Troubleshooting Q&A - February 11, 2005
What Windows Task Manager Won't Tell You
Many malicious programs are capable of hiding from the Windows Task Manager, but a third-party utility called Securty Task Manager, which performs a threat assessment of every running process on your PC, can help.
By Ron Pacchiano
Q. Over the last few weeks I've notice a dramatic decrease in my system's performance. It's actually gotten so bad that I'm starting to think that it somehow became infected with a virus or some other piece of spyware. Proceeding under that assumption I verified that my anti-virus definitions where up to date and ran a virus scan on the entire system. I also scanned the system using spyware removal tools Ad-aware and Spybot: Search and Destroy; but neither program discovered anything.
I then started examining system performance using the Windows Task Manager. I noticed that the CPU usage was fluctuating a bit, but nothing I deemed too far out of the ordinary. Next, I began examining all of the running system processes. Again, I didn't really see anything that seemed to be monopolizing CPU time. To be honest, though, once we start discussing Windows systems processes, we tend to get a bit above my head. I'm not really sure, which processes belong there and which ones might be questionable. Also, I'm not sure how to identify them. Some I recognize from other systems, but most I don't. I've also been told that some spyware is capable of hiding from the Task Manager altogether. So if one was running on my system, I still wouldn't be able to see it.
This brings me to my question. Is there anyway for me to easily find out what application these processes belong to, what they are doing and if any of them can be considered a threat to my system? As it stands now, the only thing I can think of doing is a Google search for the process in hopes of identifying it. This works, but it's slow, time consuming and not always accurate. Thanks for your help and suggestions.
A. This is a very good question. Don't be embarrassed by having difficulty identifying all the processes displayed in the Task Manager. I've know a lot of guys who have been doing this for 10 or more years (myself included) who have to sometimes resort to the Google search method for identifying some unknown process running on their systems. And your concern is justified. There are, in fact, many malicious programs capable of hiding from the Windows Task Manager. Up until recently, I would have said that doing a Google search was probably the most efficient, if not the quickest or easiest way of doing this. Now, however, I found a better way.
The Security Task Manager from Neuber.com is an enhanced version of the Windows Task Manager and has got to be one of the most useful utilities I've come across in quite sometime. In addition to the basic information the Windows Task Manager provides you with, the Security Task Manager displays almost everything else you could ever want to know about a process.
This information includes the file name and directory path of the process along with a description, the CPU usage, the type of process (application, DLL, drivers, and so on.), whether the process is configured to start with Windows and who the manufacturer is. That would be good enough, but it gets better. It can also recognize virtual driver software, services, Browser Helper Objects (BHO) and other processes normally hidden from the Windows task manager. It can even identify hidden functions like keyboard loggers as well. Best of all, the Security Task Manager actually performs a threat assessment of every running process on the system and graphically displays the results. So you immediately know which processes you should be concerned about.
For example, I was looking through my running processes and found one that I didn't recognize called BTStackServer.exe. Anything with the word "Server" in it has the potential to be bad, so I wanted to investigate it. As you know the Windows Task Manager tells you nothing about it. The Security Task Manager on the other hand gave me this information:
Information about BTStackServer.exe process -------------------------------------------------------------------------------- Process description: Bluetooth Stack COM Server Product: Bluetooth Software 1.4.1 Build 5 SP4 Company: WIDCOMM Inc. File: BTStackServer.exe
In addition, it told me where on my computer the file was located, exactly how much memory it was using and, most importantly, assigned it a security rating. In seconds it had completely alleviated my concern on the subject. Since then it has become one of my favorite utilities.
The Security Task Manager is free for 30 days and then $29 to activate. The $29 activation fee also buys you SpyProtector for protecting your computer and Internet privacy. It prevents keyboard and mouse monitoring, warns you when the registry has changed; like when a Trojan adds an autostart key. It even eliminates the traces of your internet activity; like cookies, cache, history, typed URLs and temporary files.
To try out the Security Task Manager for yourself, visit http://www.neuber.com/taskmanager/index.html. I don't know if this will help your slowdown problem, but at the very least it should put your mind at ease regarding the possible threat of spyware. Good luck!
Use our feedback form to submit your questions on home or SOHO networking issues. We cannot guarantee to answer every question we get, but we’ll consider them all.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|