Ask Experts Questions for FREE Help !
Ask
    michaelmoran's Avatar
    michaelmoran Posts: 1, Reputation: 1
    New Member
    		  
    #1

    Mar 24, 2009, 01:05 PM
    Processes good or bad
    Both svchost.exe and winlogon.exe are listed as being both good (microsoft ness) and bad (trojans) which is it and how do you tell which ones are the good ones?

    Thanks
    Scleros's Avatar
    Scleros Posts: 2,165, Reputation: 262
    Hardware Expert
    		  
    #2

    Mar 24, 2009, 02:32 PM
    Quote Originally Posted by michaelmoran View Post
    Both svchost.exe and winlogon.exe are listed as being both good (microsoft ness) and bad (trojans) which is it
    It can be both. For example, there could be the legit version in the Windows folder tree and a bogus one somewhere else in the file system.

    Quote Originally Posted by michaelmoran View Post
    and how do you tell which ones are the good ones?
    One clue is the file's date and time or location - is it where it shouldn't be if it was the legit Microsoft version? Another is the process ID (PID) visible in the Task Manager - legit processes tend to have lower value PIDs than non-legit. A third is how the process gets executed - non-legits tend to be launched by the HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run registry keys. Generating a SHA or MD5 hash of the file with one of the freely available utilities and comparing to a hash made from a known good copy of the same file version from another system or extracted from the setup files on the Windows CD or last service pack can verify authenticity. Some files might have digital signatures.

    Resources:
    Wikipedia - Windows Resource Protection
    MSDN - Windows Resource Protection
    Wikipedia - System File Checker
Not your question? Ask your question View similar questions
 

Question Tools Search this Question
Search this Question:

Advanced Search

Add your answer here.


Check out some similar questions!

Processes stacks up [ 7 Answers ]

Hello everyone. Sometime ago my PC are behaving quite weird, suddenly some proccesses started to stack up, like if I have program1.exe, start it, close it. After I closed it, I still have program1.exe in task bar, and memory is allocated for it, but the process should be dead, if I start it...

Task Manager Processes [ 3 Answers ]

My laptop has 61 running processes and uses 98+ percent of CPU when no applications running. My desktop has 63 running processes and uses less than 5% CPU when no applications running. Why is my laptop eating up the CPU and what can I do about it?

Processes [ 2 Answers ]

When I check the processes. I can delete some of them for the one session but they are back on again. How do I get rid of lots of these processes for good. Without costing money for programs? Thank you in advance! I do not know if it matters but I am running xp pro. Joe

Processes [ 8 Answers ]

Can anyone explain why a single processor system can only have one process in the running state at a time? I've tried to find the answer in my textbooks, but they just state the obvious and don't answer why this is so. Does it have to do with scheduling? Resources? Thanks in advance to...

View more questions Search