Finding Malware with Sysinternals Process Explorer
Finding Malware with Sysinternals Process Explorer
In this short video, Professor K shows you how to find malware that may be running as a process on your PC using Sysinternals Process Explorer.
Process Explorer is a tool that lets us access a lot of information about processes running on a machine and offers some excellent functionalities out of the box, which we can leverage to analyze and determine if something is malicious.
docs.microsoft.com/en-us/sysi...
docs.microsoft.com/en-us/sysi...
www.udemy.com/user/cliftonlkr...
Пікірлер: 37
I was paranoid about a program on my computer and my professor sent me this link. This was extremely helpful and set my mind at ease. Thank you!
@krah8052
2 жыл бұрын
Glad it helped!
Very useful and very good for beginners like me, you sir need a medal for this great tutorial.
Thank you as that was an excellent presentation and made me much more informed. Very much appreciated.
Excellen Video Professor - Great to the point presentation
Very useful and easy to understand. Thank you!
Great tutorial - I use this myself and instead of explaining to folks how to do it, I send them this link!
@krah8052
2 жыл бұрын
Good to hear!
Thank you for the great work!
Hello!! thanks for the tutorial Great information. Would you please tell me how can find, using Process Explorer, which process creates temp files in the respective temp folder? Thank you
Excellent, Sir!
Hi there, it was a very useful and informative tutorial video. thnx
Great video. I had a trojan scare this week, and after doing these things, I'm thinking that it was a false positive.
oh sir this video is so awesome thak you
i have an svchost, isass and csrss that show no signatures, paths and cannot be scanned with virus total. what should i do?
@bazo0ky
9 ай бұрын
I have the same thing. Basically press Ctrl+D the look if it's verified by Microsoft.
very good help, thx
thank you
for anyone struggling to open the folder as admin, you can just open the command prompt as admin, and then set your directory to the folder using cd (file path). for example mine was "cd C:\Users\Shibe\Downloads\SysinternalsSuite"
ty, very nice
>finding malware >has CCleaner installed🚨
Too Good hank you
what if the process has no handles and no dlls??
it says The term 'procexp64.exe' is not recognized as the name of a cmdlet, function, script file, or operable program.
ik i have malware or smth but the thing is i cant see the path command line current directory autostart location or really anything but ik its a virus that injected itself into the svchost.exe
@jonasosvaldsen8856
5 ай бұрын
Any luck?
prime youtube content
Quick Guide thanks a lot.
i have a bunch of processes with are without description and also have no dll's when i use ctrl+d, what could that mean? example smss.exe, Memory Compression, Interrupts, crss.exe, dllhost.exe, postgres.exe etc
hey man i have like 14 svchost.exe running is that normal ?
@Edison-newworldBlogspot
Жыл бұрын
It's normal only. You can check the location of the svchost.exe and if it is not from system folder and found in temp location or app data, then that process must be malicious.
@switchmusic2959
Жыл бұрын
@@Edison-newworldBlogspot i have an svchost, isass and csrss that show no signatures, paths and cannot be scanned with virus total. what should i do?
@sundowner1318
Жыл бұрын
I’ve also had a problem with this file occasionally spiking
I notice 1 virus running on my machine I think it might be a false positive
Hey, i would like som sort of help. When i want to scan it with VirusTotal it normally writes hash submitted, but after few seconds it says The device connected to the system is not working on mostly apps. VirusTotal scans max of 10 apps. Thank You for your help. To the error i used translator, so it might be not acurrate.
@Yek-H
11 ай бұрын
Same issue