<< Click here to Goto HomePage


Wednesday, September 27, 2006

How to SEARCH and DESTROY malicious Processes in your PC - An Insider's Guide

You see lots of processes when you start your taskmanager, svhost.exe, csrss.exe, winlogon.exe and many more. A user who never dealt with those executables before has a hard time figuring out which are safe and which could be malicious because normally you can’t say which program is using those files. A question like “Is svhost.exe a virus, is it safe ?” is normal and can be answered using the methods described below.

One way to find out additional information is to use a program like process explorer which displays more information about the processes currently running on your system. Process Explorer adds a description and company tab which reveals some information about the process.

You can configure process explorer to replace the task manager. Still, you might have information about the company and a description but sometimes there is no information about the process. What if there is no description but a company name like CMCEI. Would you be suspicious abot it ? I definately would be and now we come to websites that contain process lists of nearly every process on windows machines.

I would like to start with the list of the websites that are not spam, some websites give you some information but their main purposes is to sell a product. Two of the following sites have buttons to purchase products but they contain valuable information that make up for that. Don’t click on those buttons and you have nothing to fear.

All but one of the websites mentioned above have a site search - simply enter a filename that you don’t know about and they will display the information they have about it. It is a very good idea to cross-check the results before you take action.

If the information states that the file could be a virus, trojan or worm you should take appropriate measures. The first one would be to download a anti-virus program like Free AV (AVG Antivirus, Avast)and scan your system using that tool. Make sure the antivirus software is up to date. You might also want to take a look at my article about free online scan websites, most require Internet Explorer but some work in Firefox as well.

You should also download and run anti-spyware programs like Spybot Search and Destroy or Adaware.

To sum it up:

  • Download process explorer
  • Use the websites mentioned above to find out more about the process in question
  • Scan your system with antivirus software
  • Scan your system with anti-spyware software