A process in Task Manager is an execution activity of a program on a computer. When you run a program, you start a process. Processes are divided into system processes and user processes. The system process is mainly used to complete the functions of the operating system, and the processes of applications such as QQ and Foxmail are user processes. The importance of the process is reflected in observing it, judging which programs are running in the system, and judging whether illegal programs are in the system. Properly analyzing the process can help us manually remove the virus or Trojan when the anti-virus software is not working.
How do you know which processes are currently in the system? In Windows 7, press “Ctrl+Alt+Delete” to view the process directly, or open the “Windows Task Manager” “Process” option to view the process. Generally speaking, the common processes of the system are winlogon.exe, services.exe, explorer.exe, svchost.exe, and so on. To be familiar with the process, you must first familiarize yourself with the most common system processes, so that when you find other strange process names (such as HELLO, GETPASSWORD, WINDOWSSERVICE, etc.), it is convenient to judge.
General kill process method
1, some processes can not be deleted in the process options, then you can open the registry editor (in the "start → run", type regedit), find "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" ; The following key deletes the suspicious option.
2. In addition, you can view all the current processes through the system's "Administrative Tools" "Services" The focus here depends on the part of the service startup option is "automatic", check their name, path and login account, service attributes "restore" there is no option to restart the computer (some machines continue to attribute The secret to restart is here). Once a suspicious name is found, it is necessary to immediately disable the running of this process.
The method of completely deleting these program processes:
Open the registry editor, expand the branch "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices", in the right pane, the service items installed by the machine are displayed. If you want to delete a service, Just delete the relevant key values in the registry.
3, in addition to the above two methods, we can also first check the path and name of the process file. Restart the system, press F8 to enter safe mode, and then delete this program in safe mode.
Here, Xiaobian wrote an illegal process service (system process) that is easily recognized by everyone. HELLO-WORLD SERVICE 1. We can easily find it in the process list and in the "service". According to the above method, we can kill or disable this process.
A lot of viruses and Trojans appear in the form of user processes, so most people think that it is impossible to get ‘SYSTEM’ permissions. In fact, this is a wrong idea, many viruses or Trojans can also get SYSTEM permissions, and pretend that the system process appears in front of you. Therefore, such viruses are quite easy to confuse people. In this case, only by continuously improving and paying attention to the knowledge of system security can we accurately determine whether the process is safe.