Step by Step spyware removal with Process Explorer
To get rid of spyware you have to stop its process, find and delete all its files then delete its registry keys. But this manual removal might be difficult to do as most malware now use random names for their process and files.
But thank Microsoft for Process Explorer !
Process Explorer is an advanced process management utility that comes to the rescue when malware disable the Task manager. It allows you to view / manage processes (terminate, suspend, etc. ..). Also, it allows you to view handles, DLLs loaded or opened by each process. But here we will use to find and delete the rogue antispyware or malware processes, files and directories.
Process Explorer: the best tool to find and delete spyware processes and files
How to use Process Explorer for rogues/malware removal.
Download Process Explorer from Windows Sysinternals :
==>Download link: http://live.sysinternals.com/procexp.exe
if the malware disables Process Explorer, then rename it to winlogon.
After you run procexp.exe (or the renamed version), look at the bottom of the list for a process with random numbers and/or with the icon of the fake application.
Before we kill this malicious process we are going to need to copy its location in order to remove all its files and folders later.For that right click on the process and select “Properties”:
Go to its path and Copy the malware location.
Click Cancel, and go back to the listed process. Right click on it and select “Kill Process Tree”. Close Process Exlorer.
Go to Start -> Run and paste in the location of the rogue/malware you saved earlier. Click “OK”
Now remove all these malicious files. Also remove the parent directory from your computer.
Restart your computer. The rogue or malware is no more active.
To complete the malware removal you need to delete its registry entries. For that use a Registry Cleaner.
That’s it…This is how Process Explorer can be a very powerful tool for spyware removal.