Finding Malware with Sysinternals Process Explorer

I was paranoid about a program on my computer and my professor sent me this link. This was extremely helpful and set my mind at ease. Thank you!

Very useful and very good for beginners like me, you sir need a medal for this great tutorial.

An awesome video, easy to understand and easy to implement. Thanks a lot.

Concise and effective teaching. Thank you sir.

for anyone struggling to open the folder as admin, you can just open the command prompt as admin, and then set your directory to the folder using cd (file path). for example mine was "cd C:\Users\Shibe\Downloads\SysinternalsSuite"

Great tutorial - I use this myself and instead of explaining to folks how to do it, I send them this link!

i have an svchost, isass and csrss that show no signatures, paths and cannot be scanned with virus total. what should i do?

This tool is underrated

Great video. I had a trojan scare this week, and after doing these things, I'm thinking that it was a false positive.

Excellen Video Professor - Great to the point presentation

Amazing video! I have been doing several of these for a lot of year but exceeded all the knowledge I had. Thanks for sharing... This is my first video.... So I am sure you should have some more great material... Subscribing!!!

solid video. helpful tips and to the point!

Very useful and easy to understand. Thank you!

Hi there, it was a very useful and informative tutorial video. thnx

Thank you as that was an excellent presentation and made me much more informed. Very much appreciated.

In process explorer some entries for svchost.exe don't have a verified signature nor when I open the properties most of the items have no value. This is also true for csrss.exe, registry and other entries. Nor can they be verified in the properties window. Some of the entries can be Killed whereas others cannot. All of these have no verified signature.

Excellent, Sir!

Hello!! thanks for the tutorial Great information. Would you please tell me how can find, using Process Explorer, which process creates temp files in the respective temp folder? Thank you

oh sir this video is so awesome thak you

Thank you for the great work!

at 1:55 * COMPANY NAME.
my process explorer has a lot of programs running without COMPANY NAME.
plus it is very unstable unlike your process explorer which is not moving. mine is very unstable and volatile programs are starting and ending every second.
any suggestions?

prime youtube content

ik i have malware or smth but the thing is i cant see the path command line current directory autostart location or really anything but ik its a virus that injected itself into the svchost.exe

what if the process has no handles and no dlls??

very good help, thx

ty, very nice

thank you

i have a bunch of processes with are without description and also have no dll's when i use ctrl+d, what could that mean?
example smss.exe, Memory Compression, Interrupts, crss.exe, dllhost.exe, postgres.exe etc

There are some in virustotal check that has count like 1/78 and some have "the system cannot find the file specified". What do i do to those?

it says The term 'procexp64.exe' is not recognized as the name of a cmdlet, function, script file, or operable
program.

Too Good hank you

>finding malware
>has CCleaner installed🚨

Quick Guide thanks a lot.

I notice 1 virus running on my machine
I think it might be a false positive

hey man i have like 14 svchost.exe running is that normal ?

Hey, i would like som sort of help. When i want to scan it with VirusTotal it normally writes hash submitted, but after few seconds it says The device connected to the system is not working on mostly apps. VirusTotal scans max of 10 apps. Thank You for your help. To the error i used translator, so it might be not acurrate.