Saturday, October 31, 2009

SYSTEM PROCESSES -AFFECTED BY VIRUSES


svchost.exe
This is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs. This program is important for the stable and secure running of your computer and should not be terminated.

  • We can open the Control Panel -> Administrative tools -> Services, double click Alerter service, and find the executable file path is C:\WINDOWS\system32\svchost.exe -k LocalService and the executable file path of Server service is C:\WINDOWS\system32\svchost.exe -k netsvcs.
  • By calling services in this way can save a lot of system resources and therefore we can find a number of svchost.exe in Task Manager.

In fact, they are just the system services. However, if you find more than six svchost.exe processes in your system, you must be careful and check if certain viruses exist, especially if the executable file of the svchost.exe is NOT located in C:\WINDOWS\system32.

explorer.exe
This process is the Windows Explorer. By default it starts with the system together. If you find the executable file path is not C:\Windows, you must pay attention to it.

iexplore.exe
It is a process generated by Microsoft Internet Explorer. It is located in C:\Program Files\Internet Explorer\. Until you manually moved its location, if you find this file at other directories, it could be a virus. Sometimes if we do not run IE but the iexplore.exe process still exists in the system, it could be:

1. a virus is running in the name of iexplore.exe

2. a virus is secretly doing bad things through iexplore.exe at the background. In this situation, we recommend you to use antivirus software to scan your computer.

rundll32.exe
This is a process which executes DLL's and places their libraries into the memory, so they can be used more efficiently by applications. This program is important for the stable and secure running of your computer and should not be terminated. It is located in C:\Windows\system32 otherwise it is a virus.

spoolsv.exe
This is a Microsoft Windows system executable which handles the printing process. This process is not critical to the running of the system.If you don't have any printer devices, you should stop this service to save the system resource.

In general, if we find a suspicious process, by carefully checking its name and executable file path, the ordinary virus will certainly be exposed.

.

No comments:

Post a Comment