Have you ever asked yourself the question: What are these processes running on my computer Windows ? Well, here's something interesting.
Many are unaware that hackers have a common trick up their sleeve: the RunPE technique. Basically, they take a completely normal process and subtly replace it with malware directly in the computer's memory.
So what seems harmless at first might actually be a wolf in sheep's clothing.
In this article, we'll first take a look at these sneaky processes. Next, we will discuss the risks they present. And finally, and most importantly, we will show you how to detect and eliminate suspicious processes.
What is a process?
Let's first see what a process is. Every time you launch an application on your computer, whether it's your browser, a game, or word processing software, you start what's called a "process."
Simply stated, a process is an instance of a running program. It's like a task that your computer must perform.
Each process uses system resources, such as CPU and memory, to function properly.
Difference between a normal process and a suspicious process
So how do you distinguish a normal process from a suspicious one?
Here are some clues:
- Name and description : Normal processes usually have a clear name and description that indicates their function, such as "explorer.exe" for explorer Windows. A suspicious process might have a vague or meaningless name.
- Resource Usage : Although some legitimate software can be resource intensive, constant excessive CPU or memory usage could be a sign of malware.
- Location : The legitimate processes of Windows are often stored in specific system folders. If you find a process running from a strange or temporary location, be vigilant.
- Behavior : If a process tries to connect to the Internet for no apparent reason or opens and closes spontaneously, this may be suspicious.
How to detect suspicious processes?
Detecting a suspicious process on your computer is essential to avoid security problems.
Here's how to do it in a simple and straightforward way:
- Start by open the Task Manager. To do this, right-click on the taskbar and choose "Task Manager".
- Next, examine the running processes, especially those that seem unfamiliar or use a large amount of resources.
- For processes that catch your attention, do a right click and select "Open file location". If the file is in an unusual location, this could be a red flag.
- Finally, if you have doubts about a process, search his name online. Feedback or reviews from other users can help you determine whether it is a legitimate or suspicious process.
How to eliminate suspicious processes?
Detecting a suspicious process is only the first step. It is equally crucial to know how to remove it securely and effectively.
Here is a procedure to follow:
- In Task Manager, right-click on the suspicious process and select "End of task". This will temporarily stop the process.
- If the process is related to an installed application or program, it is advisable to uninstall it. Access the Control Panel > Programs > Uninstall a program and search for the suspicious app.
- Run a full scan of your computer with a reliable antivirus. This will help identify and eliminate any potential threats. Make sure your antivirus is up to date to benefit from the latest virus definitions.
- If the process persists, restart your Windows in safe mode and try to eliminate it again. In this mode, only the essential processes of Windows are loaded, making malware removal easier.
- As a last resort, if the suspicious process persists, consider restore your system at an earlier date, before the appearance of the process in question.
Hunt Suspicious Processes with Process Explorer and VirusTotal
If the Task Manager gives us a first overview of the activities of our computer, it is with Process Explorer that we can really poke around.
And the coolest? He associates with VirusTotal, which sifts our files with lots of antiviruses. Indeed, together, they form a crack team to uncover the hidden processes.
Let's see how to use these two tools to better track suspicious processes.
- Start by download Process Explorer from the official Microsoft website, then unzip it and run "procexp.exe".
- Once inside Process Explorer, head to "Options", Next "VirusTotal.com". Activate the option "Check VirusTotal.com".
- Next, an additional column appears in Process Explorer. This column displays the VirusTotal score for each process.
- The interpretation of the scores is quite direct: a score of "0/60" means that the process is considered safe by VirusTotal's 60 antivirus programs. On the other hand, a score like "5/60" suggests that 5 out of 60 antiviruses find this process questionable. In this case, it's better to dig a little deeper.
- If a malicious process is discovered, do not hesitate to stop it by choosing "Kill Process" after right-clicking.
- To remove linked files, right-click on the process, choose "Properties", then in the tab that opens, click on "Explore".
Savoir detect and eliminate suspicious processes is essential to keep our data secure and ensure optimal computer performance.
Stay vigilant, update your tools and ensure the reliability of your system.
If you found this article helpful, please share it with your friends and family. Together, let's make our computers safer!