How to Find if a Windows Process Is Virus or Legitimate

In case you don’t know, Windows runs a lot of processes in the background, without you knowing. To verify that, simply launch the Windows Task Manager (by right clicking on the taskbar and select “Task Manager” from the list or by pressing “Ctrl + Alt + Del” and selecting Task Manager). Once you are in the Task Manager, navigate to Details tab and you will see a whole bunch of processes which are related to a whole bunch of programs (some of which autostart by itself) running in your Windows machine.

Of course, most of the processes’ names don’t make any sense because of their cryptic naming conventions (igfxpers.exe, etc) and there is no telling if that specific process or processes are legitimate or a virus running in the background to sabotage your PC. That said, you don’t have to be a Windows expert to verify if a running Windows process is legitimate or a virus. All you have to do is to use a free software which can give you all the details you will need.

CrowdInspect-task-manager-process-list

CrowdInspect is a free host-based and real-time process inspection tool which can scan for malicious Windows processes running in the background using multiple sources like VirusTotal, WOT trust, etc.

To start, download CrowdInspect from its website. Being a portable software, this tool works the same with 32-bit and 64-bit systems alike. Once launched, CrowdInspect will automatically detect all the running Windows processes and give ratings according to various signals like WOT trust meter, Virustotal Scans, MHR (Malware Hash Registry), etc.

CrowdInspect-processes-list

As you can see from the above image, CrowdInspects displays lots of interesting stuff about running processes like process ID, connection protocol, connection state, local and remote port, local and remote IP address, resolved DNS address, etc. Apart from this, CrowdInspect maintains a list of all the data associated with live processes and their remote connections. You can access all that data by clicking “Live/History” button.

CrowdInspect-live-history

When it comes to ratings, the gray icon symbolizes no or fewer data to give ratings, the green icon symbolizes good processes and when you see the red icon next to some processes, it indicates something fishy about that specific Windows process.

To find out more about a specific process, select that process and click on “VT results” button to see the virus scan results by Virustotal of that selected process. FYI, VirusTotal uses 40+ different antivirus software to scan.

CrowdInspect-virustotal-scan-results

Apart from all the security-related features, CrowdInspect tool also has some basic features which can effectively kill abusive or non-responsive processes, show the full path of a selected Windows process and can also show properties of selected processes.

All in all, CrowdInspect is a handy portable tool which can give you a good insight on all the Windows processes and helps you judge whether a Windows process is legitimate or a virus program. You probably won’t need to run this all the time. Whenever your computer runs slow, or if you suspect that your computer is infected, simply run this app and detect which process is causing the trouble. It is definitely a good tool to keep in your arsenal.

What do you think of this tool? Let us know via the comments section below.