Your link is not loading for me so I cannot see the list of processes.
Most of the processes in Task Manager
will be legitimate as shown in these links.
It is not uncommon to have a lot of running processes showing in Task Manager. For instance, Svchost.exe
is a generic host
process name for a group of services that are run from dynamic-link libraries (.dll's
) and can run other services underneath itself. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. It is not unusual for multiple instances of Svchost.exe running at the same time
in Task Manager in order to optimize the running of the various services.
- svchost.exe SYSTEM
- svchost.exe LOCAL SERVICE
- svchost.exe NETWORK SERVICE
Each Svchost.exe session can contain a grouping of services, therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging. The process ID's (PID's) must be checked in real time to determine what services each instance of svchost.exe is controlling at that particular time.
Determining whether a file is malware or a legitimate process usually depends on the location
(path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another technique is for the process to alter the registry and add itself as a Startup program
so that it can run automatically each time the computer is booted. Keep in mind that a legitimate file can also be infected by some types of malware such as Virut
which is a dangerous polymorphic file infector
. A file's properties may give a clue to identifying it. Right-click
on the file, choose Properties
and examine the General and Version tabs.
Tools to investigate running processes and gather additional information to identify them and resolve problems:-- These tools will provide information about each process, CPU usage, file description and its path location.
-- System Explorer provides a security check of running processing using their online security database when you first launch the program. If you want process the initial scan, press the "Start Security Check" button. Keep in mind, that the check is not a guarantee of what is or is not detected as malware. Further investigation is always recommended. At the Security Check page you can also check the file through the VirusTotal database by pressing the Check MD5 button.
Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example
Or search the following databases:
If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:
In the "File to upload & scan
" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.