In computing, a process is an instance of a computer program that is being executed. When you run a program, you would start a process. The process can be divided into system process and user process. System processes serve for the completion of operating system functions. Processes of applications such as Outlook, Word are user processes.

 By observing the processes, we can identify what programs are running in the system and determine whether the system had been injected with malicious programs. The correct analysis of the processes can help us manually remove the virus or Trojan.

How to know which processes exist in the system?

For Windows98/Me/2000/XP/2003 users, press Ctrl+Alt+Delete to directly look up the processes, or open the "Windows task manager" and select "Process" to check the processes. Common system process includes winlogon.exe, services.exe, explorer.exe, svchost.exe, etc. To be familiar with process, users must begin with these common system processes. If strange processes found, users may pay attention to them.

How to kill/stop a process?

1. If you can't end a process from "Windows task manager", open the Windows registry(Start -> Run, enter "regedit" and press Enter key), find HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run and delete suspicious entries.

2. Control Panel -> Administrative tools -> Services, here you can check all the current processes. The focus here is to check the services with the "Automatic" option, and check their names and paths. Once a suspicious names is found, this process need to be prohibited immediately.

3. To completely delete a process, open the Windows registry, find HKEY_LOCAL_MACHINE\\SYSTEM\\Current\\Control SetServices and delete the registry keys corresponding to a certain service.

4. Apart from the above methods, we can first check the name and path of a process, reboot the system, press F8 key to enter safe mode and delete the process in safe mode.