Most viruses in the OS Windows try to hide their presence from the user's eyes. Moreover, interestingly, sometimes viruses are very well disguised as system processes Windows so much so that even an experienced user cannot find a suspicious process at first glance.
By the way, most viruses can be found in the task manager Windows (in the processes tab), and then you can see their location on the hard drive and delete. But which of the whole variety of processes (and there are sometimes several dozen of them) are normal, and which are suspicious?
In this article I will tell you how I find suspicious processes in the task manager, as well as how I then remove the virus program from the PC.
1. How to enter the task manager
You need to press the key combination CTRL + ALT + DEL or CTRL + SHIFT + ESC (works in Windows XP, 7, 8, 10).
In the task manager, you can view all the programs that are currently running on the computer (application tabs and processes). In the Processes tab, you can see all programs and system processes that are currently running on the computer. If a process heavily loads the central processor (hereinafter referred to as the CPU), then it can be terminated.
Task Manager Windows 7.
2. AVZ – search for suspicious processes
In a large pile of running processes in the task manager, it is not always easy to figure out and determine where the necessary system processes are, and where a virus masquerading as one of the system processes 'works' (for example, a lot of viruses are disguised, calling themselves svhost.exe (and this is a system process required for work Windows)).
In my opinion, it is very convenient to search for suspicious processes using one anti-virus program – AVZ (in general, this is a whole complex of utilities and settings to ensure PC security).
Program website (in the same place and download links): http://z-oleg.com/secur/avz/download.php
To get started, just extract the contents of the archive (which you can download from the link above) and run the program.
There are two important links in the service menu: the process manager and the autorun manager.
AVZ – menu service.
I recommend that you first go to the autorun manager and see what programs and processes are loaded at startup Windows. By the way, in the screenshot below, you may notice that some programs are marked in green (these are proven and safe processes, pay attention to those processes that are black: is there anything among them that you did not install?).
AVZ is an autorun manager.
In the process manager, the picture will be similar: it displays the processes that are currently running on your PC. Pay special attention to black processes (these are processes that AVZ cannot vouch for).
AVZ – Process manager.
For example, the screenshot below shows one suspicious process – it seems to be a system one, only AVZ knows nothing about it … Surely, if not a virus, some adware that opens some browser tabs or displays banners.
In general, the best thing to do when finding such a process is to open its storage location (right-click on it and select 'Open file storage location' from the menu), and then end the process. When finished, delete everything suspicious from the file storage location.
After a similar procedure, check your computer for viruses and adware (more on that below).
Task Manager Windows – open the location of the file.
3. Scan your computer for viruses, adware, trojans, etc.
To scan your computer for viruses in the AVZ program (and it scans well enough and is recommended as an add-on to your main antivirus) – you don't need to specify any special settings …
It will be enough to mark the disks that will be scanned and press the 'Start' button.
Antivirus utility AVZ – scan your PC for viruses.
Scanning is fast enough: it took about 10 minutes (no more) to check a 50 GB disk – on my laptop.
After a full scan of your computer for viruses, I recommend checking your computer with other utilities such as Cleaner, ADW Cleaner or Mailwarebytes.
Cleaner – link to the office. website: https://chistilka.com/
ADW Cleaner – link to office. website: https://toolslib.net/downloads/viewdownload/1-adwcleaner/
Mailwarebytes – link to office. website: http://www.malwarebytes.org/
AdwCleaner – PC scan.
4. Correction of critical vulnerabilities
It turns out that not all settings Windows are safe by default. For example, if you are allowed to autorun from network drives or removable media – when they are connected to your computer – they can infect it with viruses! To avoid this, you need to disable autorun. Yes, of course, on the one hand it is inconvenient: the disc will no longer auto-play after inserting it into the CD-ROM, but your files will be safe!
To change such settings, in AVZ you need to go to the file section, and then run the troubleshooting wizard. Then just select the category of problems (for example, system problems), the degree of danger and then scan the PC. By the way, here you can also clear the system of junk files and clean up the history of visits to various sites.
AVZ – Search and Elimination of Vulnerabilities.
By the way, if you do not see some of the processes in the task manager (well, or something loads the processor, but there is nothing suspicious among the processes), then I recommend using the Process Explorer utility (https://technet.microsoft.com/ru-ru/bb896653 .aspx).
That's all, good luck!