Most of the processes in Task Manager
will be legitimate as shown in these links.
Determining whether a file is malware or a legitimate process usually depends on the location
(path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program
(AcroRD32.exe: Added by the Troj/Dloadr-BDK Trojan
) or service
so that it can run automatically each time the computer is booted. Keep in mind that a legitmate file can also be infected by some types of malware such as Virut
which is a dangerous polymorphic file infector
. A file's properties may give a clue to identifying it. Right-click
on the file, choose Properties
and examine the General and Version tabs.
Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location.
Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example
Or search the following databases:
If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan
. In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.