Tag Archive for process explorer

How to manually remove Spywares?

We reviewed some of the best free Anti-Spyware software programs that are there for your rescue and how to protect yourself from fake/rouge Anti-Spyware programs earlier. In this article we will cover some of the best freeware tools that will help you manually clean the infected spyware. If you are not fully protected or you try to install anti-spyware software post a spyware infection, sometimes there are chances that the spyware would have already done the damage and done the sufficient ground work so that the Anti-Spyware may fail to remove them. Usually, what these spywares do is that they keep multiple secret copies of them and once you scan your PC with the downloaded Anti-Spyware program, chances are there that they will resurrect from the secret copies again and again! So, you must be aware of manual cleaning of spywares too. Here is a beginners guide to do that. Please be aware that all these steps can cause serious issues, if not done properly.


Image Source: http://www.elithecomputerguy.com/services.html

We mainly need to have access to Registry Editor and Windows Task Manager to start with. There are chances that these spywares would have disabled them too. They can be easily enabled.

  • Cannot Access Regedit, How to Fix It? Read here.
  • Task Manager Has Been Disabled, How to Fix It? Read here.

Unfortunately, you will need to carefully examine the running process list. This is a tedious but essential step. You may see a lot of processes that may be unfamiliar but that’s fine. You can Google such process name and get more information whether it is harmful or not. We must admit that Windows Task Manager is not that good in listing all the running processes. So, we recommend using Process Explorer from Microsoft (again).

Step 1: Download “Process Explorer” from Microsoft.

Step 2: Unzip the archive and run ProcExp.exe and you will see something like below; color coded process list.


Step 3: Windows processes will be colored Pink, Applications will be in Grey blue etc.

Step 4: Add a column “Command Line” by right clicking on the bar with column names. This will bring in a new column that provides the full path of the processes running. Now, it is easier to examine the running processes. Usually, suspicious processes will be running with a weird looking file names and thing like that. Study them and see if they are problem creators. Uniblue’s process library has some good list of documented processes that could help you. Sometimes, legitimate processes will be tagged as Spyware, so please verify properly.

Step 5: Once you identify such suspicious processes, you would want to delete them. Head over to HijackThis and download it. It is a very neat tool that can assist you in deleting or removing spywares but it is not for average users. It will list the processes running and let you delete them easily by deleting all corresponding entries in registry, executables etc. But, one should be very careful while doing so as it could affect critical windows services. Thankfully there are many forums where you could post the HijackThis report and helpful volunteers will analyse the report for you and suggest what to do. Here is some of them.

Whatthetech, Geeks on the Go. Also check post of HijackThis – How to analyze logs here.

Step 6: Rootkits are hard to find spywares. They may not be visible in HijackThis log too. There is a tool called IceSword which is capable of removing many rootkit threats. However, be aware that any wrong move with this may cause you lot of pain.

References and further reading:

Related Posts with Thumbnails