Re: How to kill hidden winlogon processes

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On May 6, 7:14 pm, "David H. Lipman" <DLipman~nosp...@xxxxxxxxxxx>
wrote:
From: <ToddAndMa...@xxxxxxxxxxx>

| Dave,
|
| I know you are only trying to help, but this is a theory question.
| I want to
| know how to kill a hidden (to the task manager) process the next time
| I come across it. I do not need help removing a virus. I am
| absolutely sure
| of that. If you disagree, I take full responsibility for my own
| actions.
|
| By the way, my PC is running Linux. It is impossible for it
| to catch this kind of crap. If I want to run Windows, I run it
| in a virtual machine: it/they has/have NO Internet access. If I catch
| something,
| the virtual machine looks like a single file to Linux. All I have to
| do is
| restore my backup copy (Like Ghost, only a bazillion times easier
| to use.)
|
| Please only answer the question I asked.
|
| -T

Linux gets malware albeit a *much* lower risk.

Taskmanger only sees NO-hidden process are they are all EXE based.

You have to use Process Explorer or some other GUI and see the parent/daughter dependencies
and kill or suspend them to kill a given process. This will be different if it is a DLL
than an EXE loaded process.

For example; you may have to suspend; SMSS.EXE, CSRSS.EXE, WINLOGON.EXE, SERVICES.EXE and
EXPLORER.EXE. Done wrong and you can go into a BSoD condition.

You said a Winlogon Process. Under....
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

That process could be a EXE loaded as...

Userinit = C:\WINNT\SYSTEM32\Userinit.exe, PROCESS.EXE
or
shell = explorer.exe PROCESS.EXE

Which would be easier than...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

which would load a DLL file.

You would then have to ask if you need to kill the process or can you remove the Registry
entry and reboot. The process may be ptrotected where you have to suspend the parent
process(s), remove the Registy key and reboot.

Process Explorer would be a helpful tool but it may be a combo. of tools depending on what
it is.


Thank you! Very helpful.
-T

.

Relevant Pages

  • Re: How to kill hidden winlogon processes
    ... | I know you are only trying to help, but this is a theory question. ... | the virtual machine looks like a single file to Linux. ... and kill or suspend them to kill a given process. ...
    (microsoft.public.windowsxp.general)
  • Re: Trying out Linux for newbie
    ... mplayer seems to use windows codec.s Ask microsoft. ... > Does Linux play DVD films? ... Kill the app using "kill". ...
    (alt.os.linux)
  • Re: OT: Ping eeePC owners
    ... released it will probably kill the Linux versions (I think I read it ... If you stick with Linux 4GB is absolutely fine, ... MacBook is taking a bit of a pounding. ... MacBook as a 3G to Wifi router, so I can grab work emails when in hotels ...
    (uk.comp.sys.mac)
  • Re: CD writer is burning with open tray
    ... > machine and you need a disc removed from it. ... Actually that is not quite true under Linux in all circumstances. ... I've sent a kill -9 to ... Ejecting the disc with needle in emergency eject hole always made Linux give up ...
    (Linux-Kernel)
  • Re: How To Determine Process Status On Other Computers (SGI And Linux)
    ... On SGI with c++, if I have the pid of processes that were started on ... you should use kill() to send signal 0 to the process: ... you are allowed to send it signals. ... I rarely use Linux; I ...
    (comp.sys.sgi.misc)