Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scared to act


  • Please log in to reply
1 reply to this topic

#1 vegasripper2004

vegasripper2004

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 16 February 2009 - 05:20 AM

since ive gotten this computer, it just seems to stand out a little that i have these programs that i can see on my task maanger under process's that i dont even know. i dont know if htye were there before or not.
so i researched the sites, and im kinda afraid of what the outcome might be if i try to remove them
the list of the things that i have searched on this site that came out a a virus or so on are:
crss.exe
ctfmon.exe
Isass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
wdfmgr.exe
wmiprvse.exe
wscntfy.exe

some of them under the user name "system" and some under local service, pc-1 etc. example my svchost.exe comes out 5 times.
1x in local service, 2x in network service, and 3 times in SYSTEM.

dunno if im supose to delete them i have already downloaded autoruns, that im supose to run in safemode to get rid of them but im hella scared that it my comp wont boot, help me out please.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:05 PM

Posted 16 February 2009 - 08:51 AM

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google or the following databases:Most of the processes in Task Manager will be legitimate as shown in these links.Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs). At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. It is not unusual for multiple instances of Svchost.exe running at the same time in Task Manager in order to optimize the running of the various services. The process ID's (PID's) must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time.

There are several ways to investigate and see what services a Svchost.exe process is controlling, see:Note: Process Explorer shows two panes by default: the upper pane is always a process list and the bottom pane either shows the list of DLLs loaded into the process selected in the upper pane, or the list of operating system resource handles (files, Registry keys, synchronization objects) the process has open. In the menu at the top select View > Lower Pane View to change between DLLs and Handles.

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location on your computer. Another techinique is for the process to alter the registry and add itself as a Startup program so that it can run automatically each time the computer is booted. A file's properties may give a clue to identifying it. Right-click on the file, Properties and examine the General and Version tabs.

To investigate all running processes and gather additional information to identify and resolve problems, you can also download and use:These tools will show the process CPU usage, a description and its path location. If you right-click on the file in question and select properties, you will see more details about the file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users