Is this a virus?


Process Ex­plorer is es­pe­cially use­ful if you’re hunt­ing mal­ware. For some re­ally in-depth ex­am­ples, you can al­ways check out Mark Russi­novich’s world-class ‘The Case Of…’ se­ries of blog posts and videos. But you don’t need to be a mal­ware-bust­ing pro like Russi­novich to fig­ure out whether a sus­pi­cious­look­ing process is a virus. Process Ex­plorer uses VirusTo­tal, a Google project that checks ques­tion­able pro­cesses against the data­bases of all the ma­jor an­tivirus com­pa­nies.

First, click the sus­pi­cious process, then go to Op­tions > VirusTo­ > Check VirusTo­ (The same path is also avail­able via the right-click menu.) If this is the very first time you’ve scanned a process, it will take you to the VirusTo­tal Terms of Ser­vice. Oth­er­wise, it adds a VirusTo­tal col­umn to Process Ex­plorer.

This col­umn shows the num­ber of an­tivirus ser­vices that have flagged that par­tic­u­lar process as a po­ten­tial virus. For ex­am­ple, ‘7/59’ means that seven out of 59 to­tal an­tivirus providers think that the process is po­ten­tially hazardous. The higher the num­ber, the more likely it is that the process is ac­tu­ally mal­ware. For more in­for­ma­tion, just click the num­bers to open the VirusTo­tal web­site, where you can learn more. Ob­vi­ously, like any other an­tivirus mea­sure, this isn’t fool­proof, and you can get false pos­i­tives. For ex­am­ple, Process Ex­plorer it­self is oc­ca­sion­ally flagged as hazardous. Also, viruses may be too new to have been widely flagged, or they could be de­ploy­ing any num­ber of anti-an­ti­mal­ware tech­niques. Nev­er­the­less, Process Ex­plorer’s VirusTo­tal in­te­gra­tion is a very good start.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.