With the Task Manager ferret out hidden Trojan horse

Windows Task Manager is our right to manage the process of the main tools in its "process" tab to view the current system process information. In the default setting, generally only see the image name, user name, CPU occupation, memory use of a few, and more, such as I / O read and write, virtual memory size and other information been hiding. May not sound like the hidden information, when the system appears inexplicable failure, until you find out from their breakthrough in the middle.

1. Killing the process will go away pairs of Trojan

Some time ago a friend's computer in a certain Trojans, through the Task Manager found the Trojan process as "system.exe", to terminate it and then refresh, it will revive. Access to safe mode to c: \ windows \ system32 \ system.exe deleted, it will re-load after restart, how could not completely remove it. Since then, the phenomenon of view, should be the pairs of friends in the process of Trojan. This Trojan has custody of the process of regularly scanning, once the process of care has been found to have been killing it will be resurrected. And now many pairs of each other to monitor the process of Trojan, another resurrection. The key is to find, therefore killing the "interdependence" of the two Trojan files. With Task Manager Trojans PID identifies the process can be found.

Bring up Windows Task Manager, first in the "View → Select Columns" and check "PID (Process Identifier)", so return to the Task Manager window, I can see the PID of each process ID. So that when we terminate a process, which identifies regeneration can be found through the PID of its parent process of regeneration. Start a command prompt window, and implementation of the "taskkill / im system.exe / f" command. Refresh your computer and re-enter the above command, you can see the end of the system.exe process PID for 1536, it belongs to a process PID for the 676. That PID is 1536's system.exe process is a process by PID for the 676 created. Back to the task manager, by querying the process PID that it is "internet.exe" process.

Be easier to find the culprit, and now re-start the system into Safe Mode, use the search function to find Trojan file c: \ windows \ internet.exe, and then you can delete them. Front can not be removed system.exe, mainly due to not found internet.exe (and did not remove its startup key), leading to re-enter the system after the resurrection internet.exe Trojan.

2. Ferret out mad P2P program to write the hard drive

Unit of a computer hard drive found the Internet a boot flash lights have been non-stop, hard disk spin mad. What is clear is the machine to read the data process is ongoing, but the repeated anti-virus also did not find viruses, Trojan horses and other malicious programs.

Open the computer and the Internet, press Ctrl + Alt + Del key to start the Task Manager, switch to the "process" tab, click the menu command "View → Select Columns", and check the "I / O to write" and the "I / O write bytes" 2. After the return to Task Manager to determine and found a strange process hidel.exe, although it is occupied by the CPU and memory is not particularly large, but the I / O write traffic is staggering, it appears that it is mischief, they must Right-click it and select "End Process" to terminate, it really hard to read and write back to normal.