Here’s a question that I get a lot of via email, twitter and youtube -
“Matt, can you tell me how I can identify malware using the Windows Task Manager?”
Sure, but you must understand that using the task manager to identify malware is just one part in the malware identification and removal process. The task manager allows you to find blatant, unhidden pieces of malware and terminate their process. I use this technique to speed up the removal process.
- Load the task manager by clicking ctrl-alt-del at the same time and click start task manager.
- Click Processes.
- Click Show Processes From All Users.
- Click Image Name. This will arrange the processes by name.
- Observe the image names and look for anything running that contains.
- random letters or numbers (like 573476.exe or shdgegage.exe or 1.exe).
- has “security” in the name and ends in .exe.
- is not part of the normal Windows OS or standard applications (obviously this takes experience).
- rundll32.exe is running even if you never called it (ie – opening add/remove programs).
- iexplore.exe (internet explorer) is running even though it’s not visibly open.
{ 7 comments… read them below or add one }
Matt,
Have you ever heard of Shadow Defender?
It’s a virtualization software similar to Returnil, but that one doesn’t have an antivirus bundled with it.
It seems to be light on resources and efective.
Is there any chance you do a review about it?
Thanks in advance.
@Victor – yeah, I have heard about it and they are sending me a demo lic for it (so I can review it).
@Matt – Nice to hear you’re going to receive a demo license of Shadow Defender.
It will be interesting to compare Shadow Defender with Returnil that you previously reviewed.
I’m sure your subscribers will like to know about this new virtualization software.
Thank you very much for your reply!
Hey Matt, you look like “Leonard” from the tv show “The Big Bang theory” LOL
Hi there, I am trying to fight the vundo trojan on my laptop (it got me good) and have been reading all your stuff on the matter. First let me thank you for all the great information.
Second, I have run (in this order) my mcafee system, ccleaner, super antispyware, malwarebytes, and when I run a mcAfee scan it says the PC is clean, which seems odd because as I understand it, none of these removal tools hit the rootkits. Am I wrong?
I downloaded hijackthis, should I also run that?
Also many people tell me to run combofix and/or vundofix. Combofix seems way beyond my level of expertise, and I dont want to deal with reloading my OS if I screw this up.
Finally, I am completely comfortable paying (at this point) for anti-malware programs that will definitively get rid of the vundo trojan – are there any?
I’m about to get a new PC with Windows 7 on it. I intend to take screenshots of Task Manager. Before I take it on the internet.
I’ll start the programs installed such as Office, Windows Movie Maker and so on so that I’ll know what their entries are. And “shoot” them.
Also screenshots of the entries from it’s first trip on the internet. My AV’s also.
That will give me a list for comparison. Then I’ll know if spooky entries starts running. If they were not on my screenshots of new clean PC then what are they doing there now?
I intend to keep it updated and “screenshoot” every new app I install.
But: can such lists be found somewhere? Lists of legit entries in Task Manager? Would make my mission a lot more qualified.
Hi
First of all thank you very much for this wbsite for any virus problems and solutions. as you have explained the importance of win update, I am trying to update my windows XP 32bit and I get following message; The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. secondproblem is I cannot open the following folders such as; add or remove programms and TAsk Manager, I get the following message;Windows cannot find ‘C:\WINDOWS\system32\rundll32.exe’. ake sure you type the name correctly, and then try again. Could you please tell me the solution to these problems.
Thank you
Z Malik