Question

How do I check which background processes are legit? ...

Hello!
I am checking if my PC has any malware/spyware.
I have 3 Q for now. I would really appreciate your advice as I have reason to believe my PC is hacked and being spied on.
Among other checks and Q i have, I would like to ask how one checks if the background processes running in task manager are not viruses. I googled all of them and it seems they are legit, and I think most are located within system 32. Does that mean they can;t be viruses with a name of a legit program?

When I try to download a program that checks such background processes, it starts to download in the lower left corner of my screen, but when it;s done(quickly) it is ''white'' and nth open when I click on it. (pardon my lack of tech language or language in general )

My second Q is how do I download a TCP viewer to check my outbound ports? The same happens. Nth opens when I click on the white file in the lower left corner of the screen. Same happens when I try to download process explorer.

My third Q is if I disabled the camera and internal mic on my laptop, does this mean if I had spyware that used it, would it still be able to listen in?
and how do you disable cam and mic fully to make sure they can't be used?
In system sounds---recording it says: No audio devices installed.
Under imaging devices in device manager i uninstalled the camera but not that I looked, it was there again so I uninstalled it again.
And I think I uninstalled the YouCam app or sth

Thanks a lot!

M

Discussion is locked

Follow
Reply to: How do I check which background processes are legit? ...
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: How do I check which background processes are legit? ...
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
I usually google the process name.

That's been an old standby method. However if I wanted to scan a machine for malware I turn to Grif and his post at http://www.cnet.com/forums/discussions/how-to-remove-pup-option-603542/#post-f742c795-5881-433b-a29b-6d758efe5cd3 which lists the set of scanners I'll use.

As to your browser download issue, if you can't use that browser, get another. Why use a browser you can't use?

As to port connections I like to read a Web Speccy as that's at the end of the report and can help spot what apps are calling home. Read how to produce the report at https://www.piriform.com/docs/speccy/using-speccy/publishing-a-speccy-profile-to-the-web But that makes the report. To interpret it takes time and research. If you post it here, I'll read and comment what I find.

- Collapse -
Reply

I will try Grif's post.
Ty! I have done some of what he posted, but will try like this.

I downloaded mozilla firefox and the same thing happens with TCP viewer. (I generally use chrome)

Would you be able to take a look at the apps I have that are allowed thru Firewall? I disabled a bunch of stuff, nth seems ''damaged'' so far. I hope I didn't disable an app that protects the PC. I;d need to make screenshots.

I;m worried about stealthy software. I don;t think I;ve noticed the PC act in an unusual manner.
Although when I log into FB and look at where I;m logged in from, it says another city, one log in, which has to be me, in another city. and the cities change. Also, my chat time in the chat box is 3mins behind the time on my PC.

- Collapse -
I worried as I read this.

You are disabling a bunch of stuff so I have to leave you at that because I don't know what you did. There are many new processes in W8 and W10 that a person that was used to W7 might be shutting down and causing problems.

Because of this I have to leave you here. I can't tell what you did or why.

- Collapse -
list

I should have a list of what I disabled. And I do remember I think.

- Collapse -
PS. For your research.

Since this is in W8 which I not longer have access to at work or home (we moved on to W10) and even all our W7 machines are now on W10 this means I can only share but not duplicate issues on the old versions of Windows. Due to a company pays us to be sure apps run on XP, we have 2 XP machines handy. But that is nothing I can test for folk on but will use to check something that is not dangerous and I want to refresh a memory.

OK, off to http://www.blackviper.com/service-configurations/black-vipers-windows-8-service-configurations/

There are 177 services in W8 so this is why I fear a person that is freaking out about "WHAT IS THAT?!" could be creating more problems than they are solving.

- Collapse -
Background processes

I've read that malware can disguise itself by using the name of a legit process. To differentiate, one needs to find the process;s folder and if in, say, system 32, it is legit?

- Collapse -
winconfig

seems I remember that as the command to run in a DOS type command box in windows to see all IP connections.

- Collapse -
Netstat

CNET Forums

Forum Info