Search This Blog


Monday, July 9, 2012

Remove a 'virus' manually - Part Three

Disable the malware

This post is the third part of a series of posts on how to manually remove a malware from your computer.

OK!, before we try to remove the malware, we should make sure it is disabled. We can do this by simply starting our computer in safe mode. This method works most of the time but some malware either disable safe mode or cause themselves to run even in safe mode. So, we'll do it this way:

Start the windows task manager. If the task manager has been disabled by the malware, you can get process explorer from sysinternals or any other process explorer like that of glary utilities or tune-up utilities.
Alternatively, if you like "that black window" (command prompt), you can use the tasklist and taskkill commands to follow the rest of the procedures.

Now, you should have a list of running processes from your process explorer or command line. Identify the malware's process. i can see some people asking "how the hell do i do that?".
Candid answer: dunno, but i'll try to help.
End all processes excluding the following: winlogon, spoolsv, csrss, smss, services, svchost, explorer, system idle processes and the currently running process explorer.
Its not bad to end explorer.exe too if you want. You may also find a lot of svchost.exe. End all of them that are not being run by STSTEM.

If this procedure seems too demanding, remember you've still got the safe mode option.

Once you've finished this process, let go on to removing the culprit malware.

Other posts in the series