PC Advisor

Is this a virus?


Process Explorer is especially useful if you’re hunting malware. For some really in-depth examples, you can always check out Mark Russinovic­h’s world-class ‘The Case Of…’ series of blog posts and videos. But you don’t need to be a malware-busting pro like Russinovic­h to figure out whether a suspicious­looking process is a virus. Process Explorer uses VirusTotal, a Google project that checks questionab­le processes against the databases of all the major antivirus companies.

First, click the suspicious process, then go to Options > VirusTotal.com > Check VirusTotal.com. (The same path is also available via the right-click menu.) If this is the very first time you’ve scanned a process, it will take you to the VirusTotal Terms of Service. Otherwise, it adds a VirusTotal column to Process Explorer.

This column shows the number of antivirus services that have flagged that particular process as a potential virus. For example, ‘7/59’ means that seven out of 59 total antivirus providers think that the process is potentiall­y hazardous. The higher the number, the more likely it is that the process is actually malware. For more informatio­n, just click the numbers to open the VirusTotal website, where you can learn more. Obviously, like any other antivirus measure, this isn’t foolproof, and you can get false positives. For example, Process Explorer itself is occasional­ly flagged as hazardous. Also, viruses may be too new to have been widely flagged, or they could be deploying any number of anti-antimalwar­e techniques. Neverthele­ss, Process Explorer’s VirusTotal integratio­n is a very good start.

 ??  ??

Newspapers in English

Newspapers from United Kingdom