Process Explorer is a free, advanced task manager and system monitor created by Microsoft Sysinternals that allows you to hunt down hidden malware. While the standard Windows Task Manager only displays basic applications, Process Explorer gives you granular insight into background processes, file handlers, and active network connections.
You can download it for free directly from the official Microsoft Sysinternals Page. Key Features for Catching Malware
Integrated VirusTotal Scanning: Process Explorer connects directly to VirusTotal. It automatically checks the cryptographic hash of every running process against over 70 different antivirus engines.
Color-Coded Hierarchy: Processes are structured in a tree format showing “parent” and “child” relationships. For example, if a background command prompt or PowerShell instance is unexpectedly spawned by a web browser, it will stand out immediately.
Deep Property Analysis: You can view the exact file path, digital signature verification, and command-line arguments used to launch any background file. Step-by-Step Guide to Spotting Malware
Follow this mechanical sequence to analyze your system manually: 1. Launch the Software
Extract the downloaded ZIP file and run procexp.exe. To see all system processes, right-click the file and select Run as Administrator. 2. Enable the VirusTotal Guardrail Click Options in the top menu bar. Hover over VirusTotal.com and check Check VirusTotal.com.
Accept the Terms of Service. A new column will appear showing detection ratios (e.g., 0/74). Any red flags (e.g., ⁄74) warrant immediate inspection. 3. Verify Digital Signatures Click Options and select Configure Colors. Ensure Verify Image Signatures is enabled.
Look for unsigned processes. Legitimate Windows system files are digitally signed by Microsoft. Malware often lacks valid signatures. 4. Investigate Suspicious Descriptions
Sort your active processes by the Company Name column. Legitimate processes state their publisher (e.g., Microsoft Corporation, Google LLC). Be highly suspicious of items with blank spaces, misspelled names, or generic descriptions. 5. Look for Unfamiliar Network Activity
Malware often calls back to a command-and-control server. Right-click any suspicious process, select Properties, and navigate to the TCP/IP tab to look for active outbound internet connections to unfamiliar IP addresses. Alternative Advanced Tools
If you need a broader security overview, consider these additional free tools: 5 Sysinternals Tools to Find Malware on Any Windows System
Leave a Reply