Windows Task Manager cannot close a suspicious process

Q: I found that Windows 2000's "Task Manager" is a very useful tool that allows me to see which programs (processes) are running on the system. Recently I found the list of processes after starting Task Manager. There are some suspicious processes, which may be viruses or Trojans. You can't close these processes with the "Close" function of "Task Manager". How can I solve this problem?

A: If you can't close a suspicious process in Task Manager, you can use the following method to forcefully close it. Be careful not to kill the system core process in the process table. The specific operation is as follows:

(1) Using the tools that come with Windows 2000

Starting from Windows 2000, the Windows system comes with a user-mode debugging tool Ntsd, which can kill most processes because The process attached to the debugger will exit with the debugger, so as long as you use Ntsd to call up a process on the command line, then exit Ntsd to terminate the process, and Ntsd will automatically get Debug permissions, so Ntsd can kill large Part of the process. The specific operation method is as follows: On the system desktop, use the mouse to select "Start → Programs → Accessories → Command Prompt", and then type ntsd -c q -p PID after the cursor. It should be noted that -c q indicates the execution of the debugging command to exit Ntsd, and the PID indicates the PID of the process you want to terminate, which can be found in the process list of the "Task Manager". For example, to close the Explorer.exe process, type ntsd -c q -p 408.

(2) Use special software to kill the process

You can use the "Process Killer", IceSword, "Liuye Eyes", "System View Master", Kill process and other tools To close the process that the Task Manager can't close.