A user kindly clicked on one of those nice fake Anti Virus Pro links today, and surprise surprise he then couldn’t run any programs, Outlook, Task manager, msconfig etc.  Excellent! So I had to look to finding the little process, stop it and then remove it.

Luckily I was able to open a command prompt by clicking Start and then Run, type cmd and click Open.
If you can’t see Run then just click the Start button type cmd in the search box at the bottom, then hit Enter.


Once the Command prompt opens, type: tasklist  this will give you a nice list of your running processes as well as their PID (Which we’ll need)
So once I ran tasklist I get:

No I know that in this particular instance that the file which was running the process was 3X9gns33.exe and I can see that the PID is 3956

So in order to kill the process you type tskill PID and hit enter, so in this instance tskill 3956

Once the process had stopped I could then delete the offending file. Check the Startup locations, scheduled tasks etc and then run some malware scans to make sure it’s not hiding elsewhere.
Of course this doesn’t have to be for Virus’ and such but it’s useful to know.

Hope this gets you out of a sticky quibble.