[TipJar] High and Snipe

Jun 23

ErinTipjar, Top of my head , , No Comments

At work, the Windows 7 workstation we were given came with a Trojan-esque gift: several instances of wscript.exe are running at startup and uses all available CPU processing cycles. Killing them off does not show any adverse effects (yet) but the graphical way is a bit time consuming as the machine is already slow at this point.

Below is the quickest way to snipe these instances using the lowest memory-guzzler tool in every Windows arsenal: the command line processor window. The only catch is that the wscript instances would require the kill command to be executed from an elevated command prompt as the Windows User Access Control (UAC) is active.
1. Press the Window key to bring up the startup menu.
2. In the Start menu search box, type “cmd”. The first entry highlighted is the program entry.

elevated cli

3. Press “Ctrl+Shift+Enter” to run the command in elevated mode. If UAC is really running, a confirmation prompt will be displayed for the command line processor.

elevated cli

4. Invoke the command “taskkill /im wscript.exe /f ” to kill all running instances of wscript.exe.

5. To validate if there are still instances running, run the command “tasklist | find “wscript” ” (omit the first and last double quotes). Nothing should be shown.

The exercise above can be adapted to quickly kill some errant processes without going through the task manager or resource monitor GUI clients. Be careful in what you kill for it might bite back. 🙂

[UPDATE] A colleague,Ron Emil Castro, has provided this trick on combining both in a script that will load up with administrator privileges upon startup for Vista/Win7 machines.

  • Create a batch script with the following code

CHOICE /N /C YN /T 15 /D Y
taskkill /im wscript.exe /f

The first command waits for 15 seconds to give the script enough time to run and the second kills it as specified in the script above.

  • Open the startup folder by right-clicking on the Start->All Programs->Startup item then selecting the Open option.
  • Create a shortcut to the batch script. Right-click on the shortcut and open the properties window. Select the “Run as Administrator” option under the Advanced section.

[UPDATE] The processes are because of an errant firewall checker script loaded by the domain policies. The alternate solution provided by the support team is to execute the C:\Windows\system32\wscript.exe binary and set the timeout to a low number (5 or 10 seconds). Use the recommendation at your own risk as this basically handicaps the execution of other scripts that would require more time than the set timeout.

Leave a Reply