about help with processes or .exe on my pc

BleepingComputer.com: about help with processes or .exe on my pc

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

about help with processes or .exe on my pc norton quarantined one and detects some others

#1 Jewelleria

Member

Group: Members
Posts: 69
Joined: 28-June 09

Posted 31 October 2009 - 01:06 AM

Norton security quarantined updater.exe, it just said that I was the first one to download this, and not enough was known about it. I wasn't even on my pc today, so I don't know who downloaded this.

There are other things like IP 192.168.1.47
IP: fe80::d164:2220:9597:d416%8
MCUI32.exe
WerFault.exe
explorer.exe
2 iexplore.exe, one using 49,712 and the other using 6,052
system32/csrss.exe
system32 wercon.exe

Rule "Default block Windows File Sharing" blocked communication. Process name is "System".

I was just wondering if there is a safe site that I can use to look these up, and some processes that I was wondering about. If someone could let me know thanks in advance.

#2 quietman7

Bleepin' Janitor

Group: Global Moderator
Posts: 25,109
Joined: 09-July 05
Location:Virginia, USA

Posted 02 November 2009 - 11:45 AM

Most of the processes in Task Manager will be legitimate as shown in these links.

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following databases:

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program so that it can run automatically each time the computer is booted. A file's properties may give a clue to identifying it. Right-click on the file, choose Properties and examine the General and Version tabs.

Tools to investigate running processes and gather additional information to identify them and resolve problems:

These tools will provide information about each process, CPU usage, file description and its path location If you right-click on a file and select properties, you will see more details.

Anytime you come across a suspicious file for which you cannot find any information about, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

You can investigate IP addresses and gather additional information at: