Check for Malware
Process Explorer can also help track down potential security risks that are running, by comparing a process’s parent file with the VirusTotal online database, which checks files against dozens of reputable antivirus engines. Switch the feature on by choosing “Options > VirusTotal.com > Check VirusTotal.com.” Click “Yes” to agree to the VirusTotal terms of service (these are displayed in your browser), and then Process Explorer will submit the hashes of every running process and thread to the VirusTotal website. It also adds a new VirusTotal column to the main view. You’ll see a list of clickable links reading “0/56” or “3/57.” Each one links to the antivirus scan results for that individual file.
Any files listed as “0/57” or similar have been rated safe by all the antivirus engines used; focus your efforts on those marked in red, where the score is 1 or higher. Click the link and you’re taken to a web page of results, with the suspected infections placed prominently at the top, along with the source antivirus engine and suspected infection. Google the result, together with the filename, to see what’s out there, but unless there are multiple matches, it’s likely to be a false positive.
If your file isn’t listed there, that means it hasn’t yet been scanned by VirusTotal’s engines—right-click the file and
The more flags on VirusTotal, the more dangerous the file. choose “Submit to VirusTotal” to upload it, then wait for it to be scanned. The results appear in due course.
You can also check files for their digital signatures— double-click the process and switch to the “Image” tab, then click the “Verify” button. Look for “(Verified),” followed by the name of the digital certificate authority under “Image File.” This, on its own, is no guarantee of whether or not a file is safe, but it is an extra layer of security.