N
N
Name4222017-04-18 20:15:51
Windows
Name422, 2017-04-18 20:15:51

How to detect hidden malicious processes in the system?

Some viruses hide their processes in the Windows Task Manager. Thus, a person does not even realize that his computer is infected with a virus (at least until the harmful effect reaches a critical stage and becomes obvious. And it also happens that the virus is never detected).
Are there ways to discover these hidden processes?

Answer the question

In order to leave comments, you need to log in

9 answer(s)
A
Artem @Jump, 2017-04-18
@Name422

There are no easy ways.
There are no guaranteed ways.
Only behavior analysis - what kind of program, what does it do, is there a signature, do the signatures match.
The virus is easier to detect.
And a malicious program is often technically no different from a useful one, so it is impossible to detect it programmatically in many cases.

S
Saboteur, 2017-04-18
@saboteur_kiev

First you need to learn how to detect standard processes - to know which of them does what, what it belongs to, how it behaves and how it should start.
After that, you can already look for non-standard processes.
Of course, there are ways, but explaining them means teaching a person how to administer windows at a fairly deep level. This cannot be contained in the answer to the question, but roughly speaking the whole learning process.

P
Plinio, 2017-04-19
@Plinio

Use Comodo
Cleaning Essentials and KillSwitch, they are just designed to analyze and identify hidden system processes. The first specializes in searching for viruses and rootkits, cleaning the system, the second is an improved analogue of the Task Manager, not only displays network activity and all processes in the form of a tree, but also checks all active electronic signatures, highlighting suspicious ones. There is also Autorun Analyzer, it will show all processes and services in autorun. Plus, it's a good idea to add a separate VirusTotal Uploader to check all suspicious files with more than 50 well-known antiviruses, just to be sure.

A
Artem, 2017-04-18
@devspec

As mentioned above, there are no guaranteed ways.
But you can check DrWeb CureIt, Malwarebytes AntiMalware, AVZ, Kaspersky Free system.
These programs have quite strong heuristics - and they can theoretically tell if a process is not behaving as expected, even if the virus signature is not in their databases.

M
morgan, 2017-04-19
@morgane

Start simple and look at network traffic with the currports utility, if suspicious activity is detected, examine the processes with the same process explorer.

D
dmfun, 2017-04-19
@dmfun

Check each process
1) Signature The
executable does not have a signature, this is no longer professional software.
2) Place of launch
If it is not launched from the program files, then a reason to think. Sometimes skype or dropbox is put in the user profile. But good software. It should only be in program files, not tempo folders with intricate names
. AVZ tool, AnvirrTaskManager
, autoload, browser plugins, task scheduler.
First you need to kill all non-system / unknown processes.
For system libraries, see the libraries used (these tools show)

L
Ltonid, 2017-04-18
@AtaZ

There are simple programs like Process Hacker, it has its own driver and it will see a hidden process, but you will see so much more interesting that without knowing every line you can make it even worse.
Antiviruses also see hidden processes and usually react negatively to them, so now they use legal programs more often than hiding a process, or incorporating it into a legal process, which is much safer.
I remember chasing the polymorphic driver of alcohol for three days. When I caught it, I realized why the developers did it, I thought a lot ...

D
Dimonchik, 2017-04-18
@dimonchik2013

www.gmer.net

L
lukoie, 2017-04-19
@lukoie

No, well, there are special guys who identify such processes and write them down in a little black book.
For example the same malwarebytes
Why not trust them? Has something taken and installed on your computer that they have not seen?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question