1. Who is calling the service process?
Generally, we can check the username of a service process to check whether the suspicious process is a virus or Trojan. To view the specific user name of a service process, you usually need to open the system's Task Manager interface and enter the "process" tab page, then, the corresponding "User Name" can be known Based on the process ID. If you cannot see the corresponding user name on the process tag settings page, you can click "View" and "Select column" items in the Task Manager interface in sequence, in the settings window shown in step 1, check whether the "user name" option is selected. Normally, if this option is selected, the user name of the corresponding process is displayed on the process tag page;
Figure 1
If you still cannot view the specific process "User Name" through the above settings, you may wish to open the "Start" menu of the system, select programs, administrative tools, and services. On the Service list page that appears, select the Terminal Service Project and double-click it, in the displayed Service property settings window, check whether the "Terminal Service" Service Project has been stopped. If it has been stopped or not configured, restart the Service, only in this way can the user name of a specific process be viewed on the process tag page.
2. "stubborn" Process forced shutdown
The easiest way to close a service process is to select the target process on the process tag page of the task manager and click the "End Process" command to close the service process. In fact, the "End Process" command is not omnipotent, because the service processes that are being used or "stubborn" cannot be closed by ending the process, most of these processes are self-protected or are being called by a specific program. Of course, these unconventional processes are not disabled. With some special methods, we can forcibly close them.
If you are using a Windows 2000 or Windows XP operating system, you can use the built-in "Ntsd" command to forcibly close the stubborn service process. When you close a stubborn process, you can run the "Start"/"run" command in sequence, enter the "cmd" string command in the pop-up system run box, and click "OK, the system will be automatically switched to the MS-DOS runtime environment;
Then, at the command prompt, enter the string command "ntsd-c q-p process ID" (the process ID can be viewed in the System Task Manager window ), click the Enter key to forcibly shut down the service process with a specific Identifier. Of course, this method cannot shut down all service processes, such as CSRSS. EXE process, SMSS. EXE and System processes cannot be closed.
If you are using other operating systems, you may wish to use some professional killing tools to close stubborn processes. Currently, there are many professional tools in this area, such as Kill process, Icesword, and process killer. With these professional tools, we can easily close most processes. For example, after the "process killer" tool is installed in the server system, it can automatically streamline processes on the server and stop all processes other than the necessary processes on the server. For any running service process, you can select it on the Process List page of the program, and then execute the "Abort process" command.
In addition, some virus processes have their own replication functions. When an attack occurs, they often call more than one process. If one of them is forcibly disabled, it will be automatically generated by other related sub-processes. To close these stubborn processes, you can use the "End Process Tree" function in the Task Manager window. For example, you can select a virus-called process on the service process tag page and right-click the process name, then execute the "End Process Tree" option command in Figure 2 right-click the menu, so that all processes called by the virus can be shut down.
Figure 2
3. Find "harm" from the service process"
When many viruses or Trojans occur, the corresponding processes are often automatically opened in the server system. In order to facilitate accurate and quick detection of the "harm" hidden in the server, we may copy and paste the suspicious service process names to the google.com search engine, and then use the search engine to find out the specific origins of these suspicious processes. Generally, if a suspicious process is a virus or Trojan, the search engine will prompt you to use the corresponding killing tool to clear them, you can also know which processes are generated by the corresponding virus or trojan in the server system. Worker Process, * _up.exe process, and so on. Based on these search results, we can effectively close the "evil" process.
Figure 3
