Re: Which processes are legitimate?

From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
Date: Mon, 30 Jun 2008 16:54:08 -0400

From: "Geoff" <geoff@xxxxxxxxxxxxxxx>

| On Mon, 30 Jun 2008 16:36:51 +0300, "SANTANDER" <santander@xxxxxxxxxxxxxx>
| wrote:

Just tried Process Explorer, does it show hidden DLLs that possibly can
loaded inside explorer.exe process?

| It shows every process. AFAIK, nothing can hide from it.

That is NOT true. Many forms of malware can use low level Win32/Win64 programming
constructs that can indeed hide the process form usitlities like Process Explorer. This
is where a anti RootKit utility such as Gmer is useful. Additionally, Process Explorer
will not identify files that are stored using the Alternate Data Streams (ADS)
capabailities of NTFS.

< snip >

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

.

References:
- Which processes are legitimate?
  - From: SANTANDER
- Re: Which processes are legitimate?
  - From: Geoff
- Re: Which processes are legitimate?
  - From: SANTANDER
- Re: Which processes are legitimate?
  - From: Geoff
- Re: Which processes are legitimate?
  - From: SANTANDER
- Re: Which processes are legitimate?
  - From: Geoff

Prev by Date: Re: www.free-virusscan.com
Previous by thread: Re: Which processes are legitimate?
Next by thread: Re: advice on anti-virus, anti-trojan software
Index(es):
- Date
- Thread

Relevant Pages

Re: long sytem freeze
... In Process Explorer you can add columns. ... The problem could still be malware for the reasons I have indicated ... excessive CPU usage involving svchost.exe it is important to ... identify the Command Line because you can then identify the Service ...
(microsoft.public.windowsxp.general)
Re: long sytem freeze
... will process explorer show the culprit few seconds later - but when I can ... I can see few svchost but they use 0% CPU ... I don't recall whether or not you confidently ruled out malware. ... You stated you had NIS 2008. ...
(microsoft.public.windowsxp.general)
Re: CPU running at 100%
... The problem could well be malware. ... detect malware and Windows Defender is not a strong player. ... I suggest you download and run Spybot S & D. ... Another utility to monitor CPU activity is Process Explorer. ...
(microsoft.public.windowsxp.general)
Re: explorer.exe causing CPU to run at 100%
... undetected malware letting new malware in. ... What is the image name of the process producing high CPU usage? ... For further information about Process Explorer see here: ... and SpyBot Search and Destroy. ...
(microsoft.public.windowsxp.perform_maintain)
Re: CPU 100%, HiJackThis Logfile included
... You are saying that use of HijackThis implies something. ... HijackThis was used by helpmeplease to provide data. ... malware is a problem then that is useful feedback for helpmeplease. ... Process Explorer provides more information than Task Manager. ...
(microsoft.public.windowsxp.basics)