Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Process Explorer won't allow QHActiveDefense.exe to be killed


  • Please log in to reply
3 replies to this topic

#1 macydog1

macydog1

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 27 November 2016 - 02:30 PM

Went to Process Explorer to kill the process and it keeps telling Error terminating process Access denied


Edited by hamluis, 27 November 2016 - 03:03 PM.
Moved from XP to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:56 AM

Posted 27 November 2016 - 03:02 PM

https://www.reasoncoresecurity.com/qhactivedefense.exe-0954fa44d3326e6d8c1689044a23fd0ffbef31c5.aspx

 

Moved to AV/AM Software.

 

Louis



#3 bwv848

bwv848

    Bleepin' Owl


  • BSOD Kernel Dump Expert
  • 3,028 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:92.96 million miles away from the sun
  • Local time:03:56 AM

Posted 27 November 2016 - 11:01 PM

Greetings,

As Louis has pointed out, the process you are trying to end is related to 360 Total Security, your antivirus. Most antiviruses prevent their processes from being terminated, as we can see in your case. This is actually to your benefit since malware cannot easily end the antivirus process, which would likely stop real-time protection.

Zooming out here, it's perfectly normal for you not to be able to kill QHActiveDefense.exe with Process Explorer. If you were intending to temporarily disable 360 Total Security's protection, please follow the steps here. (Scroll down until your reach "Qihoo 360 Total Security")

I hope this helps you.

P.S. Here's a quote from quietman7, one of our Global Moderators and a security expert, regarding 360 Total Security:
 

Qihoo is a Chinese-based provider of free security and Anti-virus software (360 Total Security, 360 Internet Security, 360 Browser, 360 Security, 360 Mobile Safe, 360 Vault, etc). There has been a lot of controversy surrounding Qihoo to include it's reporting other anti-virus software and search tools as being malicious, deceptive marketing practices and various privacy issues.

 

And here's another from Aura, a member of our Malware Response Team, which may interest you:

 

If you are to use one of Qihoo's products, do not use Total Security. Total Security comes with useless features that I like to call "bloat", since they won't add anything more to your system and even maybe slow it down. Qihoo 360 TS comes with "PC Booster" features, the same features all these shady PC Boosting programs offers when telling you that they can speed up your system performance, and such. None of these programs are worth using and none of these actually work like they should. If you want your system to perform at an optimal level, you'll have to manage it manually, by doing your own tweaks. This can be done by learning how the Windows OS works and doing the proper modifications on it. Therefore, if you are to use a Qihoo product, I would go with Qihoo 360 IS since it doesn't include the useless, bloated features of Qihoo 360 TS that would slow down your system more than anything, or even harm it in someway.

But maybe did we start by asking the wrong questions as well. Is it possible for you to provide us your computer specs, as well as what kind of Antivirus product you would like to switch to, free or paid?

And concerning your main question, which is the worry about Qihoo's products recolting user data and "using" it, keep in mind that Qihoo is a Chinese product, and without being biased, with eveverything that see today in the news, it's a reasonable doubt to question Qihoo's legitimacy when it comes to their product and what they do with the data they collect. That's pretty much all I have to say about it.
 

Free right now doesn't mean it will be free forever. They may have a paid "pro" version in the future. They also proably collect information about you and use it for unknown purposes.

All AV software slows down and destabilizes your computer. To compete with the viruses and rootkits that they're supposed to prevent, AV software installes itself on your computer in incredibly intrusive ways. Prior to 64-bit OS's becoming popular, AV software would commit dozens of hooks and patches to various kernel functions in the hopes in intercepting malware. Problem is that the malware was right there with them patching whatever it wanted in kernel-space, so it wasn't long before ring 0 turned into a battleground and major source of sysem instability.

Once 64-Bit became populare and CPU's had some new features, Windows came with something called PatchGuard, which now protects kernel-space memory (code & structures) from any modifications from malware or AV software, and began mandating code-signing for all drivers. Malware writers didn't complain or even make a peep about these changes, whereas AV companies threw a massive tantrum and even thought about suing Microsoft because they thought Microsoft's own AV products were going to have special access into kernel-space that they would not.

McAffee published a paper where they discussed how easily PatchGuard and revealed a new bypass method, making it likely that they, as well as other AV's, are all still hacking their way into your kernel to get the power they want.

When you consider the rather massive performance losses, incredibly invasive maneuvers that lead to system instability, false flags, notifications, advertisements, errors, sketchy data collection, sketchy broweser plugins and addons, you should ask yourself what the difference really is between AV software and viruses themselves (besides the fact that many people pay good money to voluntarily have AV's molest their computers).

Luckily, you can avoid all of the above drama by simply not using any AV and just followinga few good rules:
1) Use either Firefox or Chrome. (or just use Opera and hope that Russian exploit writer Sergei Ivanovich forgot you existed)
2) Keep your software up to date. Most software these days is good at bugging you to update it. Do it. Your browser, Flash, Java, Adobe Reader plugins, and your OS.
3) Don't download sketchy things off the internet.

It's surprisingly easy to keep your computer clean and free of viruses without resorting to using an anti-virus solution, which is something i think more people should consider.

EDIT: And considering the fact that Microsoft has been doing a fine job releasing it's own AV software that you can download for free on Windows without any toolbars or other nonsense, I strongly advice people to just use whatever solution Microsoft has provided and avoid shady AV companies.


You have some good points, however BleepingComputer is a forum where you mostly see non-experienced users coming to ask for help and advice. Without insulting them, I know that these users won't be able to use a system properly without an Antivirus protection as a first layer of defense. Hence why I recommend, and I always will recommend, these users to use a decent Antivirus protection on their system. There's an Antivirus product for every computer and its user, all you have to do is find that product. Simple as that.

Edited by bwv848, 27 November 2016 - 11:05 PM.

If I do not reply in three days, please message me.
 
BC BSOD Posting Instructions | Carrona BSOD Index | Driver Reference Table (DRT)


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:56 AM

Posted 28 November 2016 - 07:01 AM

The correct way to remove most programs is from within its program group Uninstall shortcut in Start Menu > All Programs or by using Programs and Features (Add/Remove Programs) in Control Panel, so always check there first. In most cases, using the uninstaller of the software not only removes it more effectively, but it also restores many changed configuration settings. Important! Reboot when done and delete the Program folder if it still exists.

Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo provides a listing of all installed software by installation date and when removing a program, Revo does a more comprehensive job of searching for and removing related registry entries, files and folders.

Note: Some programs can be difficult to remove completely due to the presence of related services and processes running in the background. Sometimes the uninstall works more effectively if you first stop and disable the program's service or perform the removal in safe mode so there are less processes which can interfere with the uninstallation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users