Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager help.


  • Please log in to reply
5 replies to this topic

#1 bigdaz

bigdaz

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:uk
  • Local time:12:18 PM

Posted 14 June 2010 - 04:49 AM

Hi, a general question really. If i was trying to locate whether a proccess running in task manager was genuine or not. Is there a way possibly with command prompt where it would be able to show the path of where the .exe running in task manager is located on my hard drive. I use HighjackThis to solve certain issues and this programme will list a files location on the hard drive, is there maybe another programme that would find the location from the information from task manager ie:PID/.exe.
An example would be at the moment i was trying to find out whether the process 'csrss.exe' was the genuine one or one of the many viruses/spyware floating around, 90 percent certain its ok and the exe is in my system32 folder where it should be, but an example is how i could check that this is the one running in task manager, hence my post.
Hope i posted in the right section as its related to XP task manager not really viruses. Thanks.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:18 AM

Posted 14 June 2010 - 06:50 AM

What is csrss.exe?
A Microsoft Windows file stored in the c:\windows\system32 or c:\winnt\system32 directory that has the file description: "Client Server Runtime process." This file
Is this file a spyware, trojan, or virus?
The csrss.exe file included with Microsoft Windows is not spyware, a trojan, or a virus. However, like any file on your computer it can become corrupted by a virus, worm, or trojan. antivirus programs can detect and clean this file if it has become infected. Because this file is part of Microsoft Windows users should never delete or remove this file if they think it is infected, let the antivirus program handle it.
It can be infected like most files - Please download and run Malwarebytes (free) from C net downloads , and re run your AntiVirus -
If you do not have one then just load Microsoft Security Essentials (free)
Thank You - :thumbsup:

Edited by noknojon, 14 June 2010 - 06:52 AM.


#3 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:18 PM

Posted 14 June 2010 - 08:11 AM

You cannot look at the full process path name in the TaskManager. However, you can use Process Explorer to have a look at the Command Line. You will have to right click on column headers and choose Select Columns and select Command Line.

#4 joseibarra

joseibarra

  • Members
  • 1,258 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:01:18 PM

Posted 14 June 2010 - 08:15 AM

You may also enjoy Process Explorer.

PE is Task Manager on steroids.

You can see more information by selecting certain columns to display like Company Name and Path - some of which are not available in TM.

With Process Explorer you can see what is "really" running, expecially behind those multiple svchosts you see running in Task Manager. You'll like PE when you get the hang of it.

PE installs nothing - it just runs on demand.

Get PE here:

http://technet.microsoft.com/en-us/sysinte...s/bb896653.aspx

Here is a good BC article about figuring out some of that stuff:

http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchost.exe-process/

Edited by joseibarra, 14 June 2010 - 08:16 AM.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#5 bigdaz

bigdaz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:uk
  • Local time:12:18 PM

Posted 14 June 2010 - 08:19 AM

Thanks for the reply but i was really only using csrss.exe as an example of the reason why i would like to know if there was a way of tracing where on my system a process running in task manager is actually insatalled to, its path c:\windowws\ect... So if i am unsure of a process i can easily check if the process running in task manager is located in the directory where it should be legitimatly installed to.
I know i could just do a search, but having three 500gb hard drives would take a while so was hoping that with the .exe name and pid from task manager would be possibleto trace. Thanks.

#6 bigdaz

bigdaz
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:uk
  • Local time:12:18 PM

Posted 14 June 2010 - 08:39 AM

Thanks guys, Proccess Explorer just the ticket, thanks for the help, never knew what half the svchost.exe were or what were they were upto untill i looked on Proccess Explorer.
Great, thanks again all the information i needed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users