1

Possible Duplicate:
Computer is infected by a virus or a malware, what do I do now?

I normally use a Mac, but I'm helping fix a friend's PC. A process called _EX-08.EXE is showing up in task manager and comsunimg 99% of CPU. If I search for it on Google I get a number of extremely suspicious sites encouraging me to download a "removal" tool, but they look like they could be malware themselves.

Two questions: how do I get rid of it, and how do I find the solution to this kind of thing myself in the future when none of the sites that come up in search look trustworthy?

Community
  • 1
Simon Willison
  • 111

3 Answers3

1

For "basic" viruses you'll want to boot up in safe mode and delete the executable (you could use Process Explorer, or task manager from Vista onwards, to locate the file), but for more advanced types I always find using Sysinternal's Autoruns to remove their ability to start up (along with any helper applications they have) does it. Anything that lives through that might take a little more poking to fix.

Phoshi
  • 23,483
0

99% CPU you say? Sounds like a poorly coded keylogger. Try checking msconfig for suspicious startup entries first and foremost. You can use Process Explorer to find information about the process itself, and if you have the location of the program, kill it with process explorer then delete it. It's wishful thinking to assume something this simple will work, but it's worth a try. If that doesn't work, back up your friends documents and do a clean install, for me there is no safer feeling than a fresh OS install (if it's a possibility). If that isn't an option, download Avira and Malwarebytes anti-malware and do a full system scan in safe mode, that should take care of it.

0

My advice would be not to search on Google directly for the executable, but rather to Google for a reliable anti-malware site (e.g. your antivirus vendor, or the other big ones like Symantec etc), then search within their site to see if it's a known issue.