Whenever a computer is slow or behaving weird, I check the System Configuration Utility (msconfig), in the Startup tab. Not all malware will be found there, but it’s a good place to start with a quick check. If you see some unknown process there, especially if it has a name that looks like gibberish, it’s likely malware (hey, what’s this ragjv32f4w5t.exe program?

Some insidious malware will intervene in just about anything you are trying to do. When you try to open a browser, you can’t. When you try to start msconfig, you can’t. All you get are FAKE errors about your computer being infected by a virus (false alerts from the malware). The malware is blocking you from even starting a program, so how can you make progress?

Of course, you can try some drastic things like reverting to a previous system save, or you can try to start in safe mode. These are not optimal strategies, however, because (for one reason) they take too much time.

I am a big fan of the Process Explorer from Microsoft (from Mark Russinovich, formerly of Sysinternals). I make sure I place the executable in the System32 folder of every machine that I have to manage. Then I can fire it up whenever needed.

When malware strikes as described above, there is a little trick you can use to launch Process Explorer. If you can manage to locate Process Explorer (procexp.exe), you can move it to the desktop (just to make it easy to work with, or leave it in System32 if you must), then rename it to explorer.exe.

Malware won’t usually interfere with running of explorer executable, and you can then launch the renamed Process Explorer. Ta-dah!

Now with Process Explorer, you can look for offending malware processes, and kill them easily. Look at the paths to instances of malware before you kill the processes, so you can delete the offending files immediately after you stop them from running.

There you go, an insider’s tip for the tough times when you think malware won’t let you do anything!

Of course, it may be hard to implement this tip if you can’t even open a browser, and you don’t already have Process Explorer installed. So be sure to equip ALL machines with this little gem of a troubleshooting tool.