Is this a virus?
Process Explorer is especially useful if you’re hunting malware. For some really in-depth examples, you can always check out Mark Russinovich’s world-class ‘The Case Of…’ series of blog posts and videos. But you don’t need to be a malware-busting pro like Russinovich to figure out whether a suspiciouslooking process is a virus. Process Explorer uses VirusTotal, a Google project that checks questionable processes against the databases of all the major antivirus companies.
First, click the suspicious process, then go to Options > VirusTotal.com > Check VirusTotal.com. (The same path is also available via the right-click menu.) If this is the very first time you’ve scanned a process, it will take you to the VirusTotal Terms of Service. Otherwise, it adds a VirusTotal column to Process Explorer.
This column shows the number of antivirus services that have flagged that particular process as a potential virus. For example, ‘7/59’ means that seven out of 59 total antivirus providers think that the process is potentially hazardous. The higher the number, the more likely it is that the process is actually malware. For more information, just click the numbers to open the VirusTotal website, where you can learn more. Obviously, like any other antivirus measure, this isn’t foolproof, and you can get false positives. For example, Process Explorer itself is occasionally flagged as hazardous. Also, viruses may be too new to have been widely flagged, or they could be deploying any number of anti-antimalware techniques. Nevertheless, Process Explorer’s VirusTotal integration is a very good start.