Legitimate Processes vs. Malware Processes

Q

How to tell if a process is legitimate?

✍: FYIcenter.com

A
When you are looking at the process list on the Task Manager window, you may notice some strange processes that constantly or periodically takes some CPU usages. Then you need to spend some time to review this process to make sure that it is legitimate.

You can follow this tutorial to review process detail information and identify malware process:

  • 1. Review the process name. Look at the name of the process and go a search on the Internet about this process name. You may find reports that will help you to identify this process as a malware process. For example, farmmext.exe is a well known malware process name of Transponder parasite.
  • 2. Sometimes, malware developer will name malware processes dynamicall with random characters. In this case, you will find nothing on the Internet about this random process name. For example, Trojan Vundo uses random names like yjftplam.dll.
  • 3. Sometimes, malware developer will name malware processes with process names of legitimate programs like iexplore.exe, with is the process name for Microsoft Internet Explorer. For example, Trojan Boxer uses iexplore.exe as the malware process name.
  • 4. If you failed to identify the malware by the process name, you should search the hard disk for that process name by clicking Start > Search.
  • 5. If the process name is found on the hard disk, click right mouse button on the process name, and select Properties. Review all properties including "Location", "Modified", "Copyright", etc.
  • 6. "Location" tells you where the suspected program file is stored in the file directory tree. If this directory name is not any application names installed by youselft, then the suspected program file is very likely a malware.
  • 7. "Modified" tells you when was the last time the suspected program file got modified. If this date is newer than the last time you have installed any application, then the suspected program file is very likely a malware.

  • 2007-01-21, 9110👍, 0💬