If you cannot close a suspicious process in Task Manager, you can use the following method to force the shutdown, and be careful not to kill the system core process in the process table:
1. Tools with Windows xp/2000
Starting with Windows 2000, the Windows system comes with a user-state debugging tool NTSD, which kills most processes because the process that is attached to the debugger exits with the debugger. So as long as you use NTSD at the command line to call out a process, and then exit NTSD to terminate the process, and the use of NTSD will automatically get debug permissions, so NTSD can kill most of the process.
How to: Click Start/Program/attachment/Command prompt, enter command: NTSD-C q-p pid (change the last PID to the PID of the process you want to terminate). In the process list you can find the PID of a process, for example we want to turn off the Explorer.exe process in Figure 1, enter: Ntsd-c q-p 408. The above parameter-P indicates the process PID followed by the
, and-C q is the debug command that executes the exit NTSD, passing the above parameters from the command line to the previous line.
2. Use specialized software to kill processes
Task Manager to kill processes that you can use to shut down with specialized software. There are many software that can kill processes, such as process killers, IceSword, Willow Wipes, System View masters, kill process, and so on.
(1) Process Killer 2.5
It can browse all the processes running in the system, including processes that are not visible with Ctrl+alt+del, can streamline processes, automatically abort all processes except the basic process of the system, and have a certain scavenging effect on Trojans and virus processes, You can use it to abort any running process at any time, select the process, and press the Abort process button.
(2) IceSword
Now system-level Trojan door function is more and more strong, generally can easily hide processes, ports, registry, file information, ordinary process tools can not find these "behind the scenes." IceSword uses a lot of novel kernel technology to detect all hidden processes.
To view the current process, click the Process button, and in the process listed on the right, the hidden process will be marked with a red eye-catching landmark to facilitate the search for a system-level backdoor. If you want to end a process, you can select it (hold down the CTRL key to select multiple processes), and then use the "end process" of the right-click menu to close it.
(3) Willow Brush Eye
It can list all processes (including hidden) in the system, and can kill processes, automatically mark out system files, automatically abort all processes outside the basic process, and also have IE protection capabilities.
After you run the software, click the "Willow Eye" to display all the processes that are currently running, you only need to pay attention to those "defined level" as "unknown" and "dangerous" processes, press the "Demon Voldemort" button to close them.
(4) System View Master 1.0
Many Trojans are currently running in the background, hiding their windows while they are running, so you can't see them on the screen. The software can get hidden invisible window, let you find the Trojan traces, closed. After the
Software runs, in the left view click on the "Get Invisible Window" button, the right side of the window will display all the currently running, hidden invisible window title, select the Suspicious window, and then click on the lower right end of this window button, you can close it. If you want to close a process, you can click the Process List button, select the process, and then right-click in the pop-up window and click End Process.