This page explains what computer processes are and how you can determine what processes are running on your computer. This skill can help you determine whether you have malware operating on your system.
What is a Process?
A process is a computer program running on a computer. A computer program in simple terms is an executable set of commands for the computer to perform. A process is an actively running program which may or may not be running in the background. A program running in the background is one that the computer user may not be aware of, but it may be providing useful services such as an ability to connect to other computers. Processes are usually associated with your operating system or a program that is installed on your computer.
It is useful to identify processes running on your computer to determine whether your system has any malware or other undesired processes running on it. Also some processes use up valuable resources and can be shut down. Your operating system task manager is used to identify processes running on your computer for Windows 2000 or Windows XP systems. It can be actived using one of the below two methods:
- Press the combination of keys, CTRL-ALT-DEL, at the same time, then select the “Task Manager” button.
- Right click on an open area of your task bar at the bottom of your screen, then select “Task Manager”.
After the task manager is open, select the Processes tab. This provides a list of processes running on your computer like the one below.
In the process list, the ones called “System” or “System Idle Process” are of no concern since they are a normal part of the system. Processes should be associated with one or more of the following:
- Your computer system such as a Microsoft operating system process.
- An application you installed such as your anti-virus software, your file editor, printer software, and other programs.
- An application that was installed without your knowledge (this is where trouble usually comes from).
Processes on the list that you do not recognize can be found using several methods:
- Use one of the following websites to look up the process to determine what kind of process it is.
- Search your favorite search engine such as Google to get some clues about what the process is. You can do a web search or a groups search on google and sometimes find discussions that may answer the question about the origin of the process.
- Use the search function on your computer to search for the process name on your hard drive. This may identify the folder the process executable file is in which may give you additional clues. The figure below shows the search function.
Once found, navigate to the folder the file is in.
Right click on the file you are checking to open the properties window for the file. Click on the “Version” tab.
This should tell you the name of the company that created the process. If there is no company name, you should be suspicious of the process, but the lack of a company name is no guarantee that the process is associated with malware, it is only a clue.
Removing a Process
Removing a process can be a daunting task. If you are removing a process that may have been installed by malware, you should be very careful since these processes can do tricky things to prevent their removel. They may restart themselves or change file associations so you cannot execute programs unless the malware executable file is running on your computer system. If possible, try to find removal instructions specific to the process you want to remove. For example, there are manual removal instructions for viruses at the websites of companies that create anti-virus software. Search for the process names on these and other websites such as creators of other anti-spyware, anti-aware, and anti-malware products. Steps to remove a process include:
- Determine where the process executable file resides on the hard drive using the searching function described above.
- Right click on the process from the Task Manager and select “End process”. If the process fails to stop, try booting to safe mode then check to see if the process is running. If it is not running, rename its executable file so the system cannot find it and run it automatically. If you cannot remove the process by booting to safe mode, you may need specific instructions for that process to help remove it.
- If you have not yet done so, rename the executable file that the process requires to run.
- Once you are sure you do not need the process, you can delete its executable file (the file you renamed earlier).