What:
Windows 7
Problem:
Windows client infected with malware which asks for payment, you are connected remotely via VNC, but you can't run malwarebytes or any other antivirus software, task manager is disabled.
Solution:
First step is to kill malicious process:
1. Download psexec.exe
2. Connect via command line to infected pc using following command:
psexec.exe \\192.168.1.10 -u "domain\administrator" -p "password" cmd192.168.1.10 is your target machine
3. Run tasklist to see all running process's
4. Identify suspicious process, most likely some random name i.e. 3pn37a33.exe and take a note of it's PID
5. Terminate above process using:
pskill.exe \\192.168.1.10 -u "domain\administrator" -p "password" PIDNow you should be able to connect remotely again using VNC and perform malware removal with i.e. Roguekiller & Malwarebytes.
No comments:
Post a Comment