process module

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

when i run adaware se, it says there are 36 process running and 1300+process
modules. what is a process module? also, when i come tothis site i can never
sse the whole page, its cut off on the right. anyideas? thx, jay
 
If you plan on spending any time at all in newsgroups, set up Outlook
Express as your newsreader and dump the CDO.

Getting News from Newsgroups
http://www.microsoft.com/windows/ie/using/howto/oe/gettingnews.asp

Using Outlook Express To View Newsgroups
http://support.microsoft.com/default.aspx?scid=/directory/worldwide/en-gb/newsout.asp

Viewing and Posting to Newsgroups
http://www.microsoft.com/windows/ie/using/howto/oe/newsgroups.asp

Windows XP Newsgroup Setup Instructions
http://www.microsoft.com/windowsxp/pro/using/newsgroups/setup.asp

Setting up Outlook Express Newsreader
http://michaelstevenstech.com/outlookexpressnewreader.htm

Set Up Outlook Express
http://www.microsoft.com/windows/ie/using/howto/oe/setup.asp

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
jay said:
when i run adaware se, it says there are 36 process running and 1300+process
modules. what is a process module? also, when i come tothis site i can never
sse the whole page, its cut off on the right. anyideas? thx, jay
Click to expand...

Typically they are DLLs opened by the parent EXE file.
If you download Process Viewer -
http://www.xmlsp.com/pview/prcview.htm
you can see a list of running processes.
If you right click on a process in the list one of the choices will be
"Modules."
 
i am having the same problem, im showing 1300 + modules , that info is on the
ad ware when im doing a scan. is it normal to have that many modules? and if
not how do u get rid of them or know which ones are okey to get rid of. thx
 
Nothing abnormal about that number. I currently have 1,313 so-called process
modules, with no problems whatsoever.

Ted Zieglar
 
Ad-Aware and Process Viewer see the same modules, but total them up
differently. For example:
Process A
Module 1
Module 2
Process B
Module 1
Module 3
Process C
Module 1
Module 4

Ad-aware would report:
3 Running Processes
6 Process Modules

In Process Viewer, select the View> Module Usage menu item. Then look at
the status bar of the newly opened window and you'd see '4 Module(s).'

In both case there are exactly 4 modules in memory, but Module 1 is
being used by three distinct processes.

Your count of 1300+ modules is normal for Ad-Aware, but that doesn't
tell you if they are all legit modules. If you're dealing with super
critical data (access codes to Fort Knox, locations for the missing WMDs
....) and there has been an intrusion on the system --- you'd probably
want to verify the location and version of each module as well as
compare byte count and MD5 check sum of each module against a known good
reference image.

For us normal folk, if SpyBot, Ad-Aware and your anti-virus program all
give clean scans we'll just assume the 400+ unique modules reported by
Process Viewer are all OK.

For more information see Robert Hensing's Weblog.
http://weblogs.asp.net/robert_hensing/
Robert Hensing is a member of the Microsoft Product
Support Services Incident Response team.
 
In a previous post I mentioned that the number of process modules is not
what matters - it's what those process modules are doing that counts.

You didn't mean to exclude me from "us normal folk" did you?
 
Ted said:
In a previous post I mentioned that the number of process modules is not
what matters - it's what those process modules are doing that counts.
Click to expand...

That's essentially correct.

Two days ago I worked on a system where the initial scan (Ad-Aware run
in ***SAFE MODE***) showed:
9 Running Processes
317 Process Modules
1924 Objects Recognized
1924 New Critical Objects

After clean up, Ad-Aware scan (not in ***SAFE MODE***) shows:
30 Running Processes
1229 Process Modules
0 Object Recognized
0 New Critical Objects

Those 1924 New Critical Objects represented 37 separate infections.
Ad-aware was able to remove all that. Opon normal boot, a rogue process
was (still) creating randomly named .dll files in %windir%\system32\
and inserting them into a system start up location. I had WinPatrol set
to inspect the system once every 5 minutes at which point it would alert
me and I'd disable the item. The rogue item was a module being run
inside one of the svchost.exe processes. I killed the svchost parent
process which resulted in an instantaneous power off of the system. I
booted into safe mode and renamed the offending .dll. That seemed to
cure the problem, but I still gave a pretty close look at the rest of
the modules to make sure that file path, file version and file creation
date all made sense.
You didn't mean to exclude me from "us normal folk" did you?
Click to expand...

If anyone were to be excluded from "normal folk" it would be me - 'cause
I'm a geek. :)
 
Back
Top