Jump to content

how to get a pid for a *32 process

TryWare90Days
 Share

Recommended Posts

TryWare90Days Seeker

TryWare90Days

Posted
Posted

I'm trying to kill a malware process, that I can't remove with my www.sophus.com/hom antivirus.

The malware is known as coinminer,config and my Sophus only creates popups of blocking the malware.

I know that the malware is constantly launching a svchost *32.exe processes, where the svchost.exe processes are from my Windows 7 operating system.

I have with no luck tried to do this:

Global $_bStatus = False

While $_bStatus = False
           Global $_iPid
           Global $_sActiveTitleNew = "svchost *32.exe"
           $_iPid = WinGetProcess($_sActiveTitleNew)
           If $_iPid <> -1 Then $_bStatus = ProcessClose($_iPid)   
Wend
EXIT
 

But the $_iPid doesn't ever show anything else than  -1, even if I can see the svchost *32.exe process in my TaskManager

 

YES - I know I shouldn't EXIT after killing the first malware detection, but it is easier to explain the above for you, so I can get a solution.

Link to comment
Share on other sites
BrewManNH Universalist

BrewManNH

Posted
Posted

Find out how it's being started instead of trying to kill the processes it's spawning. Find the exe that is being run first, delete it and go from there. If you can't delete it, download something like Unlocker and see if that will let you kill it. Or reboot in safe mode and delete it. There's probably a registry setting that needs to be deleted for it as well. 

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Link to comment
Share on other sites
caramen Universalist

caramen

Posted
Posted (edited)

To solve that problem I recomand you to,

Check these keys :
  

\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Nothing about svhost should be found. Or also suspicius exe name.

Or double check the  names of your services. Then google them. If looking suspicius. 

Services.msc

If you find somthing you delete and reboot. If it s a service you can unregister it.

Edit: You got some rare case where WUpdate doing this problem.

I dont get it. Do you want a solution for your problem or a way to do it with autoIT ?

 

Edited by caramen

My video tutorials : ( In construction )  || My Discord : https://discord.gg/S9AnwHw

How to Ask Help ||  UIAutomation From Junkew || WebDriver From Danp2 || And Water's UDFs in the Quote

Spoiler

 Water's UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:
ADO - Wiki

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...