You are here: Home > task manager
Tag Archives | task manager

Identifying Malware Using The Task Manager

Here’s a question that I get a lot of via email, twitter and youtube -

“Matt, can you tell me how I can identify malware using the Windows Task Manager?”

Sure, but you must understand that using the task manager to identify malware is just one part in the malware identification and removal process.  The task manager allows you to find blatant, unhidden pieces of malware and terminate their process.  I use this technique to speed up the removal process.tasks1

  1. Load the task manager by clicking ctrl-alt-del at the same time and click start task manager.
  2. Click Processes.
  3. Click Show Processes From All Users.
  4. Click Image Name.  This will arrange the processes by name.
  5. Observe the image names and look for anything running that contains.
  • random letters or numbers (like 573476.exe or shdgegage.exe or 1.exe).
  • has “security” in the name and ends in .exe.
  • is not part of the normal Windows OS or standard applications (obviously this takes experience).
  • rundll32.exe is running even if you never called it (ie – opening add/remove programs).
  • iexplore.exe (internet explorer) is running even though it’s not visibly open.


Read full story · Comments { 7 }

Muliple RunDLL32.exe’s in Task Manager? That Dern Conficker…

I ran up against a little issue in a small 10 person office that sorta stumped me for a few hours.  At random times during the day client pc’s would spawn dozens of rundll32.exe processes and effectively render the pc useless (it sucked up all the ram).

The cause?

These boxes were infected with Conficker at one point which created dozens of scheduled tasks.  These scheduled tasks spawn all those RunDll32.exe’s.  I simply deleted the tasks and have not seen a recurrence of all those RunDll32.exe processes.

Also, sorry I haven’t posted much this week, I had a nasty flu.

Read full story · Comments { 6 }

Remove-Malware Traffic Stats