Delete processes when taskamanger is disabled

[ritesh.techie]

Most of the viruses when attacks your computer they disables Taskmanager, so that you can’t kill the process/program (ie running virus) most of you got stuck when a nasty virus enters your Computer and take away all your happiness. You try hard to find the exe file name of this virus to kill it, but worst it disbales your taskmanager therefore you are not able to know which processs are running.

Do read our previous tutorial on How To: Delete Stored Network Passwords from Windows to Secure Network to improve your security.

Therefore I came up with a tutorial which will show you how to find out which processes are currently running on your system without using taskmanager, so that you can look for any running malicious program or a program of which you don’t have any information.


The command which we are using is TASKLIST.

Quote:

Syntax: TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]

This command line tool displays a list of application(s) and associated task(s)/process(es) currently running on either a local or remote system.

Here are some eg. which will show you how to use it effectively.Examples:

Quote:

TASKLIST
TASKLIST /M
TASKLIST /V
TASKLIST /SVC
TASKLIST /M wbem*
TASKLIST /S system /FO LIST
TASKLIST /S system /U domain\username /FO CSV /NH
TASKLIST /S system /U username /P password /FO TABLE /NH
TASKLIST /FI “USERNAME ne NT AUTHORITY\SYSTEM” /FI “STATUS eq running”

So now you have got the list of all process running on your system now its time to kill the malicious program.

The command which we are using for this is TASKKILL.

Quote:

Syntax: TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]

This command line tool can be used to end one or more processes. Processes can be killed by the process id or image name.

Well if you want some more detaliled description go to command propmt and type TaskKill/?
Here are some eg. which will show you how to use it effectively. Examples:

Quote:

TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI “PID ge 1000″ /FI “WINDOWTITLE ne untitle*”
TASKKILL /F /FI “USERNAME eq NT AUTHORITY\SYSTEM” /IM notepad.exe
TASKKILL /S system /U domain\username /FI “USERNAME ne NT*” /IM *
TASKKILL /S system /U username /P password /FI “IMAGENAME eq note*”

Summary: Find the list of running processes from TaskList command and kill the malicious program by using taskKill.

[CA50]

Thanks man its grt

[krishnandu.sarkar]

Wow......!! Awesum yaar.......!! Really gr8 tutorial...!!

[hluachawngthu]

This is really great tutorial. Could you go further that what type of a virus disabled Task Manager?

[TheHumanBot]

thanks for this tutorial
really awesome

[Krazzy Warrior]

Pretty Nice Tut..

[satyamy]

nice one......... and helpful too...

[it_waaznt_me]

Hmmm .. Or just type this in Start > Run :

Code:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

Too bad there is no awk in Windows system or tasklist would've been of some advantage.
-----------------------------------------
Posted again:
-----------------------------------------
Hmmm .. Or just type this in Start > Run :

Code:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

Too bad there is no awk in Windows system or tasklist would've been of some advantage.

[rohitshubham]

thank you for the nice tip

[dreams]

thnx for the share..really useful for me, since diabled tm thru gpo.