The 'msconfig' tool comes with Windows. It not only shows you list of processes which are started by
default when you start your computer but also allows you to modify
execution of startup processes.
|
| This is very good tool which shows all startup entries (processes,
BHOs, services..etc) from non-windows applications. This way you can easily find out and knock off suspicious
processes. |
| |
| One more good tool is Autoruns from Sysinternals. This tool
shows all startup entries (processes, services, drivers, Winlogon notify
entries, winsock providers etc). Also you can make it to display non-microsoft
entries by selecting "Hide microsoft entries" from the options menu. |
| |
You can use the 'Process Explorer' from SysInternals.com to find
out more detailed information about all the running processes.
Once you find the process or DLL, you wants to know if its really
spyware or any kind of malware programs. You can find out this by
connecting to ProcessLibrary.com. This website provides information about a process
or DLL to make out if its legitimate process or not. By the way you can always use
Google to find out more information about any suspicious looking process.
|
BHO stands for 'Browser Helper Objects' which are the plugins written for
Internet Explorer to enhance its capabilities. But this feature is being
misused by many spyware programs which monitor user's browsing habits
and also steal the online credentials silently.
To eliminate such BHO's from the computer, I have written a tool called
BHORemover which scans and lists all installed BHO's on the system with
detailed information. This helps in identifying malicious programs and
remove them from the system. |
| |
| WinServiceManager provides single point of administration for
managing various aspects of Windows services. It has got more features
and provides better management functionality than built-in Windows
service management console. It shows list of non-windows services
which allows the user to quickly identify and remove the
additional services, most of these are installed by spyware to monitor
the activities. |
| |
| Some of the spywares use the DLLs to monitor and control their life
cycle. Usually these DLL's are injected into windows processes such as
explorer.exe, winlogon.exe etc to hide their presence. You can remove these DLL's from the
process using the RemoteDLL tool. |
| |
All the above mentioned tools are the basic ones to find out more information
about running programs. But there are more stealth programs such as rootkits
which cannot be detected by normal programs. You need more sophisticated tools
to view those programs.
There are couple of rootkit detection tools such as BlackLight from
F-Secure, Mcafee's Rootkit Detective, Rootkit Revealer from
SysInternals.com and IceSword
by PJF. IceSword is very advanced tool among all and it shows all hidden
processes, services, drivers, SSDT hooks, messages hooks etc. |
| |
