How To Kill A Running Process

How To Kill A Running Process

Method #1: There are many ways to kill an active process, and in this article we will examine some of the most common and effective approaches to achieve this task. When deciding to end a process, especially during a time when your system is compromised with a malware infection, be sure that you are ending the correct process, as problems can arise and make the situation worse. The first, and most common method is to use the task manager. There are several ways to bring up task manager. One method is to right click on the taskbar at the bottom of the screen and click the option that says “Task Manager”. The second method is to hit CTRL+ALT+DEL, and again, select the “Task Manager” option. The third method is to hit the Start Button, Run, type “taskmgr” and hit enter.

After clicking the “End Process” button, using the above method will prompt the user with the dialog box shown below. Once again, make sure that you are shutting down the correct process.

Sometimes, during a malware infection, Task Manager will be disabled. One method of fixing this (but it doesn’t work every time) is to use Start>Run, and use the following command to re-enable use of Task Manager:

REG add HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem /v DisableTaskMgr /t REG_DWORD /d 0 /f

Method #2: The second method is geared towards the more technically savvy, however it should be noted that this option only works with Windows XP Pro through Windows 7. The commandline is generally the same for this method, regardless of which version of windows you’re running. After bringing up the command prompt or the Start>Run feature (cmd.exe), the user can make use of a feature in windows called TaskKill. This allows the user to kill any active process and subsequent child processes. Below are the details of the commandline for taskkill.exe.

TASKKILL [/S system [/U username [/P [password]]]]

{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]

Description:

This command line tool can be used to end one or more processes.

Processes can be killed by the process id or image name.

Parameter List:

/S    system           Specifies the remote system to connect to.

/U    [domain]user    Specifies the user context under which

the command should execute.

/P    [password]       Specifies the password for the given

user context. Prompts for input if omitted.

/F                     Specifies to forcefully terminate

process(es).

/FI   filter           Displays a set of tasks that match a

given criteria specified by the filter.

/PID  process id       Specifies the PID of the process that

has to be terminated.

/IM   image name       Specifies the image name of the process

that has to be terminated. Wildcard ‘*’

can be used to specify all image names.

/T                     Tree kill: terminates the specified process

and any child processes which were started by it.

/?                     Displays this help/usage.

Filters:

Filter Name   Valid Operators           Valid Value(s)

———–   —————           ————–

STATUS        eq, ne                    RUNNING | NOT RESPONDING

IMAGENAME     eq, ne                    Image name

PID           eq, ne, gt, lt, ge, le    PID value

SESSION       eq, ne, gt, lt, ge, le    Session number.

CPUTIME       eq, ne, gt, lt, ge, le    CPU time in the format

of hh:mm:ss.

hh – hours,

mm – minutes, ss – seconds

MEMUSAGE      eq, ne, gt, lt, ge, le    Memory usage in KB

USERNAME      eq, ne                    User name in [domain]user

format

MODULES       eq, ne                    DLL name

SERVICES      eq, ne                    Service name

WINDOWTITLE   eq, ne                    Window title

NOTE: Wildcard ‘*’ for the /IM switch is accepted only with filters.

NOTE: Termination of remote processes will always be done forcefully

irrespective of whether /F option is specified or not.

Examples:

TASKKILL /S system /F /IM notepad.exe /T

TASKKILL /PID 1230 /PID 1241 /PID 1253 /T

TASKKILL /F /IM notepad.exe /IM mspaint.exe

TASKKILL /F /FI “PID ge 1000” /FI “WINDOWTITLE ne untitle*”

TASKKILL /F /FI “USERNAME eq NT AUTHORITYSYSTEM” /IM notepad.exe

TASKKILL /S system /U domainusername /FI “USERNAME ne NT*” /IM *

TASKKILL /S system /U username /P password /FI “IMAGENAME eq note*”

The quickest, and easiest option is to use the /F parameter along with /IM and the name of the process you want to terminiate. /F forces the process to unload immediately, which can be handy if recovery is time sensitive. /IM allows the user to specify which process they would like to terminiate, and even allows for wildcard matching, which allows multiple offending processes to be shut down from one commandline parameter.

Method #3: Another method (if the computer requires a restart and the process is still active) is to use msconfig from either Start>Run or the commandline. After MSConfig starts, the processes can sometimes be prevented from starting up by disabling them from the “Startup” tab. After rebooting, the process will no longer be active.

Method #4: Sometimes, a process that you want to terminate can be rather stubborn, and none of the above options work. There are several applications that you can download from the internet that will allow you to do the same thing as Task Manager in the event that access to taskmgr.exe has been blocked. One of these applications is called Process Killer, and below is a screenshot of it in action.

Process Killer not only serves the same function as Task Manager, but it also provides the user with a little more information about what’s happening with each process.

Method #5: As a last case resort, if a particular process refuses to shut down under any circumstance, it has most likely been installed as a service. Running services.msc from the Start>Run area will bring up the Windows Services snap-in management console. It is strongly recommended that you only use this as a last resort, because terminating the wrong service can cause all manner of strange and undesirable effects on your system. If services.msc doesn’t work in windows normal mode, usually it will work if you run it in safe mode. Below is a screenshot of the snap-in management console.

Conclusion

Getting a process to end can sometimes be a headache, but using one of the above methods is guarunteed to help put an end to those minor annoyances, especially during a malware infection. While there are a few other methods to kill a running process, these are the easiest, and often most effective methods to use when the need arises.

• How To Kill A Running Process
• How To Find and Delete a File
• How to Get Music From Ipod to Computer
• How to Move Your Store Folder (Outlook Express)
• OE User Files
• How to Maintain Your Store Folder -Outlook Express
• Outlook Express Backup
• How OE Stores Files on Your Hard Disk
• How to Find and Delete Files
• Transferring Programs To A New PC (Windows XP to W
• Transferring Data Old Computer To A New Computer
• Migration Software From Windows XP To 7
• Transferring Software To A New PC
• Transfer Files From Old Computer to New Computer
• Problems Accessing Windows Update
• Fix Hard Disks Running in Compatibility Mode
• Fatal Exception OE Errors
• Cleaning out Your Hard Drive Space and Freeing up Disk Space
• Transferring Software To A New PC