|
Terminating a malware process / Disabling a spyware process
The recent variants of spywares or malwares make a system service dependent on it and makes it impossible to be terminated using End Process function in your Task Manager.
In order to remove such malwares, you will to identify the process that they hook on to upon startup, e.g. there is this malware RPCSS+ that hooks onto RPCSS system process.
To disable it, you will need to start your PC in Safe Mode with command prompt and type sc config rpcss depend= "" to disable the dependencies.
Then restart your PC in recovery mode using your XP CD and disable the RPCSS+ service by typing disable RPCSS+ in the recovery console command prompt.
Restart your system again into Safe Mode and run regedit (Start, Run, type regedit) and then locate the RPCSS+ key in HKLM\System\CurrentControlSet\Services and delete the key.
Also remove suspicious programs found in
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Do a search for rpcss_pl.exe and delete any entries found.
For a constant up-to-date protection against future spywares and trojan, you may consider purchasing Pest Patrol from Computer Associates.
As Pest Patrol also protects your system from Trojans, it will also protect your system from email borne Trojans and keystroke loggers which are getting more and more common.
This same process can be used for cleaning autoloading malwares like TBPS, WinTools, WinToolsSVC, msccn32.exe and their variants that starts as a system service.
- Disabling any dependencies.
- Preventing it from starting as a system service
- Deleting any registry keys that loads it
- PATCHING your current version of OS thoroughly.
Click here for information on disabling malicious DLL programs.
|
