{"id":81,"date":"2012-01-03T20:15:03","date_gmt":"2012-01-03T20:15:03","guid":{"rendered":"http:\/\/www.lukestratton.co.uk\/blog\/?p=81"},"modified":"2012-01-03T20:28:11","modified_gmt":"2012-01-03T20:28:11","slug":"how-to-kill-malware-processes-in-windows","status":"publish","type":"post","link":"https:\/\/www.lukestratton.co.uk\/blog\/2012\/01\/03\/how-to-kill-malware-processes-in-windows\/","title":{"rendered":"How to Kill Malware Processes in Windows"},"content":{"rendered":"<div id=\"attachment_83\" style=\"width: 310px\" class=\"wp-caption alignright\"><a href=\"http:\/\/www.lukestratton.co.uk\/blog\/wp-content\/uploads\/2012\/01\/SecurityShield.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-83\" class=\"size-medium wp-image-83\" title=\"Malware\" src=\"http:\/\/www.lukestratton.co.uk\/blog\/wp-content\/uploads\/2012\/01\/SecurityShield-300x222.jpg\" alt=\"\" width=\"300\" height=\"222\" srcset=\"https:\/\/www.lukestratton.co.uk\/blog\/wp-content\/uploads\/2012\/01\/SecurityShield-300x222.jpg 300w, https:\/\/www.lukestratton.co.uk\/blog\/wp-content\/uploads\/2012\/01\/SecurityShield.jpg 590w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><p id=\"caption-attachment-83\" class=\"wp-caption-text\">A Typical &#39;Fake AV&#39; known as &#39;Security Shield&#39;<\/p><\/div>\n<p>I&#8217;ve had to deal with a number of nasty bits of malware recently. Most &#8216;Fake Anti-Virus&#8217; infections are easy to remove, however you can never be absolutely sure that everything has been cleaned, and the malware which you think you&#8217;ve got rid of, may have installed some other nasties, like keyloggers. In this circumstance I usually recommend a full wipe of the hard drive and a re-install of Windows. The recovery partition is usually OK, however some malware can compromise this, resulting in an infected clean installation!<\/p>\n<p>If you really don&#8217;t want to go ahead with re-installing Windows for whatever reason, I came across an extremely useful program which can help in the preliminary steps to disinfection.<\/p>\n<p><a title=\"RKill\" href=\"http:\/\/www.bleepingcomputer.com\/download\/anti-virus\/rkill\" target=\"_blank\">RKill<\/a> is a handy program written by\u00c2\u00a0Lawrence Abrams\u00c2\u00a0from <a title=\"BleepingComputer.com\" href=\"http:\/\/www.bleepingcomputer.com\" target=\"_blank\">BleepingComputer.com<\/a>, which after execution, instantly ends all known malware processes. This may be useful if the malware is preventing you from running programs. You might be thinking, &#8220;But how can I run this if it blocks all programs?&#8221;. Well the answer is on RKill&#8217;s download page. They provide a number of pre-renamed versions of the application which can attempt to trick the malware into thinking it is another program.<\/p>\n<p>After running RKill, it may take a few minutes before it hunts out and &#8216;kills&#8217; the malware processes, however once complete, you can then run a removal tool such as <a title=\"MalwareBytes\" href=\"http:\/\/www.malwarebytes.org\" target=\"_blank\">MalwareBytes Anti-Malware<\/a>\u00c2\u00a0to eliminate it.<\/p>\n<p><strong><span style=\"text-decoration: underline;\">Running RKill alone will not remove the malware from your system.<\/span><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>I&#8217;m not going to give the usual lecture on how to stay safe online, but just remember:<\/p>\n<ul>\n<li><span style=\"line-height: 18px;\">Don&#8217;t click links or open attachments in emails unless you are sure you know who they came from<\/span><\/li>\n<li><span style=\"line-height: 18px;\">Install ALL Windows Updates including optional ones, Adobe Reader updates, Java and Flash Player updates, unless you have a good reason not to<\/span><\/li>\n<li><span style=\"line-height: 18px;\">If you get a popup stating that you have a virus, and that you can download a TOTALLY FREE anti-virus tool, it&#8217;s a scam, don&#8217;t download it.<\/span><\/li>\n<li><span style=\"line-height: 18px;\"><span style=\"line-height: 18px;\">Get some decent Anti-Virus software, and pay for one if you can. My two favourites are <a title=\"Kaspersky\" href=\"http:\/\/www.kaspersky.co.uk\" target=\"_blank\">Kaspersky <\/a>and <a title=\"ESET\" href=\"http:\/\/www.eset.co.uk\" target=\"_blank\">ESET<\/a>. If you want to go for a free one, <a title=\"Microsoft Security Essentials\" href=\"http:\/\/www.microsoft.com\/security_essentials\" target=\"_blank\">Microsoft Security Essentials<\/a> or <a title=\"AVG\" href=\"http:\/\/free.avg.com\" target=\"_blank\">AVG<\/a>\u00c2\u00a0are the best.<\/span><\/span><\/li>\n<li><span style=\"line-height: 18px;\">Update your browser. <a title=\"Internet Explorer\" href=\"http:\/\/www.microsoft.com\/ie\" target=\"_blank\">Internet Explorer<\/a> should be on version 8 if using XP and (at the time of writing) version 9 if using Windows Vista\/7. Preferably use <a title=\"Mozilla Firefox\" href=\"http:\/\/www.firefox.com\" target=\"_blank\">Firefox <\/a>or <a title=\"Google Chrome\" href=\"http:\/\/www.google.com\/chrome\" target=\"_blank\">Chrome<\/a>, as both have security features far\u00c2\u00a0superior\u00c2\u00a0to IE, and can produce far faster browsing speeds.<\/span><\/li>\n<li><span style=\"line-height: 18px;\"><span style=\"line-height: 18px;\">Don&#8217;t install PUPs (potentially unwanted programs) such as the ALOT toolbar, Inbox toolbar or Ask toolbar&#8230;. in fact any Internet Explorer toolbar, as it could introduce malware at a later stage, not to mention the speed decrease.<\/span><\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve had to deal with a number of nasty bits of malware recently. Most &#8216;Fake Anti-Virus&#8217; infections are easy to remove, however you can never be absolutely sure that everything has been cleaned, and the malware which you think you&#8217;ve got rid of, may have installed some other nasties, like keyloggers. In this circumstance I [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":83,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[41],"tags":[39,40,61],"class_list":["post-81","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-computer-repair","tag-virus-removal","tag-windows","count-0","even alt","author-luke","last"],"_links":{"self":[{"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/posts\/81","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=81"}],"version-history":[{"count":6,"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/posts\/81\/revisions"}],"predecessor-version":[{"id":86,"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/posts\/81\/revisions\/86"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/media\/83"}],"wp:attachment":[{"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=81"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=81"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lukestratton.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=81"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}