Support tool

  • Thread starter Thread starter Scott Micale
  • Start date Start date
S

Scott Micale

I was wondering if there is a tool out there that will look at your
processes that are running Under Task Manager and tell you whether or not
they are legit processes or something that could be a virus, spyware, or
some other malicious type of program running. I am currently running Norton
Anti-virus and Microsoft Anti-Spyware.

Just curious!

Thanks!
 
From: "Scott Micale" <[email protected]>

| I was wondering if there is a tool out there that will look at your
| processes that are running Under Task Manager and tell you whether or not
| they are legit processes or something that could be a virus, spyware, or
| some other malicious type of program running. I am currently running Norton
| Anti-virus and Microsoft Anti-Spyware.
|
| Just curious!
|
| Thanks!
|

Nope, there isn't. There is also the problem that many infectors, viral and non-viral, may
use the name of legitimate files. Some examples are; LSASS.EXE, SVCHOST.EXE and CSRSS.EXE.
Therefore, the name doesn't help. It is a combination of the file's name and where the file
is running from that can indicate if it is a legit. file or malware. That's the objective
of the malware author. To confuse the user into thinking it is a legitimate file when it is
not. If you were to find SVCHOST.EXE running on a Win9x/ME PC the chances of it being an
infector is extremely high. Note also that many infectors use a variation of the name. For
example SCVHOST.EXE and KLSASS.EXE.

Process Explorer from Sysinternals can help make the determination because you can see the
fully qualified path to the executed file.
http://www.sysinternals.com/Utilities/ProcessExplorer.html

Another handy tool from Sysinternals is TCPView
http://www.sysinternals.com/Utilities/TcpView.html
This utility can show you the fully qualified name and path of a file connecting to the
Internet via a TCP or UDP protocol and to what Internet site it is connected to.
 
Scott Micale said:
I was wondering if there is a tool out there that will look at your
processes that are running Under Task Manager and tell you whether or not
they are legit processes or something that could be a virus, spyware, or
some other malicious type of program running. I am currently running
Norton Anti-virus and Microsoft Anti-Spyware.

Try the Advanced Tools in MSAS Beta. From the main screen Advanced Tools ==>
System Explorers ==> Running Processes. Clicking on each process will tell
you any information about the process that the program can find, path,
copyright etc. It won't find root kits or some well hidden malware but you
already have it installed.

Kerry
 
Hello Scott,

Thanks for your posting!

I think you may attempt to trace the process using Process Explorer tool
and try to see if there is any third party DLL file massing up the process.

Download and install the Process Explorer.
<http://sysinternals.com/ntw2k/freeware/procexp.shtml>

Hope the information helps.

Best Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| From: "Scott Micale" <[email protected]>
| Subject: Support tool
| Date: Mon, 31 Oct 2005 08:17:53 -0500
| Lines: 11
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
| Message-ID: <#[email protected]>
| Newsgroups: microsoft.public.windowsxp.help_and_support
| NNTP-Posting-Host: wireless.speedynet.net 216.29.29.21
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windowsxp.help_and_support:192049
| X-Tomcat-NG: microsoft.public.windowsxp.help_and_support
|
| I was wondering if there is a tool out there that will look at your
| processes that are running Under Task Manager and tell you whether or not
| they are legit processes or something that could be a virus, spyware, or
| some other malicious type of program running. I am currently running
Norton
| Anti-virus and Microsoft Anti-Spyware.
|
| Just curious!
|
| Thanks!
|
|
|
 
Hello Scott,

Use Google to find out information about process that seems suspicious
to you. Some time ago I wanted to find more information on alg.exe and
the google bring me this link -
http://www.liutilities.com/products/wintaskspro/processlibrary/alg/.
Seems that WinTasks program is the one you are looking for.

Anyway it is better to stay protected by running your program under an
account that is not belongs to the admin group. Here you may read more
on this -
http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157866.aspx.

If your are looking for the program that may helps you to run
applications under predefined accounts then check SafeLauncher
(http://www.bytesroad.com/sl/).
I am using it to run all the programs (under account that belongs to
the Guest group) that require connection to internet (IE, ICQ,
Firefox). Have not meet any spyware, viruses or any other malicious
programs since I was start using it :)

Regards,
Philip
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Back
Top