blog

Fighting Viruses: The Free Prockill Utility Helps

When I made the Process Killer utility, all I intended it for was to include it with an installer to stop processes before the process started. This worked well, so prockill lived on. As I would work in the field, I would come across computers infected with viruses that would restrict execution of utilities like the great Process Explorer or PsKill to kill the threat. Given their well-known nature – the viruses tend to kill them before you can use them to help. Enter the Process Killer tool to help you kill that virus.

The specific scenario I speak of is something like the SirCam virus or an application that will site resident and kill any processes you run like iexplore.exe or pskill.exe. Some of these malware applications will impersonate a valid virus scanner while actually killing apps that are useful.

1. The first (and frankly most difficult step) is to get Process Killer on the computer. You may be able to transfer it from a flash drive or load it off CD. When you do get it, move on to the next step.

2. Run Process Killer – allot. This is used to identify the malware process. All you need to do is find the prockill.exe file and load it as many times as you can. Other tools like Process Explorer show a license screen which keep you from getting to that process list before the tool is killed by the virus. Often, I get to see the list of processes for a fraction of a second – but it’s long enough to see the process I want to kill. Write down the process name without the path or extension (often it will be random characters – like DFFE4DDF or VBOXTRAY in the below example image).

3. Get to a run box or command line and run c:locationprockill.exe /n:{filename} – allot. Yes, I just run the command line of the Process Killer successively until the virus itself is killed. Sometimes this will have to be run many times over – sometimes it won’t even work at all. But if it does kill that process, you’ll be able to remove the virus and commence scanning and updates on the system.

In some cases, I have been able to use Process Killer to remove viruses remotely that would have otherwise required physical access to the computer. Sometimes the process is slow and painful, but this might save your bacon once or twice.

Learn more about Process Killer here, or just download it – it may help you too.