Table of contents.
I. Find the process and try terminating it
+ Alternative steps for finding and terminating the process
II. Locate the malicious file and try deleting it
III. Using Pocket KillBox for removal of difficult malware
Each program is a collection of files. To start the program you launch an executable file that runs the entire program or some of its components.
When you launch an executable, part of its code is being loaded into computer’s memory. This code is the process. It allows the system to run the corresponding program. In simple phrase, every running program is represented by its main process (or task). If such process doesn’t exist, the application doesn’t run at the moment.
Parasites are programs and also have processes. However, unlike regular software, their processes run without user knoledge. You cannot terminate a parasite like a common application by simply closing its window. That’s why you have to learn how to kill malicious processes.
Each program consists of files. Even spyware, a virus or a different parasite – all have their own files. Removing a parasite often means deleting all its files. However, some files cannot be easily erased. You cannot delete the file while it’s used by an active application. Furthermore, some files are "invisible".
Imagine the situation: your anti-spyware program keeps detecting a parasite, and you know where its files reside. You open the corresponding folder, but see nothing in there! The parasite continues performing malicious actions and its files remain in that "empty" directory. You wonder how this happens?
Files can really be "invisible". However, it’s not their exceptional feature – the operating system simply hides them from you. Such OS behavior can be a result of recent malware activity. Fortunately, there are several ways to make your system display such files, and thus allow you to delete them.
In this guide manual process termination methods are described. These methods can be applied to all modern Windows operating system versions. The following instructions also explain how to find a file, make it visible (in case it’s hidden) and completely remove it from the system. This information is also fully applicable to folders (directories).
1. Start Windows Task Manager
Use the following key combination: press CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open the Windows Task Manager.
If that didn’t work, try another way. Press the Start button and click on the Run… option. This will start the Run tool. Type in taskmgr and press OK. This should start the Windows Task Manager.
Image 1. Start the Task Manager
2. Find and terminate the process
Within the Windows Task Manager click on the Processes tab (it is in the red box). This will bring the complete list of all active tasks. Find the process by name. Names are in the first column from the left. Click on the Image Name button (it is designated by the blue box) to sort tasks in alphabetical order. Then scroll the list to find required process. Select it with your mouse or keyboard and click on the End Process button (in the green box). This will kill the process.
Image 2. Terminate the process
Let’s assume you know the file name or at least a part of it. In such case run Windows default search tool: Start > Search > For Files and Folders. Type in the file name or its part to the search field. Specify search location. For better results select "Look in: Local Hard Drives" or "Look in: My Computer". Now start searching. The file should appear in search results.
Image 6. Search for the file
If you have no idea how to spell a filename, but you know, where it can possibly be, then you should try finding this file manually. Most parasites attempt to hide their tracks, so you will have to enable the displaying of hidden and system protected files. Open Windows Explorer. Click on the Tools menu and select Folder Options.
Image 7. Make hidden files visible
Choose the View tab. In the Advanced Settings list find the option Show hidden files and folders (on Image 8 it is designated by the red box) and select it. Then remove a checkmark next to the line Hide protected operating system files (Recommended) (in the blue box).
Image 8. Change view settings
Some files may still be invisible. To see them, launch the Command Prompt. Press the Start button and then select Run. This should open the Run dialog. Type in cmd and press enter or click on the OK button.
Image 9. Open the Command Prompt
Type in dir /A name_of_the_folder to the console. This will list all the files that reside in that folder. Hidden files will also be displayed.
Image 10. View folder content
Simply delete the file using the Windows Explorer or any other program that you use to browse the file system. Don’t forget to empty the Recycle Bin. If an error message appears saying that file is in use and cannot be removed, try terminating the associated process and then delete the file. To do this you will have to open the Windows Task Manager (press CTRL+ALT+DEL or CTRL+SHIFT+ESCAPE). Then in the Processes tab select the corresponding process and click on the End Process button.
However, some processes will run immediately after you terminate them. In such case you have to reboot your system into Windows Safe Mode (this tutorial article explains how to do this). In this mode many system services are disabled and programs do not run automatically on startup. Practically any file can be easily removed.
The malicious file can also be deleted from the Command Prompt. Open the Command Prompt and navigate to the folder, where the harmful file is. To do this issue the following command: cd name_of_the_folder. Then invoke this command: del name_of_the_file. To delete the folder use another command: rmdir /S name_of_the_folder.
Image 11. Delete the folder from the Command Prompt
Sometimes malicious files cannot be deleted normally or even after entering into Safe Mode. Sophisticated parasites use integrated rootkits and special techniques in order to lock their files and prevent them from being deleted. Usually, such files run processes that cannot be terminated by the Task Manager. In such cases specially designed third-party tools should be used. One of them is Pocket KillBox, a tiny, but priceless utility designed for terminating harmful processes, deleting malicious files and folders containing malware.
If the above steps did not help you to delete a parasite file or kill its process, please do the following.
There is no need to install the tool. Pocket KillBox comes as a single executable file. Just unpack (if you downloaded Pocket KllBox as an archive) and run the downloaded file. This will launch the utility.
2. Delete the file
Type in the full path of file you want to delete as shown on Image 12. Make sure that the Standard File Kill option is selected (it is designated by the blue box). Then click on the Delete file button (it is designated by the green box).
Image 12. Delete the file with KillBox
As parasites becoming more complex and sophisticated, there is always a possibility that even Pocket KillBox or similar powerful tool may fail removing certain files. In such case it is highly recommended to repeat the removal procedure in Windows Safe Mode (this tutorial explains how to do restart your system into it).
If the file cannot be deleted in Safe Mode too, repeat the removal once again, but this time select the Delete on Reboot option instead of Standard File Kill. Then restart your computer. Pocket KillBox will attempt to delete the file on next system startup.
If the process or file is still present, if you do not know how to follow steps above, if you are not sure why you have to do certain tasks, or the above guide is too difficult for you, feel free to try our recommended automatic spyware removers. You can also ask for help in our free spyware removal forum.