How to Monitor and Eliminate Viruses from Task Manager

by on May 8th, 2009

default-processes

Windows Task Manager is a task manager application included with Microsoft Windows NT family of operating systems that provides detailed information about computer performance and running applications, processes and CPU usage, commit charge and memory information, network activity and statistics, logged-in users, and system services. The Task Manager can also be used to set process priorities, processor affinity, forcibly terminate processes, and shut down, restart, hibernate or log off from Windows. The task list is capable of listing currently running processes and killing them, or creating a new process.

wuauclt.exe, wmiprvse.exe, explorer.exe, alg.exe, spoolsv.exe, svhost.exe, lsass.exe, services.exe, winlogon.exe, csrss.exe, smss.exe, taskmgr.exe, msiexec.exe ….. Ever wondered what are these files in your Windows Task Manager?

Viruses, Malwares and Adwares are never ending problems with the Windows Operating System. You might have any powerful Antivirus security solution or Antivirus program but still you can not be sure of your PC to be safe and clean from infections because viruses and malwares propagate daily and new come even fast. You can monitor and destroy viruses right from the task manager if you know the right trick.

Windows task manager displays what processes and programs are running right now. Right? These are the default processes which run when your Windows OS is clean. Remember the following list.

wuauclt.exe
wmiprvse.exe
explorer.exe
alg.exe
spoolsv.exe
svhost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
taskmgr.exe
msiexec.exe
System
System Idle Process

See Details below:

Now when you browse the internet or run softwares from your PC. You will most likely know the process associated with that program as it will be running besides these above mentioned default processes. e.g. If you are running notepad, in task manager it will be showing as ‘notepad.exe’ and Mozilla Firefox browser will be showing up as ‘firefox.exe’. So on and so forth.

If there is any other suspicious file in the process list, check it out, it might be virus. You can find out about any Operating System File or Running Process, that what it is exactly and what it does from the resources beneath.

What is lsass.exe

lsass.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 13,312 bytes (86% of all occurrence), 11,776 bytes, 7,680 bytes, 9,728 bytes, 14,848 bytes, 14,336 bytes, 16,384 bytes. It is a Windows core system file. The program is not visible. File lsass.exe is a trustworthy file from Microsoft. Program listens for or sends data on open ports to LAN or Internet. Therefore the technical security rating is 8% dangerous, however also read the users reviews.

What is alg.exe

alg.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 44,544 bytes (94% of all occurrence), 41,984 bytes, 40,960 bytes, 45,056 bytes, 43,520 bytes, 51,712 bytes, 153,088 bytes, 88,576 bytes, 59,392 bytes, 222,172 bytes, 58,880 bytes, 48,128 bytes, 89,088 bytes, 54,272 bytes, 55,296 bytes, 45,568 bytes. It is a Windows core system file. The program is not visible. The file is a trustworthy file from Microsoft. The process listens for or sends data on open ports to LAN or Internet. alg.exe is able to connect to Internet. Therefore the technical security rating is 9% dangerous, however also read the users reviews.

What is wmiprvse.exe

wmiprvse.exe is located in a subfolder of C:\Windows\System32 or sometimes in a subfolder of C:\Windows – normally C:\WINDOWS\System32\wbem\. Known file sizes on Windows XP are 218,112 bytes (86% of all occurrence), 203,776 bytes, 203,264 bytes, 207,872 bytes, 245,248 bytes, 206,336 bytes, 225,280 bytes, 222,208 bytes, 395,740 bytes, 226,304 bytes, 229,376 bytes, 276,992 bytes, 209,408 bytes, 218,072 bytes.
It is a Windows core system file. The program is not visible. There is no description of the program. The file is a trustworthy file from Microsoft. Therefore the technical security rating is 9% dangerous, however also read the users reviews.

What is wisptis.exe

wisptis.exe is located in the folder C:\Windows\System32 or sometimes in a subfolder of C:\Windows or in a subfolder of “C:\Program Files”. Known file sizes on Windows XP are 189,952 bytes (67% of all occurrence), 194,560 bytes, 293,376 bytes, 293,888 bytes, 244,224 bytes.
The program is not visible. File wisptis.exe is not a Windows core file. The application can be removed using the control panel Add\Remove programs applet. wisptis.exe is able to record inputs. Therefore the technical security rating is 27% dangerous, however also read the users reviews.

What is svchost.exe

svchost.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 14,336 bytes (86% of all occurrence), 12,800 bytes, 22,016 bytes, 21,504 bytes, 13,312 bytes, 14,848 bytes, 17,408 bytes, 15,872 bytes, 23,040 bytes, 117,760 bytes, 123,904 bytes, 13,824 bytes, 90,624 bytes, 14,482 bytes. It is a Windows system file. The program has no visible window. The file is a trustworthy file from Microsoft. The application listens for or sends data on open ports to LAN or Internet. Therefore the technical security rating is 7% dangerous, however also read the users reviews.

What is wuauclt.exe

File wuauclt.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 124,184 bytes (60% of all occurrence), 53,080 bytes, 111,104 bytes, 113,944 bytes, 53,448 bytes, 124,376 bytes, 139,776 bytes, 112,128 bytes, 51,224 bytes, 124,696 bytes, 43,008 bytes, 111,616 bytes, 68,440 bytes, 80,216 bytes, 114,136 bytes, 53,592 bytes, 14,597 bytes, 106,264 bytes, 141,824 bytes, 71,000 bytes, 171,520 bytes, 148,760 bytes, 248,832 bytes, 237,340 bytes, 261,080 bytes, 125,208 bytes, 114,968 bytes, 112,640 bytes.
wuauclt.exe is a Windows system file. The file is certified by a trustworthy company. wuauclt.exe is a trustworthy file from Microsoft. The program has no visible window. Therefore the technical security rating is 5% dangerous, however also read the users reviews.

What is ctfmon.exe

File ctfmon.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 15,360 bytes (92% of all occurrence), 13,312 bytes, 30,208 bytes, 8,192 bytes, 40,448 bytes, 13,824 bytes, 25,088 bytes, 14,336 bytes, 156,635 bytes, 192,990 bytes, 92,160 bytes, 69,632 bytes, 38,924 bytes, 44,032 bytes, 15,361 bytes, 20,992 bytes, 23,552 bytes, 356,864 bytes, 365,056 bytes, 22,528 bytes, 192,978 bytes, 91,648 bytes, 192,992 bytes, 26,112 bytes, 36,628 bytes, 129,536 bytes, 16,897 bytes, 8,704 bytes, 25,600 bytes, 24,080 bytes.
The program is not visible. File ctfmon.exe is a Microsoft signed file. The program starts upon Windows startup (see Registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders). Therefore the technical security rating is 17% dangerous, however also read the users reviews.

What is nwiz.exe

File nwiz.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 1,519,616 bytes (41% of all occurrence), 1,626,112 bytes, 1,622,016 bytes, 921,600 bytes, 323,584 bytes, 1,495,040 bytes, 753,664 bytes, 741,376 bytes, 782,336 bytes, 372,736 bytes, 1,617,920 bytes, 1,630,208 bytes, 843,776 bytes, 364,544 bytes, 831,488 bytes, 1,490,944 bytes, 643,821 bytes, 1,657,376 bytes, 438,272 bytes, 790,528 bytes, 344,064 bytes, 880,640 bytes, 1,672,672 bytes, 319,488 bytes, 315,392 bytes, 63,242 bytes, 917,504 bytes, 299,008 bytes, 303,104 bytes, 446,464 bytes, 1,511,424 bytes. The program has a visible window. The process starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices). nwiz.exe is not a Windows core file. Therefore the technical security rating is 19% dangerous, however also read the users reviews.

What is ccapp.exe

ccApp.exe is located in a subfolder of “C:\Program Files\Common Files” – mostly C:\Program Files\Common Files\Symantec Shared\. Known file sizes on Windows XP are 58,992 bytes (16% of all occurrence), 53,408 bytes, 48,752 bytes, 54,296 bytes, 115,816 bytes, 59,040 bytes, 52,896 bytes, 52,840 bytes, 71,280 bytes, 66,680 bytes, 71,328 bytes, 52,848 bytes, 48,800 bytes, 50,880 bytes, 58,488 bytes, 68,768 bytes, 84,640 bytes, 107,112 bytes, 58,984 bytes, 116,328 bytes, 70,816 bytes, 49,824 bytes, 51,048 bytes, 70,776 bytes, 54,520 bytes, 49,768 bytes, 67,184 bytes, 54,976 bytes, 116,072 bytes, 53,096 bytes, 49,512 bytes, 69,632 bytes, 23,568 bytes, 28,172 bytes, 16,897 bytes, 50,800 bytes, 21,504 bytes, 115,560 bytes, 37,388 bytes, 58,728 bytes, 37,163 bytes, 36,364 bytes, 36,951 bytes, 57,984 bytes, 36,956 bytes, 50,864 bytes, 36,967 bytes, 25,600 bytes, 24,588 bytes, 37,629 bytes, 31,650 bytes, 21,516 bytes, 340,480 bytes, 23,564 bytes, 37,382 bytes, 31,730 bytes, 71,256 bytes, 36,412 bytes.
There is an icon for this program on the taskbar next to the clock. ccApp.exe is not a Windows system file. The file is a Verisign signed file. The file has a digital Signature. Program uses ports to connect to LAN or Internet. Therefore the technical security rating is 16% dangerous, however also read the users reviews.

What is istsvc.exe

istsvc.exe is located in a subfolder of “C:\Program Files” – usually c:\program files\istsvc\. Known file sizes on Windows XP are 19,968 bytes (42% of all occurrence), 17,408 bytes, 18,432 bytes, 18,944 bytes, 19,456 bytes, 20,992 bytes, 21,504 bytes, 17,920 bytes, 22,016 bytes, 12,288 bytes, 6,124 bytes.
istsvc.exe is a file without information about the maker of this file. The file is not a Windows core file. The program starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). The program has no visible window. istsvc.exe is able to hide itself. Therefore the technical security rating is 71% dangerous, however also read the users reviews.

What is spoolsv.exe

File spoolsv.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 57,856 bytes (85% of all occurrence), 51,200 bytes, 53,248 bytes, 125,952 bytes, 124,928 bytes, 56,832 bytes, 58,368 bytes, 56,320 bytes, 60,928 bytes, 68,608 bytes, 67,584 bytes, 65,024 bytes, 61,440 bytes. File spoolsv.exe is a Windows core system file. The program is not visible. The file is a trustworthy file from Microsoft. Therefore the technical security rating is 6% dangerous, however also read the users reviews.

What is services.exe

services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping services. This process also deals with the automatic starting of services during the computers boot-up and the stopping of services during shut-down. This program is important for the stable and secure running of your computer and should not be terminated.

What is winlogon.exe

winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated.

What is csrss.exe

This is the user-mode portion of the Win32 subsystem (with Win32.sys being the kernel-mode portion). Csrss stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment.
Note: The csrss.exe file is located in the folder C:\Windows\System32. In other cases, csrss.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager. Virus with same name: Nimda.E

What is smss.exe

smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager Subsystem and is responsible for handling sessions on your system. This program is important for the stable and secure running of your computer and should not be terminated.

What is msiexec.exe

msiexec.exe belongs to the Windows Installer Component and is used to install new programs that use Windows Installer package files (MSI). This program is important for the stable and secure running of your computer and should not be terminated.

Windows Processes and Files Information Databases

Find program by file extension (The File Extension Source)

What is that file (safe or unsafe)

File Extension Source is a database of file extensions and the various programs that use them and What is that File will let you know about any file that it is safe or not. If it is not safe then definitely it is a virus, malware, adware or some dangerous program.

File.net

File information web site, a most growing community, where users discuss about Windows files. Their data bank contains information and ratings of many thousand files. The high quality of all information is ensured by our research center, professional participants and a moderated forum.

http://www.file.net

Windows Processes

Information about Common Windows processes, System Processes, Application Processes, Malware Processes and more

http://www.neuber.com/taskmanager/process/index.html

Windows Processes Library

The unique and indispensable process listing database

http://www.liutilities.com/products/wintaskspro/processlibrary/

DLL Library

http://www.liutilities.com/products/wintaskspro/dlllibrary/

File Extension Library

http://www.liutilities.com/products/winbackup/filextlibrary/

Windows File Information

http://www.file.net/process/_l.html

Softwares to Monitor System Processes

Free Process Quick Link

As many as 20 to 30 processes may be running invisibly, silently in the background on your PC. Some hog system resources, drastically slowing down your computer. Others are a threat to security and privacy. A few may be harmless. The Windows Task Manager displays most of these processes but you have no information to learn and understand what is what. Get the latest definitions and exhaustive advice on all the processes running on directly in the Windows Task Manager.

Download Process Quick Link

Download Process Quick Link

Product’s Homepage

Process Scanner by Uniblue

What is your PC really up to? Now you no longer need to guess. This free application will give you a complete analysis of all the processes running on your PC, along with a risk analysis of each one!

Download Process Scanner by Uniblue

http://www.processlibrary.com/processscan/

Tips about Task Manager

How to start Task Manager

To start Task Manager, take any of the following actions:

  • Press CTRL+ALT+DELETE, and then click Task Manager.
  • Press CTRL+SHIFT+ESC.
  • Right-click an empty area of the taskbar, and then click Task Manager.

How to exit, switch to, or start a program

The Applications tab displays the status of the programs that are running on the computer. To exit, switch to, or start a program, follow these steps:

  • Click the Applications tab.
  • Do one of the following, as appropriate for the action that you want to perform:
    Exit a program
    To exit a program, click the program that you want to exit, and then click End Task.
    Switch to another program
    To switch to another program, click the program that you want to switch to, and then click Switch To.
    Start a program
    To start a program, click New Task. In the Create New Task dialog box, click Browse, locate and select the program that you want to start, click Open, and then click OK.

How to end a process

The Processes tab displays information about the processes that are running on the computer. A process can be an application that you start or subsystems and services that are managed by the operating system. To end a process, follow these steps.

Proceed with caution when you end a process. If you exit a program in this manner, data that has not been saved will be lost. If you end a system process, a system component may no longer function correctly. To match a process with a running program, right-click the program name on the Applications tab of Windows Task Manager, and then click Go To Process.

  • Click the Processes tab.
  • Do one of the following, depending on the action that you want to perform:
    – If you want to end a single process, click the process that you want to end, and then click End Process.
    – If you want to end a process and all processes directly or indirectly related to it, right-click the process that you want to end, and then click End Process Tree.

How to monitor your computer’s performance

Click the Performance tab to view a dynamic overview of the performance of your computer. This includes the following measures:

  • Graphs for CPU and memory usage
  • The total number of handles, threads, and processes that are running
    Handles are unique identifiers that allow a program to access system resources such as files, registry keys, fonts, and bitmaps. Threads are objects within processes that run program instructions.
  • The total number of kilobytes (KB) that are used for physical, kernel, and commit memory

More about Windows Task manager

How to use and troubleshoot issues with Windows Task Manager


Share

One Review

  1. SUDIP MAJHI says:

    Wow! What an informative article.