Kill a process when your Taskmanager is disabled

May 8, 2009

You all may have stuck with your disabled Taskmanager, when a nasty virus enters your Computer and take away all your happiness. You try hard to find the exe file name of this virus to kill it, but worst it disbales your taskmanager therefore you are not able to know which processs are running.

Therefore I came up with an tutorial to show you which all processes are currently running on your system so that you can look for any running malicious program.
The command which we are using is TASKLIST.

Syntax: TASKLIST [/S system [/U username [/P [password]]]]
[/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]



This command line tool displays a list of application(s) and associated task(s)/process(es) currently running on either a local or remote system.

Parameter List:

/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/M [module] Lists all tasks that have DLL modules loaded
in them that match the given pattern name.
If the module name is not specified,
displays all modules loaded by each task.

/SVC Displays services in each process.

/V Specifies that the verbose information
is to be displayed.

/FI filter Displays a set of tasks that match a
given criteria specified by the filter.

/FO format Specifies the output format.
Valid values: "TABLE", "LIST", "CSV".

/NH Specifies that the "Column Header" should
not be displayed in the output.
Valid only for "TABLE" and "CSV" formats.

Here are some eg. which will show you how to use it effectively.
Examples:
TASKLIST
TASKLIST /M
TASKLIST /V
TASKLIST /SVC
TASKLIST /M wbem*
TASKLIST /S system /FO LIST
TASKLIST /S system /U domain\username /FO CSV /NH
TASKLIST /S system /U username /P password /FO TABLE /NH
TASKLIST /FI "USERNAME ne NT AUTHORITY\SYSTEM" /FI "STATUS eq running"



So now you have got the list of all process running on your system now its time to kill the malicious program.
The command which we are using for this is TASKKILL.

Syntax: TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]


This command line tool can be used to end one or more processes. Processes can be killed by the process id or image name.

Parameter List:

/S system Specifies the remote system to connect to.

/U [domain\]user Specifies the user context under which
the command should execute.

/P [password] Specifies the password for the given
user context. Prompts for input if omitted.

/F Specifies to forcefully terminate process(es).

/FI filter Displays a set of tasks that match a
given criteria specified by the filter.

/PID process id Specifies the PID of the process that
has to be terminated.

/IM image name Specifies the image name of the process
that has to be terminated. Wildcard '*'
can be used to specify all image names.

/T Tree kill: terminates the specified process
and any child processes which were started by it.


Well if you want some more detaliled description go to command propmt and type TaskKill/?

Here are some eg. which will show you how to use it effectively.
Examples:
TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"





0 comments:

Post a Comment

 
 
 

Connect With ME