Wednesday, 18 December 2013

Remove malware on remote PC, even if task manager is disabled and antivirus not running


Windows 7


Windows client infected with malware which asks for payment, you are connected remotely via VNC, but you can't run malwarebytes or any other antivirus software, task manager is disabled.


First step is to kill malicious process:
1. Download psexec.exe
2. Connect via command line to infected pc using following command:
psexec.exe \\ -u "domain\administrator" -p "password" cmd is your target machine

3. Run tasklist to see all running process's
4. Identify suspicious process, most likely some random name i.e. 3pn37a33.exe and take a note of it's PID
5. Terminate above process using:
pskill.exe \\ -u "domain\administrator" -p "password" PID
Now you should be able to connect remotely again using VNC and perform malware removal with i.e. Roguekiller & Malwarebytes.

No comments:

Post a Comment