Identify Suspicious And Unknown Windows Processes

How to know if any of the windows processes might happen to be a dangerous program. How to check it on the internet and get information from any unknown application running on your computer.
Any computer which becomes unstable or slow may indicate the presence of malware.
Other frequent signs are the appearance of windows, bars in the browser and strange unwanted effects.
Sometimes the scanning with the antivirus does not indicate any issue, but we can never be 100% sure.
One of the ways to detect any infection is to regularly check the processes running on your computer.
When detecting any of these processes that are suspect, we can verify it by accessing the online databases, and in case it is harmful, or delete it manually.

What are Windows Processes?

Windows Processes are the tasks running in Windows either by itself or external programs or applications.
Any program, application or software has an assigned process that is the one starts it.
For the user to be able to see and know the processes are running, get information about them, stop them or change the way they are executed, Windows includes the Task Manager tool the Processes tab.
The Task Manager can be used for any of the following purposes:

  • Stop an unresponsive program.
  • End an application that consumes extra memory in CPU.
  • Suspend applications installed secondarily by programs.
  • Stop processes that consume a lot of bandwidth and slow down internet browsing, such as those used by programs to upgrade.
  • Detect viruses and malware that has come up with 3rd party software.

***Those who have more experience in using Windows to detect any different operation of the computer such as slow or other strange symptoms, open the Task Manager recognize any running process that is not normal.***

The Windows 8 Task Manager

In Windows 8, the Task Manager offers a different interface than the previous operating systems.
It has more options dividing the processes into groups, showing them with an icon and making them easier to identify.
However, it shows the process name instead of the file name.
This can make some tasks easier or harder.

windows processes

 

 

 

 

 

 

 

 

 

 

 

 

 

How to stop any Process in Task Manager

To stop any process just click on the right mouse button and choose: “End task. ”

windows processes

 

 

 

 

 

 

 

 

 

 

 

 

How to detect and identify unknown possibly harmful Process

Most processes can be easily identified because they correspond to the name of the program,

for example: Chrome.exe, firefox.exe, winword.exe

Sometimes the name does not say much but contains detailed description like:

MsMpEng.exe – Antimalware Service Executable (Windows Defender)

By right clicking on a process we can explore the location of the executable, but even s, there are cases that we can not identify them correctly.

Typical Windows 7 and 8 Processes

Some processes may raise suspicions but are typical of Windows such as:

  • Explorer.exe – Windows Explorer
  • Csrss.exe – Windows interface client. It has to be in the path C: \ Windows \ System32, some viruses create infested versions in C: \ Windows.
  • Svchost.exe – Container of various Windows services, there are usually several processes with the same name.
  • MsMpEng.exe – Antimalware Service Executable (Windows Defender)
  • TaskHost.exe – Is a process that executes various tasks in the background, which are requested by program or Windows DLL libraries. In Windows 8 it is activated when there is an internet connection to update information of the applications of the home screen (Time, Sports, etc.).
  • Dwm.exe – Desktop Manager.
  • Audiodg.exe
  • conhost.exe – Console window host
  • dllhost.exe
  • dwm – Desktop window manager
  • lsass.exe – Local Security Authority Process
  • lsm.exe
  • ntoskml – System
  • runtimeBroker.exe
  • searchFilterHost.exe
  • searchIndexer.exe – Microsoft Windows Indexer Search
  • searchProtocolHost.exe
  • services.exe – Service application and driver
  • smss.exe – Windows session manager
  • spoolsv.exe – Queue subsystem application
  • taskmgr.exe – Task manager
  • taskhost.exe – Host process for Windows tasks
  • wininit .exe – Windows startup application
  • winlogon.
  • Exe – Windows logon
  • wlms.exe, wmpnetwk.exe, wuauclt.exe

Most viruses mask themselves using names like common Windows processes, such as Svchost.exe.
To detect them, anti-virus programs check their version.

Processes that can be dangerous in Windows

One of the most controversial Windows processes is “wscript.exe” (Windows Script Host).
It is the Windows console to run the files written in the VBScript language.
Some viruses are run using this process, so it does not draw attention, examples are the virus Recycler or Mugen.vbs
This process always indicates that a script is running on the system, if we have not voluntarily initiated it, then indicates Malware.
In case you find some mysterious process that apparently has nothing to do with any Windows application or ours, we can stop it to see what happens.

Tools to detect and identify unknown processes

Below are recommended free applications that we can use to know any suspicious process and identify it correctly.

Process Explorer
Process Explorer is a Microsoft application that shows processes in an advanced way with much more information than the task manager offers.
Of course, it is only useful for those who wish to obtain additional data, not for the ordinary user.
The sample of each process the threads that compose it.
The online search provided is insufficient.

You can get it here

System Explorer

Excellent free application to obtain information and to manage the tasks and processes in Windows.
Similar to the Task Manager, but with additional options. It does not replace it.
Add a link next to each process, which when opened paves the browser with a query in the service database.
It also gives you the option to check any of the processes in the Virus Total service.

Download Link:

Internet services where you can find information about suspicious processes

File.net
File.net is an online service where to make any inquiry about a suspicious process.
It shows enough information about each query.
To obtain information about a suspicious process, enter your name on the service form.

Download Link:

windows processes

How to delete the file that starts a dangerous process?

After checking that a process can be harmful to our computer, to remove the file that starts it is necessary to stop it.
In the case of difficulty, you can use applications like Unlocker or initiate the computer in Safe mode.

 

Add a Comment

Your email address will not be published. Required fields are marked *