Sunday, January 8, 2012

Be A PC Detective and investigate what is going on in your PC

Are you want to become a pc detective, and want to investigate what is going on in your PC.  By reading this post you can..!

Ok First we need to know why we should become a PC Detective.

Daily we are doing lot of things with our PC.  If we open a document with Microsoft word, generally we don’t think about the background process what is running. We are starting the software [here MS Word] means we are loading a bunch of executable files, and the processes related to the software into our system.

In this way we are loading more and more processes and files into our system daily. In these processes, we are starting some manually, and some are loading automatically.
In those automatic processes some processes are may belong to a dangerous category, means the specific process can belong to a virus.
So to confirm our PC is not infected and not working as a courier for a hacker, we should have to become a PC Detective.
To investigate which processes are running in our pc generally we are use our Task manager, which is come with our OS.

We can get task manager by pressing “Ctrl+Shift+Esc“or right click on the taskbar and select “Start Task Manager”. In the processes tab we can see the processes running in our system. We can also see the services running in our system by click on the “services” tab.
The Task manager is not sufficient to us. Because we can find only some few processes with the Task-manager.
We need a software called “Process Explorer”.
Process explorer can explore all the running things in our system. Including running processes, services, and hidden processes also we can find with the Process Explorer.

Open Process explorer. It will show you all running processes in your system. Under the Process column it will show the name of the process, under the description tab it will show a little description about the process, and in the path column it will show the path process file i.e. the location of the file.
 In the Process column expand the explorer.exe process by click on the ‘+ ‘sign. Under the explorer.exe we can see the software processes, which are running graphically in our system.

Generally we can see a process called svchost.exe in the task manager. This process will appear two or more times in the task manager.  The process itself is not only a process, under the svchost.exe process a group of system processes will run. So virus creators try to run their processes under the svchost.exe process.
 To see the running processes under the svchost.exe process
Expand the wininit.exe, expand services.exe, then expand a svchost.exe file.

Right click on a process, you will get a context menu.

If a process is running in the under explorer.exe and can’t visible to us in the system, select window and select bring to front.
To set the priority to a process, select set priority, and then select the desired level.
To kill a process select kill process.
To see the properties of a process, select properties.

To Show the .dll files loaded with a process select the process.
Select ”view” menu, select “lower pane”. Now the window will divided into two parts in the lower pane you can see the dll files loaded with a selected process.
If you can’t see the dll files in the lower pane select “view” menu, select “Lower pane view”, and then select “DLLs”

If you want to know a running window process, that means if you open a software and wants to know the process, running by the software…
Select targeting button [find windows process]

And drag the wheel to the targeting window, and then the related process will be highlighted in process explorer.

If you want to find a specified dll file select “find” menu, and then select “find handle or dll”

So in this way investigate all the process running in your PC.
Best of luck guys...!
Be a brave detective.......!

1 comment:

  1. Good information. Never heard of process explorer, it looks very similar to prstat or top unix commands.