In a recent post to the TechSoup Blog, Brian Satterfield
shares tips for using Windows' task manager to identify malware on your computer.
Discuss this post or share your own task manager tips here.
I've used the Task Manager for both of the things that Brian discussed in the article. It's been particularly helpful when I need to shut down Outlook, which seems to be a bit prone to hanging up and not closing out completely when it should. I've also looked at the list of running processes and Googled them when I suspected that I might have picked up some malware. Very useful tips.
Joined on 06-09-2003
Davenport, Iowa USA
You can also access the task manager by opposite clicking on the the task bar and select task manager.
In task manager if you select View >> Select columns and check CPU usage and CPU time you can tell what process is taking up CPU cycles at that point in time. Unfortunately like Brian noted it is often services.exe or svchhost.exe which are like a shell running dll's that are the actual process. If you use a tool like process explorer or hyjack this they have options that will show all the sub processes under the top process name. Be prepared to look at hundreds of names to try to find the bad one.
Also if root kit technology is used task manager will not show the offender at all.
Googling for the process name can be useful but recently scam sites don't tell you what the process is but want to sell you a product to eliminate that process from your machine. You can get a feel for this by Googling some of the common names and seeing the results. You should be able to figure out what the process is from by looking at the Google results page with out ever going to an actual web site.
With the CPU time amount you can get an idea how long the machine has been on with out a reboot if idle processes hh:mm:ss shows something like 475:30:21 the machine has been on with out rebooting for over 19 days and you can encourage the user to reboot at least once a week to improve machine performance.
Dave
Note that most malware authors don't give their programs process names like "EvilSpywareProgram.exe"... rather, they will try to name them something that will either blend in or look like a system process that someone would not want to shut down.