Helping people with computers... one answer at a time.

If you realize that an unexpected download has begun and think it might be malicious, it's good to try and stop the download right away.

What is the quickest method to turn off your computer or kill a download? Just curious, in case I need to stop a possible virus web download without damaging the computer processes. I use Vista on laptops. The other day when I was surfing, I went to a "legitimate" web site and saw an instant notification of a virus: bars growing in a strange display - that kind of thing. It did not look like any display that my regular firewall and antivirus ever shows. As quick as I could, I clicked all the quit X corners and did a "normal" shutdown. Afterwards, I ran all my scanners in Safe Mode and nothing odd showed up. But, it pointed out that we all need a very rapid way to shut down the CPU to kill the download. If I had been close to my wireless router, I could have pulled the power cord or if I was connected by ethernet cable, I could have removed that transmission line.

You're right in that the fastest way is to pull the network cable, if you have access to it. That's what I generally recommend when possible. It's fast and absolute.

One thing that folks often do, but should not, is to pull the power cord, or otherwise force an immediate power-off of their machine.

I'll explain why that's a bad idea and give you a couple of alternatives when disconnecting the networking cable isn't a realistic option.

Pulling the (power) plug

Many people's first reaction when they believe that something bad is happening to their machine right now is to pull the power plug right now. On laptops, that might even include holding the power button down for 10 seconds, which is never a good idea.

"... the ideal scenario is simply to disconnect your computer from the network."

Don't do it.

The problem with these methods for shutting down your machine is that they don't give Windows a chance to shut down cleanly. That's very important - it's definitely not something that you want to skip.

When power is removed unexpectedly, you're playing a virtual game of Russian roulette. Most of the time, it might result in no noticeable problems at all. Sometimes, you might notice some minor issues after you boot again.

In the worst case, it's quite possible that your computer may not boot again.

The problem is simply that if the computer happens to be writing to disk and the power goes out at exactly the wrong time, the disk could be damaged. It's not frequent, but it is very possible. Often, you can recover but at a minimum it's a hassle when this happens. (And yes, all of this applies to power outages for other reasons as well.)

So don't pull the plug or force a power off as anything other than a last resort.

Pulling the (network) plug

As you indicated, the ideal scenario is simply to disconnect your computer from the network. It's quick, it's painless, and it definitely stops the download.

"Pulling the plug" can, indeed, mean physically unplugging the network cable from your PC. But as you also alluded to, you could unplug your router or access point. You can unplug its power, instantly turning the device off, or like your PC, you can simply disconnect it from the network.

In addition, many laptops have switches of various sorts that will turn off their WiFi adapter effectively disconnecting you from the network.

Regardless of how you do it, simply physically disconnecting from your internet connection is the fastest and safest way to interrupt a download that you suspect may be malware related.

Pulling the (virtual) plug

What if there's no plug within reach? What if the cables are all hidden, the networking equipment is inconveniently located, or you're using a laptop with no WiFi switch?

This is one of the reasons why I keep the network icon visible in my taskbar's notification area.

In Windows XP, it's easy:

Disabling the network interface in Windows XP

Right-click the network connection icon and then click on Disable. That's it - connection interrupted.

In Windows 7, it's a step or two more complex, I'm afraid.

Windows 7 doesn't display the same network icon as Windows XP does, so it's worth knowing about these steps.

Open network and sharing center in Windows 7

Right-click the network icon and click Open Network and Sharing Center.

Change Adapter Settings link in Windows 7

Click on Change adapter settings.

Disabling an adapter in Windows 7

Right-click the network adapter that represents your internet connection, and click Disable.

Five clicks and your machine is disconnected from the internet, quickly, safely and without damage.

Then, after you've secured your machine and perhaps checked for any malicious fallout, you can return and enable the network connection in the same way.

Article C4846 - June 15, 2011 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

30 Comments
Mary
June 16, 2011 11:29 AM

Re: Win 7 and five clicks to disable internet connection. Can a shortcut icon be created on the desktop for a one click solution?

Black Dahlia
June 16, 2011 6:24 PM

Kill switch rigged to MIG welder aimed at hard drive ftw.

Ken B
June 17, 2011 9:52 AM

You can use the command "netsh" to enable/disable a network interface.

Bring up a command prompt ("cmd") and type this:

netsh interface show interface

That will show you all of the network interfaces. Find the one that you use (state will be "connected"), and make note if its "interface name".

To disable it, the command is:

netsh interface set interface "interface name" disable

For example:

netsh interface set interface "Local Area Connection" disable

(Case does not appear to be significant.)

Note, however, that if UAC is enabled, you need to run the command with elevated privileges in order to enable/disable the interface.

Create a shortcut with the above command, and make sure to set the properties to "run as administrator" under "shortcut / advanced".

Mary Ann
June 21, 2011 8:26 AM

I thought taskbar "Task Manager" and "End Process" would stop a download. Is this not correct?

Only if you know what process it is that's doing the download. That's not something I wanted to assume.
Leo
21-Jun-2011

Me
June 21, 2011 8:42 AM

I use Firefox and sometimes when I get redirected to a nasty site I kill the process. Sometimes I need to do it twice because of the automatic tab restore though.

Larry
June 21, 2011 8:48 AM

Create a one click shortcut, under Windows 7, to access your connection.

As stated in the above instructions and you click the "Change adapter settings" right click your connection and then select "Create Shortcut.

The SC will be placed on your Desktop where you can pin it to the taskbar, copy-paste it elsewhere, either way to disable your connection with click the SC then the "disable" button".


Leon
June 21, 2011 9:27 AM

With ZoneAlarm firewall you just right click the icon on the taskbar and then
"Engage Internet lock" or "Stop all Internet Activity"
( though I have not figured out the difference ...)
Leon

Johan
June 21, 2011 10:05 AM

However, “pulling the plug” solution does no harm to a Linux OS with a journaling file system (Ext3, Ext4, Reiser).

Generally ... one cannot stop wondering why anyone would still use the “MS Windows” dinosaur (other than have Bill Gates laugh all the way to the bank).

Bill
June 21, 2011 10:18 AM

What about pressing the "standby" button on your modem? Will this work?

Mark J
June 21, 2011 10:32 AM

@Me
It's also good to use WOT which can warn you about dangerous websites.
http://ask-leo.com/web_of_trust_website_trust_ratings_from_other_internet_users.html
It will warn you if you click on a dangerous link. They miss very few bad sites but unfortunately flag a few safe sites as bad.

Mark J
June 21, 2011 10:45 AM

@Mary Anne
That would also work. I don't know if it would be as fast as pulling the network plug, though. I's basically not much different than closing the program by right clicking on the task bar or clicking the X on the browser window.

Mark J
June 21, 2011 10:58 AM

@Bill
pressing the "standby" button on your modem should also work

Gary Knop
June 21, 2011 1:42 PM

99.9 of malware coming to the average user is a drive-by variant. These require action on your part!!! DO NOT touch, close browser. If you have the expertise locate and delete bad guy! The rest of us run good spyware program. One that always works for me Malwarebtes' Anti-Malware. Oh, if you run Panda, and quit looking for russian brides.. it will not happen so often.

Gary Knop
June 21, 2011 1:52 PM

One other suggestion, if you have children(tweens to teens) you might consider OpenDNS. Install some controls and those type of pop-up scare you boogie-men will be eliminated!!

Bernard Winchester
June 21, 2011 4:08 PM

How about the "Work offline" command in your browser's File menu - if it has one?

IF you know that the download is being performed by the browser, and IF you know that it'll take effect immediately. In an "emergency" I'm not sure I'd trust either IF :-).
Leo
21-Jun-2011

john neeting
June 21, 2011 4:37 PM

fortunatly, Avast gives the instant window option of killing the window with a click, keeping the browser and everythingelse open as normal but erasing any part download from the offending site. When I get an alert, effectivly, it immediatly stops everything, ie ' freezes' anything coming from the site till I make a decision in it's alert window. Saved my machine many a time.

Jack Elder
June 21, 2011 7:27 PM

With some of the latest viruses out there, you might not even know you have one until a "Windows Security Software" or "Drive Repairer" screen appears telling you your system has hard drive errors or viruses. At that point unplugging your data cable is too late. Some of these new viruses prevent you from opening utilities at that point. Using a small disposable external USB drive, I suggest running ComboFix from the Safe Mode Command Prompt and then Malwarebytes from Safe Mode with Networking repeatedly until Malwarebytes reports 0 viruses. This works effectively on any virus I've encountered so far. So keep your virus updates current, your windows updates current, use high security options in your browser #like disabling 3rd party cookies# and periodically make an image of your entire hard drive to an external NAS device such as an Iomega StorCenter. Worse comes to worse, you may have to restore from your most recent image backup if the virus completely kills your machine.

Frank D
June 22, 2011 7:53 AM

john neeting said: ". . . Avast gives the instant window option of killing the window with a click, keeping the browser and everything else open as normal but erasing any part download from the offending site."
Could you please explain where that option can be located or invoked? I'm using Avast (free) but I don't see that option.

Tom George
June 22, 2011 9:08 AM

I liked what Ken B mentioned in the previous comments. To save a little bit more time you can simple create a batch file and save it with administrative privilege. The content of the batch file will be simply the command to disable a specific interface i.e netsh interface set interface "interface name" disable

Keeping the file in the desktop will help.

Mike Noonan
June 22, 2011 5:32 PM

Seems obvious, but following your lead, I simply put a shortcut to the Local Area Connection icon on my desktop. Now it's just one right-click and a click away from disabling the connection

Gord Campbell
June 22, 2011 7:37 PM

"I went to a "legitimate" web site and saw an instant notification of a virus: bars growing in a strange display - that kind of thing. It did not look like any display that my regular firewall and antivirus ever shows. "

Ten to one, this was not actually a virus being installed, it was an attempt to convince you to buy and install a program which would "solve the problem." Not only are you wasting your money, you're installing malware.

Beabea
June 23, 2011 7:48 AM

I have Windows 7 Premium, and Dialup with MSN. I cannot hardly navigate, for these, always coming up, "Webpage has expired", "This program cannot display the webpage", and "Navigation has expired". Are these Malware, viruses or what? Or do I have a PC problem? Sorry about changeing the subject, but I need help bad. Could you send an e-mail, Please.

Sounds to me like perhaps your PC's clock and/or timezone are incorrect.
Leo
28-Jun-2011

Bill
June 23, 2011 9:13 AM

Would you believe this? I just got an email from a trusted correspondent with a website link. I pasted it into Chrome and got an instant avalanche of popups purporting to show infections, trojans, bubonic plague etc. I clicked on a red X and a download started instantly. I hit the "standby" button on my modem - just what I asked about yesterday. I got a "download interrupted" message immediately. So it DOES work. I ran malwarebytes scan - no malware found.

Leo has never sent me a more timely tip. Thanks.

Bernie
June 24, 2011 7:05 AM

Leo provided info on disabling the network in XP and in Windows 7. Anyone have a quick shortcut for Vista? Thanks.

Carlos R Coquet
June 27, 2011 9:07 PM

Hmmmm. If the notebook computer does not have built-in wireless access, then pulling the added device, like a PCMCIA card, would be my first option and much faster. Just press a button. It is does have built-in wireless, it more than likely has an Fn key combination to disable it, inmediately. That, again, would be a fast alternative. (In a Latitude D505 it is Fn F2.)

Steve
June 28, 2011 10:40 PM

I never click anything on these malware installs. When I see something suspicious start I hit ALT-F4, repeatedly. Clicking anything on the malware items can trigger them to install.

A clever one I saw last week had an uninstall shortcut that pointed at the install exe.

Ismael Mojica
June 30, 2011 4:33 PM

One of the best recomendation I ever read.

Thanks Leo

Frank D
July 9, 2011 8:05 AM

In response to Bernie on June 24, 2011 7:05 AM:
"Leo provided info on disabling the network in XP and in Windows 7. Anyone have a quick shortcut for Vista? Thanks."

Here's a simple procedure for both Vista and Win7:
1. In Control Panel, click on Network and Sharing Center.
2. At the top, click on the Network icon.
3. In the Network window, right-click on your router or modem icon.
4. Click on Create shortcut.
(The shortcut is created on your desktop.)
5. Move the shortcut icon to wherever you want it (e.g., pin it to the taskbar).
When in panic mode, just click on the icon to disable your Internet connection.

Oliver W
July 13, 2011 8:27 AM

On using "Disable" from the Network Connection icon in the XP taskbar: this is not possible if you're using a Restricted account (i.e. without administrator privileges), which I do myself for most activities and recommend to others because it reduces (probably doesn't eliminate) the risk of malware being installed.

john neeting
July 16, 2011 3:21 AM

I am using Avast 4.7 Professional and this action is automatic [!]. I'm not going near 5 with a barge pole.
Just google some forums and find out why. Oh it's good but I don't to sell my soul to the company store, thank you very much

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.