NT/2000/XP: Clearing Relaunching Spyware Processes

Posted September 11, 2004 by GauntletWizard in Windows spyware

Many spyware programs now come in twos, so that if one is killed the other will restart it. They also set up blocks to prevent other programs such as Spybot or AdAware from launching. In order to remove the infection, you must kill both processes in rapid sucession.
The following Tech-Recipes tutorial explains using the KILL (NT/2000) or TSKILL (XP) command.

On NT and 2000, you first need the NT Resource kit, availible at http://www.microsoft.com/ntworkstation/downloads/Recommended/Featured/NTKit.asp.

Go to start->run, and type in KILL * (NT/2000) or TSKILL * (XP).

This will have the effect of killing all running processes, including the Explorer bar. This is useful as many spyware programs cause Explorer to load their components when any directories are viewed. From here, you can use AdAware or Spybot at will.

The Conversation

Follow the reactions below and share your own thoughts.