Find your solution!

GeoRanger · 05-Jul-2009, 10:09 PM #1

Hello:

Concerning Windows XP... In working on a MalWare infection, I found references (some in advertising) to the notion that Task Manager will not show all of the processes running on your system.

1. Are there any processes other than rootkit-type MalWare which would not be shown in Task Manager? Or to put it another way, would any legitimate process not be shown in Task Manager? If so, is there some common name for such processes?

2. If legitimate processes wouldn't show, why not?

3. Would a legitimitate process like this (assuming there are any) show up in a program that finds rootkits? If not, are there any programs which will show them?

I no longer trust my Windows installation and am going to rebuild it from the ground up. I want to keep track of each and every process that runs on the rebuild so I'll have a leg up if/when something goes wrong next time.

Thanks for any info

lunarlander · 05-Jul-2009, 10:48 PM #2

Sysinternals has 2 free programs which may interest you, Process Explorer and RootKitRevealer. Google for them. The company is so good that MS bought them.

**Elvandil** · 06-Jul-2009, 12:08 AM #3

Rootkits use drivers to take control of the kernel at boot. They can hide anything that you can see in Windows. There are also ways of hiding legitimate programs.

Offline scans can see and detect these infections.

Process Hacker (Allows editing memory, shows hidden processes, similar to Sysinternals Process Explorer with more features - can replace normal Task Manager) can also find hidden processes by checking each PID and comparing it to the Task Manager list. Look under "Tools".

Sevvie · 12:41 PM

Use Sysinternals tools and also check out www.fileinspect.com for references.

**Elvandil** · 12:42 PM

Quote:

Originally Posted by Sevvie

Use Sysinternals tools and also check out www.fileinspect.com for references.

Your link does not exist as a web site.

Phantom010 · 06-Jul-2009, 09:44 AM #6

Sysinternals Security Utilities

perfume · 06-Jul-2009, 11:58 AM #7

Dear Elvandil,
Thanks for the Process Hacker!

**Cookiegal** · 06-Jul-2009, 12:42 PM #8

Quote:

Originally Posted by Elvandil

Your link does not exist as a web site.

There was a typo in the actual link and I've fixed it.

**Elvandil** · 11-Jul-2009, 10:27 PM #9

Quote:

Originally Posted by Cookiegal

There was a typo in the actual link and I've fixed it.

Thanks. I missed that "s" when I first glanced at it.

Quote:

Originally Posted by perfume

Dear Elvandil,
Thanks for the Process Hacker!

You're welcome. It is a great tool. Keep up to date since it is getting better all the time.

Download and install all (or your chosen) Sysinternals tools automatically with the Sysinternals Installer.

Tag Cloud
adware audio bios blue screen boot bsod card computer crash dell desktop driver email error excel firefox freeze freezing google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem router screen server slow sound speakers spyware startup trojan usb video virus vista vundo windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for: