# Batch targeted Process Kill



## ShadowEvangel (Aug 28, 2007)

Ok, I need to kill a specific process.

I am using taskkill, because it is Windows integrated and everyone is guaranteed to have it.

Two limitations:
-I cannot use PID as the ID changes every time the process starts.
-I cannot use by name, beacuse it's called svchost.exe. Obviously, killing all copies causes system reboot. It also fails to kill the process I need to kill anyway.

Basically, I need to kill the process on the local computer, started under the current user and not system or NT authority or anything else.

I'm thinking using the /S /U /P set of switches, but I'm not entirely certain on the usage for a local computer. Also, I need to figure out how to get the current user name/pass if it doesn't get it automatically.

On a side-note. I need to know how to define the current folder (as in the folder the bat file is currently in) as the working folder.

Thank you for your help.


----------



## Squashman (Apr 4, 2003)

Taskkill is only for XP Pro. You would have to use TSKILL for XP Home. Windows 2000 doesn't have either. You would have to use PSKILL for that.
username is an environmental variable. You won't be able to get the current users password.

To get the current working directory just set a variable.
http://blogs.msdn.com/oldnewthing/archive/2005/01/28/362565.aspx
or 
http://www.differentpla.net/content/2004/05/getting-hold-of-the-current-directory-in-a-batch-file


----------



## Frank4d (Sep 10, 2006)

If you know the name of the service that is being run by svchost.exe, use the SC STOP command.


----------



## ShadowEvangel (Aug 28, 2007)

Frank4d said:


> If you know the name of the service that is being run by svchost.exe, use the SC STOP command.





ShadowEvangel said:


> -I cannot use by name, beacuse it's called svchost.exe. Obviously, killing all copies causes system reboot. It also fails to kill the process I need to kill anyway.


Tried that. Doesn't work.

Squashman, thanks for the links. Have still to test the script, as the targetted infection is not on this system, but hopefully will work fine.

As to the bulk of your post, the copy of server 2003 I'm using at this very moment has a fully functionng taskkill, so I think I'll stick with it at the moment. If I do find further evidence to support your statement, I might make different versions using different commands to accommodate for other OSs.


----------



## Squashman (Apr 4, 2003)

So what is your goal with this batch script. You say "Infection". Are you having virus problems.

Of course 2003 has Taskkill. I suppose you could distribute that with your application. I have never tried to run it on a Windows 2000 machine. And if you are in a domain environment, you obviously won't have any XP Home machines. Unless you enjoy pain and suffering.


----------



## ShadowEvangel (Aug 28, 2007)

Squashman said:


> So what is your goal with this batch script. You say "Infection". Are you having virus problems.
> 
> Of course 2003 has Taskkill. I suppose you could distribute that with your application. I have never tried to run it on a Windows 2000 machine. And if you are in a domain environment, you obviously won't have any XP Home machines. Unless you enjoy pain and suffering.


heh, yeah,. true. I wouldn't touch xp home with a 10 foot pole unless I was getting paid a bucketload to do it.

Anyway, yes, I am trying to build a small proggy to kill RavMon from a computer, as the stupid %@&^@^%!s at my tafe keep reinfecting everything. I need to kill the process SVCHOST.EXE running under the current user, but not those under system/NTauth/etc. then the reg keys redirecting the open/explore commands on drives, then kill the actual files themsleves. I've so far gotten the file killing down pat, but the registry and process steps I'm having trouble with, though I may have a workaround for the reg step now.


----------



## JohnWill (Oct 19, 2002)

I'd address the real issue, the source of the infection and the fact you obviously have no active AV running.


----------



## ShadowEvangel (Aug 28, 2007)

JohnWill said:


> I'd address the real issue, the source of the infection and the fact you obviously have no active AV running.


Source is flash drives owned by idiots too stupid to make sure they're not infected, and plugging them in without regard to others.

And since I'm just a student here, any AV I install will just get wiped next time these hard drives are reformatted, which happens every 6 months or so anyway...


----------



## Squashman (Apr 4, 2003)

Your a student and your school system has decided it is not important enough to install Anti-Virus on the schools computers.

Have you asked the schools Administrators why this is? I would let your parents know that the money they spend on your education isn't worth it. Stage a protest outside of school with a bunch of other people who feel your pain as well. 

either way, I wouldn't go screwing around with computer that are not in your full control. You mess one up and they may suspend you from using the schools computers.


----------



## ShadowEvangel (Aug 28, 2007)

Squashman said:


> Your a student and your school system has decided it is not important enough to install Anti-Virus on the schools computers.
> 
> either way, I wouldn't go screwing around with computer that are not in your full control. You mess one up and they may suspend you from using the schools computers.


Oh no, these aren't on the main domain. THAT has an antivirus. THIS is one of the classroom computers we install ourselves and mess around/up with, with full control (I'm on admin account of my own 4-PC domain atm). Pretty much a basic install of Windows. Anyway, I managed to get my program to work, so it's all good...


----------



## JohnWill (Oct 19, 2002)

ShadowEvangel said:


> Source is flash drives owned by idiots too stupid to make sure they're not infected, and plugging them in without regard to others.
> 
> And since I'm just a student here, any AV I install will just get wiped next time these hard drives are reformatted, which happens every 6 months or so anyway...


It takes 10 minutes (max) to install AVG Free. That doesn't seem to troublesome for a 6 month cycle.


----------

