Anytime you come across a suspicious file, search the name using Google or the following links:BC's File DatabaseBC's Startup Programs DatabaseFile Research CenterThreatExpert Malware SearchIf no search results are found, you are given the option to "Submit a New Sample".
Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. A file's properties may give a clue to identifying it. Right-click
on the file, Properties
and examine the General and Version tabs.Rundll32.exe
is a legit Windows file that loads .dll files which too can be legit or malware related. When Windows loads, it looks for any files associated with registry entries for programs that are set to run at startup. This includes those .dll files (good or bad) related to Rundll32.exe.ehRecvr.exe
are related to Microsoft Media Center software.DLLhost.exe
is the Microsoft DCOM DLL Host Process that manages DLL based applications. alg.exe
is a core process (Application Layer Gateway Service) for Microsoft Windows Internet Connection sharing and Internet connection firewallnavapsvc.exe
is a part of the Norton AntiVirus application. smss.exe
is the session manager subsystem process which is responsible for starting the user session. mdm.exe
is running. Mdm.exe is Microsoft's Machine Debug Manager program which is included in Microsoft Visual Studio .NET, Microsoft Office 2007, Microsoft Office 2003, and a Microsoft Office XP post-Service Pack 3 release to provide support for program debugging. This is a non-essential process
and if you do not use your computer for debugging purposes, you can safely turn off the Machine Debug Manager.
If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis. In your list submit csvss.exe
and post back with the results of the file analysis.
...but I'll really be in trouble with my parents if they find out!
Getting infected with malware can happen to anyone. It does not always mean your doing something your not supposed to be doing or surfing to bad websites. You should tell your parents so they can learn and help you prevent things like this.