Malware often hooks into the Winlogon process, enabling the malware to load even in Safe Mode. Removing malware load points from Winlogon may require shutting down the Winlogon process. Here's how.
Time Required: 5 minutes
- Download a copy of the free Process Explorer
- Extract the downloaded Process Explorer to a folder on your desktop (or some other easy to access location).
- Open Process Explorer by double-clicking the procexp.exe file located in the folder to which you extracted the file.
- From within Process Explorer, locate the smss process, right click the smss process and select Kill Process from the drop down menu that results.
- Next, locate the Winlogon process, right click the Winlogon process and select Kill Process from the drop down menu that results.
- Choose File, then Exit to close the Process Explorer. When you've completed your tasks, rebooting the system will restore the smss and winlogon processes.