Have you ever gone into task manager and wondered exactly where those processes are running from? Here’s a hint, the answer should be “yes”.
The processes list give you a peek into the internals of what your PC is running, and it is incredibly helpful to check on it from time to time to see if, oh I don’t know, something like tinyproxy.exe, for example, is running (that’s what tipped me off to good ‘ol Koobface). It works as a great way to detect viruses. What I do is go through the list and google the processes I’m unfamiliar with, and see what comes up.
But sometimes even that doesn’t solve my problems. Sometimes, I need to know exactly where the process is running from. Task manager doesn’t provide this info, so I would be stuck. Happily, there is a solution. The Process Explorer, which is distributed on Microsoft’s technet website, is a tool that does just that. It shows you not only which processes are running, but it shows you which directory they’re running from and which program is using them.
In addition to aiding in virus discovery, this is also great to determine “who” (which directory/application) is responsible for the virus, which is awesome in actual virus removal.
One last thing, its tiny. This makes it east to carry around on a flash drive in case you need to do virus solving on someone else’s machine.