Identifying Nefarious Processes

Malware doesn’t usually sit idly on a computer; it will run as a background process behind windows where you cant see it. From there, it can monitor your activity and start throwing pop-ups. The first place to check to see if you have malware is through the Task Manager.

If you aren’t familiar with the Task Manager, it is one of the most powerful utilities Windows has to offer. You can access it by pressing Ctrl+Shift+Esc or by right clicking on the task bar and selecting “Task Manager”.

Once there, you will have all of your system’s applications, services and processes (they are different) at your fingertips. The Applications tab shows you currently running programs that you can see ie. Microsoft Word, Google Chrome etc. The Processes tab shows you all of the software that your computer is using in the background of your Applications. This is where you want to look.

From here, you can see the Process ID, Memory Usage, CPU Usage and a description of the process itself. You can sort by these  values to either list the processes alphabetically or by the amount of resources used. I find it most useful to sort by Memory Usage if your computer is running slowly.

Most processes developed by reputable manufacturers will have a full, and ‘well written’ description that succinctly describes the process’ function. Your first cause for concern is a process without a description or one that is extremely limited. Note, sometimes a valid and reputable process wont have a description. Now its time to Google it! Simply search for the name of the process in question and you will no doubt find dozens of websites that carefully evaluate the process’ reputation.

Lets say that you see a process running called “Hijack.exe”. It has no publisher information and its description is also empty. Upon searching for Hijack.exe you find that thousands of people have identified this as malware. What do you do from here?

First off, end the process. Simply select it and click End Process/End Task. From there, you should run an antivirus scan. If, somehow, your antivirus doesn’t detect it you should open up a Run Dialog with Win+R and type in MSCONFIG.EXE and press enter. Once there, navigate to startup items and make sure that Hijack.exe is not listed in your startup items. (On Windows 8, Startup Items is also in your Task Manager).

Next, restart your computer and get yourself some new antivirus!

Task Manager is an extremely powerful tool that should be used with caution. Some processes are critical to windows functionality and stopping them can lead to the dreaded BLUE SCREEN OF DEATH. Google is your friend, and so is the task manager. Become familiar with your normal process IDs so that you can immediately identify a suspicious/malicious one.

If you have any questions, feel free to comment or give us a call at the office! =)

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>