Jump to content
xisto Community
Sign in to follow this  
dserban

A Very Comprehensive Windows (vista And Xp) Process And Dll Library

Recommended Posts

On your computer, tens of hidden processes might run silently in the background. Some consume system resources, radically slowing your PC. Other useless processes contain spyware and Trojans - at least violating your privacy. This process and DLL library is a great free resource for anyone who wants to know the exact purpose of every process.

http://forums.xisto.com/no_longer_exists/

It's pretty good, but it needs a search feature instead of having to use Ctrl-F.
Sure it tells you handy information about processes like svchost.exe but it doesn't tell you why on your Vista you have all of your svchost.exe's taking 200MB of RAM.

Also check out:

http://www.processlibrary.com/en/

Article "How to Clean Up a Windows Spyware Infestation":
https://blog.codinghorror.com/how-to-clean-up-a-windows-spyware-infestation/

Edit:
I just found one more Internet resource for this. Follow these instructions:
1) Identify the base name of the suspicious file (e.g. mdm.exe or secdrv.sys) - base name is the opposite of a fully qualified name (which means that the base name does not include the full path).
2) Create a link by filling in this base name as follows:
http://www.neuber.com/taskmanager/process/

Examples:
http://www.neuber.com/taskmanager/process/mdm.exe.html
http://www.neuber.com/taskmanager/process/secdrv.sys.html

It's a mix of comments in both English and German, but it's very interesting because even as those comments are filtered and moderated, you still get some useful feedback from people who were burned badly by some of these pieces of malware.

I am a little bit cautious about recommending the download of anything from a site that ends in .ru, but today I was in a brave mood and I downloaded the so-called "Hidden Processes Detector - Process Walker" from:
http://forums.xisto.com/no_longer_exists/
The site looks like a legit rootkit detection / removal project.
I scanned pwalker.exe using my standalone virus scanner and I ran it through https://www.virustotal.com/ - it came out almost clean. I say "almost clean" because out of 31 virus scanning engines, only one thinks it's a suspicious file - Panda.

The output of pwalker.exe is a list of processes running on your computer, along with an indication whether it's a visible or hidden process.

However, I have to say that this program leaves autorun entries in the registry, which I had to manually go in and remove afterwards.

Edited by dserban (see edit history)

Share this post


Link to post
Share on other sites

bookmarked^2 :blink: . About the svchost process, try Process Explorer, if you hover over one of the many svchost.exe processes, then it'll show you which service it's hosting:

Posted Image

Edited by wutske (see edit history)

Share this post


Link to post
Share on other sites

The trick about scvhost is it should only run under system credentials. That is when you view the Task Manager and look at the User Name (view > select columns.. if you don’t see it), you should only see SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. If you ever see your logged on user name then you have a problem.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.