You are viewing our Forum Archives. To view or take place in current topics click here.
Common Processes & What They Mean l Are You at Risk?
Posted:

Common Processes & What They Mean l Are You at Risk?Posted:

WSMFP
  • TTG Fanatic
Status: Offline
Joined: Jul 22, 201014Year Member
Posts: 4,513
Reputation Power: 226
Status: Offline
Joined: Jul 22, 201014Year Member
Posts: 4,513
Reputation Power: 226
Common Computer Processes

An informative tutorial about Computer Processes. What they are and what they do.


If I get enough interest in this post, I will add a section about MAC processes, this has taken a while and I hope this helps anyone that reads this. I will continue to update!






What are computer processes?

Processes can be defined as programs that are being executed within a computer system. The computer program refers to a number of instructions that are issued by the users of the computers, while the processes are the execution of the instructions. One program can have several processes related to it. For instance, when one opens up the same program several times, this means that several processes are being utilized on the same program. Computer processes are named after the operating system that is running them. In this case therefore the names of the processes will differ depending on the operating system that is running them.





How do I see what processes are running on my computer?

Windows:

You may view what processes are being run on your computer by pressing:

. Ctrl + Alt + Del
. Choose "Start Task Manager"
. Then choose the "Processes" tab

Mac:

If youre used to Windows, youd get to the Task Manager by hitting Control+ALT+DEL. In Mac OS X, its a bit different. Although it is called the Activity Monitor, keep in mind it is basically the same application utility being discussed and used.

. Hit Command+Spacebar to bring up the Spotlight search field
. Type in Activity Monitor
. Hit the Return key when Activity Monitor populates in the spotlight results
. You are now in Activity Monitor where you can manage and manipulate tasks

To make sure you are in the right place, refer to the images below:
[ Register or Signin to view external links. ]
[ Register or Signin to view external links. ]






Common Windows Processes

These processes are commonly safe!
[ Register or Signin to view external links. ]

. System - Process in kernel mode
Contains most of the system threads of the system. It is not possible to terminate or kill the process or inter-react with him.

. Idle - Idle process
This process controls processor time when no other thread is active (running) on the system. This process is a virtual process because it does no calculation on the processor. On recent computers, despite uninterrupted usage in terms of multimedia and office automation, this process is the one which will be "used" in the majority of time.

. Smss.exe - Session Management Subsystem
smss.exe is a process which is a part of the Microsoft Windows Operating System. It is called the Session Manager Subsystem and is responsible for handling sessions on your system.This program is important for the stable and secure running of your computer and should not be terminated.

. Winlogon.exe - Microsoft Windows Logon Process
This is the process responsible for managing the user login and logout. Winlogon is responsible for the initial login screen of Windows, when the system has just started and it display the dialog box when the user presses Alt-Ctrl-Del. In contrast to smss, winlogon takes care of the graphics in the management of sessions.

. Csrss.exe - client/server run-time subsystem
This is the user mode portion of the subsystem Win32 (Win32.sys being the portion in kernel mode). Csrss is a necessary process for system performance performance. Csrss is used to display the Windows command shell, the management of threads (creation / termination) and the virtual DOS 16-bit environment.

. yourwebbrowser.exe - Your Browser
This is the process that displays your internet browser windows, which displays volumes content and it also display the Desktop icons the taskbar. Once booted, there is only one process yourbrowser.exe, the one in charge of the display on the desktop. The next yourbrowser.exe processes will display your browser windows. [It should be noted that the number of yourbrowser.exe processes depends on the parameter "Open the windows files in a different process," in the folder options, in Control Panel.

. Lsass.exe - Local Security Authority Subsystem Service
Lsass.exe is the process in charge of the authentication of users for the service Winlogon. This process is performed by using libraries for authentication, such as the default library msgina.dll. Its role is to authenticate the login information from network with the local users credentials, ie those stored on the computer only.

. Services.exe - Services Processes Controller
Services.exe is the process responsible for the management of service processes (stop, start, pause). It also takes care of the interaction between services or between applications and services by using numerical command post. This interaction remains limited.

. Svchost.exe - Generic Host Process for Win32 Services
This is a generic process used to host other processes stored in the form of DLL libraries. Svchost is used in the execution of one or more services at a time.

. Alg.exe - Application Layer Gateway Service
The alg.exe executable allows applications (such as IM clients, RTSP, BitTorrent, SIP, and FTP) from a client computer to dynamically utilize passive TCP/ UDP ports in communicating with known ports on a server. This allows software to access applications that reside on another computer even if there is a firewall.

. Spoolsv.exe - Printer Spooler Service
This process job is the management of print jobs, they are put into queue and they are sent to the printer. This process is necessary for printing. It does not consume any resources until the arrival of one or more print jobs. In this case, the size of the memory used depends on the size and content of the print job.

. Wuauclt.exe - Windows Update Automatic Updates
Wuauclt.exe is the process responsible for the update of Microsoft products. Its role is to connect to the Microsoft site and check, download and install needed updates. This process is active only when the automatic updates are enabled. It consumes very few resources. This process is needed for your computer security!





Common Spyware, Virus, & Trojan Processes

These processes are a threat!

. 1.exe - [ Register or Signin to view external links. ]
1.exe is a process belonging to an advertising program. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system.

. DW.exe - [ Register or Signin to view external links. ]
dw.exe is a process belonging to an advertising program by DelFin. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system.

. CMESys.exe - [ Register or Signin to view external links. ]
cmesys.exe is an advertising program by Gator. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system. Please see additional details regarding this process.
Non-system processes like cmesys.exe originate from software you installed on your system.

. gmt.exe - [ Register or Signin to view external links. ]
gmt.exe is a process belonging to the Claria advertising program by Claria Corporation. This process monitors your browsing habits and distributes the data back to the author's servers for analysis. This also prompts advertising popups. This process is a security risk and should be removed from your system.

. ISASS.exe - [ Register or Signin to view external links. ]
Part of Optix.Pro virus Isass.exe is registered as the Optix.Pro trojan which carries in it's payload, the ability to disable firewalls and local security protections, and which also contains a backdoor capability allowing a hacker fairly unrestricted access to the infected PC. This trojan was developed by someone going by the name of s13az3 and who formed part of (the since discontinued) Evil Eye Software crew.

. SCVHOST.exe - [ Register or Signin to view external links. ]
Part of W32/Agobot-S virus The scvhost.exe file is a component of the W32/Agobot-S virus. Another member of the Agobot (aka Gaobot) computer worm family, this trojan spreads via networks and allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.

. CRSS.exe - [ Register or Signin to view external links. ]
crss.exe is a process which is registered as W32.AGOBOT.GH Worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hopes that you open its hostile attachment.

. SVHOST.exe - [ Register or Signin to view external links. ]
svhost.exe is a process which is registered as the W32.Mydoom.I@mm worm. This virus is distributed via the Internet through e-mail and comes in the form of an e-mail message, in the hope that its hostile attachment is opened.

The following 2 users thanked WSMFP for this useful post:

Skruffy (06-23-2011), Jordan355 (06-23-2011)
#2. Posted:
PSN
  • Wise One
Status: Offline
Joined: Oct 06, 201014Year Member
Posts: 547
Reputation Power: 24
Status: Offline
Joined: Oct 06, 201014Year Member
Posts: 547
Reputation Power: 24
sweet post dude that must have taken a lot of work to make this +rep to you my friend great job
#3. Posted:
WSMFP
  • TTG Fanatic
Status: Offline
Joined: Jul 22, 201014Year Member
Posts: 4,513
Reputation Power: 226
Status: Offline
Joined: Jul 22, 201014Year Member
Posts: 4,513
Reputation Power: 226
Thank you, yes it took a longgg time.
#4. Posted:
Goth
  • Christmas!
Status: Offline
Joined: Apr 29, 201113Year Member
Posts: 4,161
Reputation Power: 237
Status: Offline
Joined: Apr 29, 201113Year Member
Posts: 4,161
Reputation Power: 237
really amazing and helpful post man.

keep em coming!
#5. Posted:
Jordan355
  • TTG Natural
Status: Offline
Joined: Feb 25, 201014Year Member
Posts: 928
Reputation Power: 33
Status: Offline
Joined: Feb 25, 201014Year Member
Posts: 928
Reputation Power: 33
Very nice detailed post. Very helpful thanks.
#6. Posted:
Weatherz
  • Rising Star
Status: Offline
Joined: Apr 03, 201014Year Member
Posts: 794
Reputation Power: 69
Status: Offline
Joined: Apr 03, 201014Year Member
Posts: 794
Reputation Power: 69
Nice post Woodstock. Looks great 8)
#7. Posted:
WSMFP
  • TTG Fanatic
Status: Offline
Joined: Jul 22, 201014Year Member
Posts: 4,513
Reputation Power: 226
Status: Offline
Joined: Jul 22, 201014Year Member
Posts: 4,513
Reputation Power: 226
If you have a process running that you are unsure about, post it in a comment and I will give you more information about it, and whether or not it is safe.
#8. Posted:
Skruffy
  • TTG Fanatic
Status: Offline
Joined: Feb 15, 201113Year Member
Posts: 4,094
Reputation Power: 186
Status: Offline
Joined: Feb 15, 201113Year Member
Posts: 4,094
Reputation Power: 186
wow... that is a great post there bro.. +repped and thanked.

great work
#9. Posted:
Ant
  • V5 Launch
Status: Offline
Joined: Jun 12, 200915Year Member
Posts: 8,515
Reputation Power: 520
Status: Offline
Joined: Jun 12, 200915Year Member
Posts: 8,515
Reputation Power: 520
[ Register or Signin to view external links. ]

crss.exe is not a virus in itself, its a critical part of windows. However it can be infected like any other file.

Deleting crss can screw your system up (if windows actually lets you do it, usually doesn't allow it).
#10. Posted:
WSMFP
  • TTG Fanatic
Status: Offline
Joined: Jul 22, 201014Year Member
Posts: 4,513
Reputation Power: 226
Status: Offline
Joined: Jul 22, 201014Year Member
Posts: 4,513
Reputation Power: 226
-Ant- wrote [ Register or Signin to view external links. ]

crss.exe is not a virus in itself, its a critical part of windows. However it can be infected like any other file.

Deleting crss can screw your system up (if windows actually lets you do it, usually doesn't allow it).


Are you thinking of csrss.exe?
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.