How to Find if a Windows Process Is Virus or Legitimate

crowdinspect-tool

In case you don’t know, Windows runs a lot of processes in the background, without you knowing. To verify that, simply launch the Windows Task Manager (by right clicking on the taskbar and select “Task Manager” from the list or by pressing “Ctrl + Alt + Del” and selecting Task Manager). Once you are in the Task Manager, navigate to Details tab and you will see a whole bunch of processes which are related to a whole bunch of programs (some of which autostart by itself) running in your Windows machine.

Of course, most of the processes’ names don’t make any sense because of their cryptic naming conventions (igfxpers.exe, etc) and there is no telling if that specific process or processes are legitimate or a virus running in the background to sabotage your PC. That said, you don’t have to be a Windows expert to verify if a running Windows process is legitimate or a virus. All you have to do is to use a free software which can give you all the details you will need.

CrowdInspect-task-manager-process-list

CrowdInspect is a free host-based and real-time process inspection tool which can scan for malicious Windows processes running in the background using multiple sources like VirusTotal, WOT trust, etc.

To start, download CrowdInspect from its website. Being a portable software, this tool works the same with 32-bit and 64-bit systems alike. Once launched, CrowdInspect will automatically detect all the running Windows processes and give ratings according to various signals like WOT trust meter, Virustotal Scans, MHR (Malware Hash Registry), etc.

CrowdInspect-processes-list

As you can see from the above image, CrowdInspects displays lots of interesting stuff about running processes like process ID, connection protocol, connection state, local and remote port, local and remote IP address, resolved DNS address, etc. Apart from this, CrowdInspect maintains a list of all the data associated with live processes and their remote connections. You can access all that data by clicking “Live/History” button.

CrowdInspect-live-history

When it comes to ratings, the gray icon symbolizes no or fewer data to give ratings, the green icon symbolizes good processes and when you see the red icon next to some processes, it indicates something fishy about that specific Windows process.

To find out more about a specific process, select that process and click on “VT results” button to see the virus scan results by Virustotal of that selected process. FYI, VirusTotal uses 40+ different antivirus software to scan.

CrowdInspect-virustotal-scan-results

Apart from all the security-related features, CrowdInspect tool also has some basic features which can effectively kill abusive or non-responsive processes, show the full path of a selected Windows process and can also show properties of selected processes.

All in all, CrowdInspect is a handy portable tool which can give you a good insight on all the Windows processes and helps you judge whether a Windows process is legitimate or a virus program. You probably won’t need to run this all the time. Whenever your computer runs slow, or if you suspect that your computer is infected, simply run this app and detect which process is causing the trouble. It is definitely a good tool to keep in your arsenal.

What do you think of this tool? Let us know via the comments section below.

9 comments

  1. The problem with the application is that the license requires you to let it scan and return potentially sensitive information. This could even mean userids and passwords to browser sites since these can be easily gleaned from a scan. Why trust it or third party apps that it employs?

    4.2 WHAT INFORMATION DOES CROWDINSPECT COLLECT AND TRANSMIT TO COMPANY OR OTHER THIRD PARTIES? CrowdInspect utilizes Companyís and several third party sources of information to determine the reputation of suspected malicious processes by using the file information and the reputation of the domain it is connecting to. For each entry discovered and transmitted by You, the Software collects and transmits — and Company may retain and use — the full directory, file name, SHA256 hash, /create/ timestamp of the above; /last accessed/ timestamp; /last write/ timestamp; and digital signature information, as well as your connection information. Third party sources that are queried to determine the reputation of the domain are provided and may retain and use file hash and domain name information. The data collected and transmitted may change together with changes to the Software’s features, functionality, and user interface, but will not materially vary in kind from the types of information described above without an update to this Agreement. Should the Company change or amend these terms from time to time, it will notify you, either through the user interface, in an email notification, or through other reasonable means, including through the Company’s website. Your use of the Software after the date the change becomes effective will be your consent to the changed terms. If you do not agree to the changes, you must stop using the Software.

  2. yeah, sounds like a useful tool but i was put off by the user license too.
    Is this a sponsered article btw?

  3. “CrowdInspect tool also has some basic features which can effectively kill abusive or non-responsive processes”
    *** Does it give you the OPTION to “kill” a given suspect process – or not…?
    Ending processes is a good way to make your system unstable to unusable.

  4. <>
    Please do not feel limited to thew Win. Task Manager, or Sysinternals. There are very excellent alternatives offered here. AnVir is free and will grade the Windows Processes, good or evil, for you.

  5. Is there a conflict with CrowdInspect and my (Avast!) anti-virus software? i.e., can they run concurrently?

Comments are closed.

Sponsored Stories