on the popup and installed Total security ver 4.52 , and now it wont let me run ANY software, or install anything, every time i try to open any software or installany thing, a popup message come up saying:Application cannot be executed.The file name … is infected.Please activate your antivirus software.
I cant even open WMP!!!
Ive tried finding the program files but that popup comes up and closes watever im trying to open, ive tried.It basically blocks me from opening anything on my computer.The only thing i can use my computer for atm is the internet browser, other than that its totally useless.
SOMEONE PLEASE HELP ME!!!!!!!!!
SOMEONE HELP! Every time i pull up the command prompt and type something in it says “pslist” is not recognized as an internal or external command, operable program or batch file
I also do do not get the color codes to modify in the step before did i miss something?
I am at the cmd stage and when I press enter it comes up C:\User\myname> when I try to put in pstlist nothing happens. how do I fix this
Regarding the entry below…I am unable to delete the indicated *.exe files with several windows and several dos tools. They seem un-deletable!
________________________
August 23rd, 2009 at 9:31 am
THanks for all the help! I too have located the following infections: msavsc.exe, msctrl.exe, msfw.exe, msiemon.exe, mssadv.exe, msscan.exe in a temp file. The malware has disabled access to TaskMgr. My question, what do I do first….delete the malware or establish access to TaskMgr. Please help with the exact sequence of “what to doâ€. THanks in advance for the response!
THanks for all the help! I too have located the following infections: msavsc.exe, msctrl.exe, msfw.exe, msiemon.exe, mssadv.exe, msscan.exe in a temp file. The malware has disabled access to TaskMgr. My question, what do I do first….delete the malware or establish access to TaskMgr. Please help with the exact sequence of “what to do”. THanks in advance for the response!
The smart virus eliminator has remove my administrative right. I can’t pull up cmd, taskmgr or even remove the programs out of my computer. Please advise. Thank you.
use the tskmgr comand. Go to start, and click on Run. in the space provided type tskmgr, then click on processes. You will see all the processes in action. Identify the process you want to kill, in this case it will be sp2009. Click end process to kill it.
I tried all these steps. wont let me type anything.
Where can I get a list of what the processes are and which ones I need and which ones I dont.
Personal AV is still on my system. OUCH. I tried uninstalling, task manager and cmd for the pskill and no luck in removing it. I changed the dos drive to be on c:\ by entering cd.. but I have no luch finding the pskill of personal AV files to delete. I went into safe mode and still no such luck deleting (Uninstalling) this Personal AV. What other options are there. Should I trash (delete) my entire sysem and reinstall all programs and windows XP?
I can get on to task manager, but when i go on it, and click on csrrs, then on end process, is says ” The operation could not be completed. access denied”
when i try the part of stoping the process it says that i cant .and when i try the pslist thing it wont let me type anything..what do i do now?
My computer has recently be infected with the trojan virus as well as spyware and worms. After letting family members use my computer I discovered numerous game program downloads as well as the unistallation of my anti-spyware & antivirus programs. Now I am getting “Application cannot be executed [processname.exe]” pop ups. I have tried to download kill spyware & trojan remover programs trying all of the above suggested routes without success. I am so frustrated that I have even tried to restore my computer to the factory settings. That even failed. (all personal data/documents/files were backed up and are protected) What is the best way to go about cleaning out this mess? I hope someong can help.
was in the process of removing swpdemo 2009, when accessing the first two websites the second one automatically did a scan and wouldn’t allow me to leave site i suspect it installed the system security version 4.52.
was able to uninstall, and yet it still remains.
does not allow access to task mgr thru (cntrl+alt+dlte) or when using run (taskmgr), run (REGEDIT), run (cmd) for Pskill.
can anyone help???
hello
can any ane help from the system security 2009
pleace can any ano send the process how to delete/kill the virus /malware/spyware
this is my email :kandagatla_sandeep@yahoo.in
i have the personal antivirus and need help removing does anyone know how nothing has worked
-originally, task manager wouldnt budge
-AVG antivirus cant be installed or launched
-tried dtask manager (kill task override disabled)
-tried the pskill method : Access is Denied
dont know what to do next.
trying to kill csrss.exe
can drop an email to me @ siongkin@hotmail.com
Hi,
It seems that I have acquired “personal antivirus.” I do not know where and how to delete it or remove it? I currently have Windows Live OneCare and it is scanning at the moment. I read about it and I know what it is; I am sure it is malware. Can anyone help me to figure out how to remove it? Please and thank you