Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is There An Easy Way To Identify Programs In Taskmgr?


  • Please log in to reply
5 replies to this topic

#1 baso3456

baso3456

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Location:Wisconsin
  • Local time:06:57 PM

Posted 01 August 2006 - 03:06 AM

:thumbsup: Autoruns does not list svchost.exe but it is in windows task manager listed and running 6 times under various usernames. I have other programs running such as alg.exe. All of these are also listed as malware. How can I find out if they are legit or not? My previous post I found MDM.EXE as well. I am a bit confused. Are all bad malware listed with legitmate names and how can you tell for sure if your computer is running bad programs?

BC AdBot (Login to Remove)

 


#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:07:57 PM

Posted 01 August 2006 - 04:10 AM

Bleeping Computer Startup Programs Database:

http://www.bleepingcomputer.com/startups/

Please pay careful attention to the spelling.
At times there are similiar spellings,
between the good and the bad.

Edited by Scarlett, 01 August 2006 - 04:11 AM.

Posted Image

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 PM

Posted 01 August 2006 - 07:03 AM

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries called DLLs. This is a valid system process that belongs to the Windows Operating System which handles processes executed from DLLs. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging. The legit Svchost.exe file is located in the %SystemRoot%\System32 folder.

If its running as a startup/shows in msconfig, this can be bad. See here and here.
Also make sure of the spelling. If its scvhost.exe this a trojan. See here and here.

To view the list of services that are running in Svchost:
1. Click Start > then click Run.
2. In the Open box, type CMD
3. Then press ENTER.
4. Type: Tasklist /SVC
5. Then press ENTER.

For information about tasklist.exe, type the following at the XP command prompt: tasklist /?
For more information about a process, type the following command, and then press ENTER:
Tasklist /FI "PID eq processID" (with the quotes)

In addition to what Scarlett suggested, you can also download and use Process Explorer by Sysinternals to investigate all processes and gather additional information to identify and resolve problems.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 baso3456

baso3456
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Location:Wisconsin
  • Local time:06:57 PM

Posted 01 August 2006 - 11:37 AM

:thumbsup: Thankyou Scarlett and Quietman7 for the indepth answer.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 PM

Posted 01 August 2006 - 11:48 AM

Your welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:07:57 PM

Posted 01 August 2006 - 12:06 PM

Your welcome, happy to help.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users