I have some annoying malware/unwanted program on my PC and can't get rid of it so I thought of blocking its executable(s) from running. For the latter, I found How to Block an Application or .EXE from Running in Windows on How-To Geek; this describes how to create a blacklist of executables that will not be allowed to run. Unfortunately, the program's executable name contains a random number/date, meaning that it cannot be referred to using a static name such as Notepad.exe since it changes every time. I thought of writing some kind of regular expression matching all executables that start with Shell&ServicesEngine and end with .exe for the blocking. How do you do it though? Note that I appreciate as well if you know how to properly solve this malware problem.
Asked
Active
Viewed 407 times
1
BullyWiiPlaza
- 558
- 2
- 9
- 23
-
Are there any `.EXE` files in `C:\Windows\Shell&ServicesEngine_09122015182218`? (Have you tried blocking those names?) Have you tried blocking `Netman` and `NetworkAnalserService`? – Scott - Слава Україні Dec 13 '15 at 19:09
-
Yes, there are `.exe` files in the folder but they are named after the parent folder name mostly. `NetworkAnalserService` actually is one of them so it has a variable name – BullyWiiPlaza Dec 15 '15 at 11:38
1 Answers
1
Try looking for other malware. It's hardly ever just one. Or if the processes don't try to start up again after being terminated add a strings with any name to HKLM\Software\Microsoft\Windows\CurrentVersion\Run with the values "taskkill /f /im /t netman.exe" and "taskkill /f /im /t Shell&ServicesEngine*" so they get killed at startup.
Alex Taxell
- 11
- 1
-
They only start up once in awhile and not necessarily at boot. That makes it so hard to figure out what's going on. Your solution would be ideal if it kept executing the `taskkill` command in the background. However, I can do this myself now. Thanks – BullyWiiPlaza Dec 15 '15 at 11:45