First, A Vital Reminder
If you access the Internet these days, you must have three important programs constantly running on your computer:
- A good anti-virus program that continually scans your hard drive and email
- A good anti-spyware program to protect you from having your files and identity swiped
- A firewall to prevent hackers from tunneling into your computer while you're online
If you don't have all three of these things running on your computer...you'd better get your butt moving and find out the details to ensure you get these protective tools properly setup on your system. If you don't do that, you are a prime target for viruses that can trash your computer, spyware that can allow hackers to steal your identity, and you will have holes in your online connection that can allow hackers to run all types of dangerous software on your system, as well as use your computer as a base for sending out all kinds of email viruses and offensive content! Content that can be tracked back to YOU as the offender.
In fact, if you have been using the Internet without these programs running, there's a very good chance that your computer is already infected or hacked and you don't even know it. You're computing away assuming you have no problems and some hacker is recording every keystroke you type in an effort to swipe your credit cards and identity!
And also remember, even if you do have all this stuff on your computer, it's not doing you any good if you're not regularly updating your definitions by downloading (or allowing auto download) of the latest anti-attack files. New problems are hitting the Internet all the time by those trying to profit from your ignorance. So make sure you keep up-to-date!
The Task Manager
Okay, so you got the message and had your computer updated with all of the above. You have auto-updates set on all the programs so the latest definitions are always being updated without you needing to pay attention. Good! You're feeling safe.
But are you sure there's no one in there running notorious programs on your system? In this article, I'll show you a little trick to help you investigate further. But first allow me to tell you a little about the program you'll use to play Sherlock Holmes.
The Task Manager is a Windows system tool that is constantly running on your computer. It monitors what programs are running on your system, as well as other helpful tracking.
For most Windows operating systems, you can right click on the Task Bar to open the Task Manager.
Note that you can also access it on newer systems through the old Ctrl + Alt + Delete key set, which now accesses this system information before it reboots your system. (If you just hit those keys and your computer rebooted, you're not running a newer operating system...something you should have deciphered before hitting those keys!)
Once opened, you'll see several tabs. The default tab being Applications. Here you can get a quick look at which main software applications are running on your system. As you can see below, I'm currently running Dreamweaver, a new email alert has popped up letting me know that some very important email has just arrived, my Outlook email program is running, I have a file folder open for this month's issue of TechTrax, and I have five reminders from my calendar nagging me about additional things I need to be doing!
Further below, I can also see that only 9% of my CPU (Central Processing Unit) is being used at the moment.
However, by clicking the Processes tab, I can see all the processes that are really running!
This is a good point for those of you who complain "My computer tells me I'm running out of memory, but I have gobs of RAM and only one program running...what's up?!?" Really? Only one? Are you sure? Try checking your processes and see what you really have running.
You should have anti-virus, anti-spyware, and a firewall running, but many other system processes will be running, too. And if you have email open, that's another. How about that screen saver and maybe your instant messenger chat program? What about that mouse driver, printer driver, video driver...all essential processes that are sucking up some of your available memory.
You can click on the Mem Usage column header to sort by that column. This helps you see what is sucking up the majority of available resources on your computer. Below you can see that my email program is pigging out on my memory. Dreamweaver, the program I'm using to write this article, is also taking a chunk. Since I have some folders open, Explorer is taking a bite and there's a system file taking a nibble, too. And that's just four of the 56 processes currently running on my system (as shown at the bottom of the above image).
More importantly, if you click on the User Name, you'll see what processes are running by you, the current user. This is important because System processes are usually things you don't need to worry about. But items listed as being used by you are processes that have been tagged to your user profile, meaning you have caused them to run by logging in and these are also the, possibly, more notorious program such as spyware and the like.
We'll investigate some of these processes further when we put on our sleuth hat further down in this article.
Another good tab to monitor is your Performance stats. If you're having memory problems or your system is freezing or slowing down...or even temporarily lagging...it's a good idea to check to see if what you are feeling from your system is really happening. As you can see below, there's not much going on with my system at the moment.
But when I click to open Word, you can see the spike in the CPU usage as Word fires up and calls all it's necessary system files into memory. As all these processes are being called to order, the surge shows in my usage chart below. But then you'll also see that as soon as Word opens, the system goes back to where it was.
That little surge is important to note, however, because it does show that just opening a program puts a temporary strain on a system. If you were to go nuts and open a bunch of programs at the same time, you could easily cause your system to lock up as all those programs battle for processor resources at the same time!
And as you can see below, Word is now showing up in the Applications tab because it is now a running software program.
If I open more documents, note that they are piling up in the image below.
The other two tabs (Networking and Users) aren't as important to the average user. You may want to investigate, particularly the User tab to see if anyone on your network is currently logged into your system. But for most of us, the other two tabs aren't places we'll be spending much time.
Let's go, Sherlock!
Toss on the ol' investigator's cap and let's take a look at some of these mysterious processes running on my system. This is the crux of this article...how to decipher what all that junk is and deciding what is important and what may possibly be dangerous!
If you learn to regularly check the current processes running on your system, you'll be much less likely to be zapped by some notorious program. Granted, you need those other programs discussed at the top of this article to really protect you, but if you regularly check here...it'll help you stop anything that may have slipped by. You'll learn to recognize those processes that should be running, so you can quickly research mysterious ones further.
You'll note the first process listed is called Point32.exe. Well, I know that that is my mouse driver. But if I didn't know that, I could easily find out more about this by enlisting the valuable services of the Internet.
I zip over to my trusty Google.com and enter the process name, using quotes to search for it as a whole word and hit enter to start my investigation.
As you can see in the preview below, many people have already asked about this process. I click on the top one, which is apparently the most relevant and popular link for this question, and...
...I learn that this process is running because I use the Microsoft Intellimouse and this is the monitoring process that keeps my mouse running properly. If I ended this, my mouse might not work the way I want. Yet it seems to not be a vital process to its operation, so I could disable it if I was currently stressed for more memory. However, if I was strained for resources, I might want to consider using a simpler mouse. But resources are not a problem on this system and I love my intellimouse! So this process is not an issue.
The next process running shows a file named: ~e5d141.tmp. Now one thing I know is that any file starting with a tilde (~) is a temporary file that is called into memory for the moment while some other program is being run...as part of its process. That is further verified by the fact that the file ends in .tmp, as in temporary.
But what the heck is this temporary process that's running? This could be some type of spyware! Let's give Google a run by entering this file name into a search, enclosed in double quotes, and see what's up.
HA! It appears that this one is not a problem either. It is a licensing file that Dreamweaver requires when it is running.
I can check that fact further by closing Dreamweaver. Sure 'nuff...when Dreamweaver is gone, so is that temp file, as you can see in the updated view below. When I reopen DW, that file should reappear...and upon testing, it did. So I can feel pretty confident that this is yet another process I don't need to worry about.
But now I want to see what processes are eating up the most memory on my system. I closed Outlook, so that's not in its normal top of the list slot. My files are still chewing up space with Explorer. A system file is running, and because I'm taking screen shots, SnagIt is running.
But what is that next file? Let's find out.
I check Google and the first entry leads me to the I Am Not a Geek web site. Normally a site that provides fairly accurate answers.
But this time I question the site's accuracy. Note in the image below, this site warns me that this file is an unidentified Worm or Trojan virus! YIKES! Rip it out!!! NO WAIT! Before you go ripping out your PC's guts, let's get a second opinion and research this a bit further!
I check another site and they tell me not to worry because this file is part of the Microsoft anti-spyware program I'm running. Whew! But now there's some confusion...who is right?
I check another web link and they also tell me it's not a problem...it's part of the Giant engine that is part of Microsoft's anti-spyware program.
However, not satisfied that this guy isn't just parroting what he heard on the other guy's web site, I look further. I search my computer and discover that this file is sitting in the Microsoft Anti Spyware folder. That's a pretty good indicator, but those hackers are smart, so I don't trust this confirmation yet either!
I move into my Windows Explorer and ferret into the c:\Program Files\Microsoft AntiSpyware folder and look for that file. It's there. I right click on the file and choose Properties. The properties dialog box opens and tells me that this is a file that is part of the Microsoft AntiSpyware Data Service.
I can click the Version tab to verify this information further. By clicking on the Product Name for this file, I see it is associated with Microsoft. But remember, hackers are tricky. Being a totally paranoid soul<smirk>...I want more validation!
By clicking the Digital Signature tab, I can see that this product is signed by Microsoft.
And checking the Details, I get more calming information that the file does contain a good signature and the confirming validation is that VeriSign confirms this digital signature to be accurate. I can even click to view the actual certificate. But this is enough for me now...I'm convinced. It's safe and someone should tell those folks over at I Am Not a Geek that they should update their information and stop scaring people! If I were to have ripped out this process, that would have disabled my anti-spyware and then I would have been less protected and in more trouble. Hummm...do I smell a conspiracy here?<grin>
However, if I did find a process that appeared to be something more notorious, I could quickly stop it from running by clicking to select the process and clicking the End Process button. A warning message will warn me that terminating a running process could cause me problems. But if I just confirmed that the file I was researching was a dangerous file, I'd be in more trouble by letting it run...so I'd rip it out! Since I don't have any problem process running...in the image below to help demo the process, I've done away with Trillian, my multi-chat service. No problem, I can easily restart it.
But true, killing a process in this manner is not the best route to go. So it's not advised unless your PC is really stuck or you've just found something nasty hiding away on your system that needs immediate termination.
However, remember...before you go into your Task Manager Process dialog and start ripping out everything that doesn't sound familiar...do your research! Take a few minutes to check into the issue further and don't run screaming if one site tells you it is a problem. Get a second and third opinion at least!
Also, although it can be a good idea to immediately kill a process that you've confirmed as a problem, most of those will just start back up when you log in or run any process to which this problem file might be tied. So what you really need to do to terminate the process permanently is to get yourself a good program that will search and destroy the invader. Make sure your anti-(program) is updated with the latest definitions and run it. It should remove or quarantine the problem process. But keep an eye out to make sure the process doesn't return. If it does, update your definitions again...or get yourself a better anti-(whatever) program.