How to kill the EXE and DLL viruses in the running state

What should I do if the running software cannot be deleted?

1. Scan and kill the EXE virus that starts the process

1. Single-process EXE virus or trojan programs that can be found in the process, such as svch0st.exe. Some anti-virus software can discover and stop the process and kill the virus; some anti-virus software will trigger an alert to the user or form a log. After further judgment, the user must manually stop the corresponding process and kill the virus.

2. The dual-process EXE virus or Trojan program that can be found in the process cannot be stopped at the same time because of the manual method. After we manually drop one of the processes, another process restarts the process. Anti-virus software is powerless in this case. If both of them are non-system processes, we can stop the process by using the "Task Manager/process/End Process Tree" to kill the virus; you can also use "file/set/prohibit thread creation" in the IceSword tool to stop one process, stop another process, and kill the virus.

3. For EXE files infected with pandatv, the preceding two manual processing methods are ineffective because viruses in files infected with the virus cannot be manually cleared, in this case, only virus samples can be provided to antivirus software vendors. After the antivirus software is upgraded, the samples can be processed or the operating system can be re-installed.

2. Process insertion technology is used to hide the process DLL virus detection and removal.

Currently, anti-virus software is ineffective in virus detection and removal of Dynamic Link Libraries. Sometimes anti-virus software may even misjudge, such as "Symantec mistakenly kills two key dynamic link library files of the system.

For most DLL files inserted into cmder.exe, you can use the tool IceSword's "module/unmount" to uninstall the DLL files and then manually delete the DLL virus files.

For DLL files inserted into winlogon.exe, a few can use the tool IceSword to "unmount modules/" to unmount the DLL files, and then manually delete the DLL virus files. Most cannot "unmount,

If the preceding two methods cannot be "Detachable", you must manually delete the DLL Virus File in safe mode.

In addition, there are still some viruses or Trojans that sometimes infect the USB flash drive, and Autorun. inf and the corresponding EXE files are generated on the USB flash drive.