System process or trojan?

Discussion in 'OT Technology' started by Gotcha38, Apr 17, 2009.

  1. Gotcha38

    Gotcha38 OT Supporter

    Joined:
    May 9, 2004
    Messages:
    15,681
    Likes Received:
    0
    Location:
    South Carolina
    I was searching around to see what processes I could stand to not have running. In the process some of my running processes were also flagged as part of trojan viruses.

    How can I tell the difference between a program that's running normally and a virus posing as one?

    List of everything running.
    [​IMG]

    I'm sure this is a very basic and juvenile question. Just a quick concise answer is all I'm asking for. :)
     
  2. Doomsday

    Doomsday XXX

    Joined:
    Mar 14, 2000
    Messages:
    14,902
    Likes Received:
    0
    Location:
    Minnesota
    depends
    google the file and it should tell you what to look for
    one example is that a fake file might be running from 'c:\windows' but the real file should be running in 'c:\windows\system32\'
     
  3. pbcustom98

    pbcustom98 New Member

    Joined:
    Apr 13, 2007
    Messages:
    2,787
    Likes Received:
    0
    Location:
    at a theater near you!
  4. Gotcha38

    Gotcha38 OT Supporter

    Joined:
    May 9, 2004
    Messages:
    15,681
    Likes Received:
    0
    Location:
    South Carolina
    So if there's a file with the same name anywhere else besides "system32" I should delete it?

    I'm not really interested in any radical changes. I was really just interested in what all the processes did, and noticed that some running had names that were associated with viruses. So I want to make sure I don't have any of those.
     
  5. Gotcha38

    Gotcha38 OT Supporter

    Joined:
    May 9, 2004
    Messages:
    15,681
    Likes Received:
    0
    Location:
    South Carolina
    smss.exe, csrss.exe, and services.exe were three that came up as possibilitys during my research. Maybe lsass.exe too.
     
  6. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0
    run virus scan and malware scanning software?

    all of those processes that you mentioned are system processes and a virus/trojan may be pretending to be that. i remember some trojan that i had years ago that was called explore.exe so it wasn't obvious what it was when you looked at running processes.

    do not touch those and don't remove anything from system32. just get software to scan for you.
     
  7. Gotcha38

    Gotcha38 OT Supporter

    Joined:
    May 9, 2004
    Messages:
    15,681
    Likes Received:
    0
    Location:
    South Carolina
    I've got McAfee Security Suite free from when I got the computer, and it's not going nuts so I should be fine right?

    What's a good malware scanner these days?
     
  8. trouphaz

    trouphaz New Member

    Joined:
    Sep 22, 2003
    Messages:
    2,666
    Likes Received:
    0

    who knows. it all depends on whether or not you're keeping the program and virus data up to date.

    by the way, you have no reason to be worried right now. yes, the processes that you list may or may not be a trojan, but they are almost always normal system processes. so, unless you have something telling you that one or more of them are infected, don't worry about it.

    i'd recommend AVG or Avast as a good free virus scan tool. ad aware was a good program for other shit too at one point, but i don't know if it is still any good.
     
  9. Gotcha38

    Gotcha38 OT Supporter

    Joined:
    May 9, 2004
    Messages:
    15,681
    Likes Received:
    0
    Location:
    South Carolina
    I'll look into AVG and Avast. Thanks for the help. :bowdown:
     
  10. DigiCrime

    DigiCrime If Only!

    Joined:
    Oct 25, 2001
    Messages:
    33,014
    Likes Received:
    101
    Location:
    St. Louis
    Not all AV software will detect the same things. What goes as a virus/spyware by some, another AV may not know it is depending on definitions that were loaded into the AV software.

    Try running a scan across your computer anyway with a program like malware antibytes
     

Share This Page