You see lots of processes when you start the operating system's task manager: svchost.exe, csrss.exe, winlogon.exe and many more that may run on the system. You can start the Task Manager with the shortcut Ctrl-Shift-Esc.
Update: Microsoft changed the start page of the Task Manager on Windows 10. You need to click on the "more details" link on first run to display the classic interface that lists all running processes and information.
A user who never dealt with these processes before may have a hard time figuring out which are safe and which may be malicious because more often than not you cannot really determine which program or service launched a process.
A question like "Is svchost.exe a virus, or is it safe?" is normal and can be answered using the methods described below.
One way to look up additional information is to use a program like Process Explorer which displays more information about all processes currently running on your system. Process Explorer adds a description and company tab which reveals some information about the process.
The program displays processes in a tree hierarchy on top of that so that you see parent and child processes on first glance. This makes it easier to understand how a particular process was launched, especially if it is a child process.
You can configure Process Explorer to replace the task manager. Still, while you may have information about the company and a description, you may not have all information required to come to a final conclusion.
Update: Newer versions of Process Explorer come with Virustotal integration. You may use it to check each running process on Virustotal to find out whether it is flagged as malicious by one or more antivirus engines used by the security scanning service.
What if there is no description but a company name like CMCEI. Would you be suspicious about it? I definitely would be and now we come to websites that contain process lists of nearly every process running on Windows machines.
I would like to start with the list of websites that are not spam and offer a good amount of information that you can work with. Many process libraries on the Internet either do not offer valuable information at all, or instead try to sell you a product that they claim will help you out.
Two of the following sites have buttons to purchase products but they contain valuable information that make up for that. Don't click on those buttons and you have nothing to fear.
All but one of the websites mentioned above have a site search - simply enter a filename that you don't know about and they will display the information they have about it. It is a very good idea to cross-check the results before you take action.
If the information states that the file could be a virus, trojan or worm you should take appropriate measures.
The first is to download an anti-virus program like Free AV (AVG Antivirus, Avast) and scan your system using that tool. Make sure the antivirus software is up to date. You might also want to take a look at my article about free online scan websites, most require Internet Explorer but some work in Firefox and other browsers as well.
To sum it up
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.