Amazon Antivirus Software
Amazon Antivirus Books
The goal here is to stop a virus process. Even if you cannot delete virus files, as long as you can stop the process that does bad things, you can proceed with normal work without worrying about virus. You have the following ways to stop a process:
1st way: Configure startup processes to stop it
A process can be run by a service, or it can run by a startup process. If you can identify the service or the startup process, then you can tell your computer not to run if the next time it boots. This is the recommended approach. Sometimes a virus process doesn't start running until several minutes have passed since boot. In this case the virus process is usually run by another process, which could be a legitimate process (e.g. services.exe). Exactly how Windows services work is beyond the scope of this tutorial. All you need to know is that you should find out whether the virus process is run by some Windows service. The quickest way to find out is to count the number of running services after the virus process starts running (by going to Windows -> Run... -> type 'msconfig' and clicking Services tab). You kill the virus process; then count the number of running services again. If the number drops by one, then you know for sure some service is the culprit. Find out what that service is and uncheck it and reboot. I removed a virus for my uncle this way.
First identify the service that runs the virus process Go to Windows -> Run... -> type 'Services.msc'. You should see a list of services. For each of them you can right click and choose 'Properties' (or right click and press key 'R'). In Properties window you can see 'Path to executable', which is what you are interested in. Since you already know path to the virus .exe, you can go through each service and see which one has that path. If you can find it, go to Windows -> Run... -> type 'msconfig'. Click Services tab and you should see a list of services in there. The checked ones are the ones that run automatically when your computer starts up. Uncheck the virus service and reboot.
After your computer boots up, the virus process should not be running and you should be able to safely delete the virus files. HOWEVER, if the service is a critical Windows service such as 'COM+ Event System' and 'Workstation', go to section Stop And Kill. If you cannot find it, go to Windows -> Run... -> type 'msconfig', go through the list in Startup tab. In Command column you can see the path to the .exe. Uncheck the one that matches the path to the virus and reboot. After your computer boots up, the virus process should not be running and you should be able to safely delete the virus files.
2nd way: Kill the process manually
Right click on the .exe in Process Explorer and select "Kill Process". HOWEVER, if this is a critical Windows process such as 'svchost.exe'. you may see an error dialog saying that you cannot kill it. Or you may kill it successfully but then your computer behaves in a weird, unstable, or inoperable way (e.g. all your items on your desktop are gone if you stop 'explore.exe'). If this is the case, go to Section Stop and Kill. Otherwise, you can safely delete the virus files.
If you can successfully stop the virus process, you will be able to delete the virus files. Again, even if you cannot delete virus files, as long as you can stop the virus process, the virus will not affect your PC and you can proceed with your normal work. Reboot and the virus should be gone. Otherwise, consult Section Stop and Kill.
As an alternative you can rename the virus file to any junk name. The Windows OS does not allow you to delete a file when some process is using the file but it allows you to rename it, rendering it unusable. Once you've renamed it you should be able to delete it
◀ Identify Virus ProcessDelete Virus Files ▶