dserban 0 Report post Posted September 9, 2007 (edited) On your computer, tens of hidden processes might run silently in the background. Some consume system resources, radically slowing your PC. Other useless processes contain spyware and Trojans - at least violating your privacy. This process and DLL library is a great free resource for anyone who wants to know the exact purpose of every process.http://forums.xisto.com/no_longer_exists/It's pretty good, but it needs a search feature instead of having to use Ctrl-F.Sure it tells you handy information about processes like svchost.exe but it doesn't tell you why on your Vista you have all of your svchost.exe's taking 200MB of RAM.Also check out:http://www.processlibrary.com/en/Article "How to Clean Up a Windows Spyware Infestation":https://blog.codinghorror.com/how-to-clean-up-a-windows-spyware-infestation/Edit:I just found one more Internet resource for this. Follow these instructions:1) Identify the base name of the suspicious file (e.g. mdm.exe or secdrv.sys) - base name is the opposite of a fully qualified name (which means that the base name does not include the full path).2) Create a link by filling in this base name as follows:http://www.neuber.com/taskmanager/process/Examples:http://www.neuber.com/taskmanager/process/mdm.exe.htmlhttp://www.neuber.com/taskmanager/process/secdrv.sys.htmlIt's a mix of comments in both English and German, but it's very interesting because even as those comments are filtered and moderated, you still get some useful feedback from people who were burned badly by some of these pieces of malware.I am a little bit cautious about recommending the download of anything from a site that ends in .ru, but today I was in a brave mood and I downloaded the so-called "Hidden Processes Detector - Process Walker" from:http://forums.xisto.com/no_longer_exists/The site looks like a legit rootkit detection / removal project.I scanned pwalker.exe using my standalone virus scanner and I ran it through https://www.virustotal.com/ - it came out almost clean. I say "almost clean" because out of 31 virus scanning engines, only one thinks it's a suspicious file - Panda.The output of pwalker.exe is a list of processes running on your computer, along with an indication whether it's a visible or hidden process.However, I have to say that this program leaves autorun entries in the registry, which I had to manually go in and remove afterwards. Edited September 10, 2007 by dserban (see edit history) Share this post Link to post Share on other sites
wutske 0 Report post Posted September 9, 2007 (edited) bookmarked^2 . About the svchost process, try Process Explorer, if you hover over one of the many svchost.exe processes, then it'll show you which service it's hosting: Edited September 9, 2007 by wutske (see edit history) Share this post Link to post Share on other sites
WaLhEZ 0 Report post Posted September 9, 2007 bookmarked^2 . About the svchost process, try Process Explorer, if you hover over one of the many svchost.exe processes, then it'll show you which service it's hosting: sure, and dserban you can download process explorer of here : http://www.microsoft.com/err/technet/ Share this post Link to post Share on other sites
tansqrx 0 Report post Posted September 10, 2007 The trick about scvhost is it should only run under system credentials. That is when you view the Task Manager and look at the User Name (view > select columns.. if you don’t see it), you should only see SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. If you ever see your logged on user name then you have a problem. Share this post Link to post Share on other sites
iGuest 3 Report post Posted March 27, 2009 svchost.exe process viewerA Very Comprehensive Windows (vista And Xp) Process And Dll Library> About the svchost process, ...Even better is the "Svchost Process Analyzer" from http://www.neuber.com/free/svchost-analyzer/-reply by Utepro Share this post Link to post Share on other sites