You see lots of processes when you start your taskmanager, svhost.exe, csrss.exe, winlogon.exe and many more. A user who never dealt with those executables before has a hard time figuring out which are safe and which could be malicious because normally you can’t say which program is using those files. A question like “Is svhost.exe a virus, is it safe ?” is normal and can be answered using the methods described below.
One way to find out additional information is to use a program like process explorer which displays more information about the processes currently running on your system. Process Explorer adds a description and company tab which reveals some information about the process.
You can configure process explorer to replace the task manager. Still, you might have information about the company and a description but sometimes there is no information about the process. What if there is no description but a company name like CMCEI. Would you be suspicious abot it ? I definately would be and now we come to websites that contain process lists of nearly every process on windows machines.
I would like to start with the list of the websites that are not spam, some websites give you some information but their main purposes is to sell a product. Two of the following sites have buttons to purchase products but they contain valuable information that make up for that. Don’t click on those buttons and you have nothing to fear.
- Process Library
- Windows Process and Task List
- Castle Cops
- Sysinfo
All but one of the websites mentioned above have a site search – simply enter a filename that you don’t know about and they will display the information they have about it. It is a very good idea to cross-check the results before you take action.
If the information states that the file could be a virus, trojan or worm you should take appropriate measures. The first one would be to download a anti-virus program like Free AV (AVG Antivirus, Avast)and scan your system using that tool. Make sure the antivirus software is up to date. You might also want to take a look at my article about free online scan websites, most require Internet Explorer but some work in Firefox as well.
You should also download and run anti-spyware programs like Spybot Search and Destroy or Adaware. I’ve written another article “how to detect and remove spyware” which might be helpful as well.
To sum it up:
- Download process explorer
- Use the websites mentioned above to find out more about the process in question
- Scan your system with antivirus software
- Scan your system with anti-spyware software
Read Related Posts
-
Which Programs Should I Run To Scan A Computer For Malicious Software?
-
Process Patrol
-
Windows Process Information
-
Online Virus Scan
-
Batch Kill Processes with Kill Process
-
Why I decided to uninstall my Antivirus software
-
Norton Security Scan
-
Windows Defender
There is a Plug-in Program called UNIBLUE QUICK ACCESS which will attach itself to the Task Manager in Windows which will take you directly to the Process Library where you can determine the nature of the Process that is running on your Computer. I always make it a habit each and every day to use this Process identifier together with PROCESS EXPLOYER to see what is running,like I said it is a habit and a good one at that.
Yeah, this is a great one, I’m using it shortly. Saves a lot of work(time).
http://www.processlibrary.com/quickaccess/
The problem lies in the fact that these sites expect
users to go through 50-100 processes just to decide if their “safe” which in itself is difficult when there are multiple definitions for quite a few of the processes, especially those used by the system.