Use Task Manager to find the hidden Trojan

Windows Task Manager is the primary tool for managing processes, and it can view current system process information in its Processes tab. Under the default settings, only the image name, user name, CPU footprint, memory usage, etc., and more information such as I/O read/write and virtual memory size are hidden. Do not underestimate these hidden information, when the system appears inexplicable fault, may be able to find a breakthrough from among them.

1. The killing will automatically disappear double process Trojan

Some time ago a friend of the computer in a Trojan horse, through Task Manager to find the Trojan process as "System.exe", terminate it and then refresh, it will revive. Enter Safe mode to remove C:windowssystem32system.exe, restart it will reload, how can not completely clear it. From this phenomenon, the friend should be a double process Trojan. This kind of Trojan has the guardianship process, will carry on the scanning regularly, once discovers the process which the guardianship has been killed will revive it. And now a lot of dual-process Trojan is monitoring each other, resurrection. So the key to killing is to find this "mutual reliance" of the two Trojan files. The Trojan process can be found with the help of the task manager's PID identification.

With Windows Task Manager, first check "pid (process Identifier)" in "view → select columns" so that you can see the PID ID for each process after you return to the Task Manager window. So when we terminate a process, it regenerates the parent process by using the PID ID to find the regenerated one. Start the command Prompt window and execute the taskkill/im system.exe/f command. After refreshing the computer to re-enter the above command, you can see that the termination of the System.exe process PID 1536, it belongs to the PID 676 of a process. In other words, the system.exe process with PID 1536 is created by the PID 676 process. Returns Task Manager, which is known as the "Internet.exe" process through query process PID.

Found the culprit is good to do, now restart the system into Safe mode, use the search function to find the Trojan file C:windowsinternet.exe, and then delete them. The system.exe cannot be removed before, mainly because the Internet.exe (and its startup key value) was not found, causing the internet.exe to return to the system after the Resurrection Trojan.

2. The Peer-to-peer program that writes a hard drive

Unit One computer boot on the Internet to find hard drive lights have been flashing non-stop, hard drive crazy rotation. It is obvious that the machine has what program is reading data, but repeatedly antivirus also did not find viruses, trojans and other malicious programs.

Turn on the computer and surf the internet, press Ctrl+alt+del to start Task Manager, switch to the Processes tab, click menu command "view → select columns" and check "I/O write" and "I/Os write bytes". When you are sure, return to Task Manager, discover a strange process hidel.exe, although it occupies the CPU and memory is not particularly large, but I/O write volume is amazing, it seems that it is in the wrong, hurriedly right click it and choose "End Process" terminated, and sure enough to read and write the hard disk back to normal.