Finding Malware with Sysinternals Process Explorer

Рет қаралды 58,793

2 жыл бұрын

Finding Malware with Sysinternals Process Explorer
In this short video, Professor K shows you how to find malware that may be running as a process on your PC using Sysinternals Process Explorer.
Process Explorer is a tool that lets us access a lot of information about processes running on a machine and offers some excellent functionalities out of the box, which we can leverage to analyze and determine if something is malicious.
docs.microsoft.com/en-us/sysi...
docs.microsoft.com/en-us/sysi...
www.udemy.com/user/cliftonlkr...

Пікірлер: 41

@Prof856 2 жыл бұрын

I was paranoid about a program on my computer and my professor sent me this link. This was extremely helpful and set my mind at ease. Thank you!

@krah8052 2 жыл бұрын

Glad it helped!

@kaylght2740 Жыл бұрын

Very useful and very good for beginners like me, you sir need a medal for this great tutorial.

@Craigdna 9 ай бұрын

Thank you as that was an excellent presentation and made me much more informed. Very much appreciated.

@meckjoo 2 жыл бұрын

Great tutorial - I use this myself and instead of explaining to folks how to do it, I send them this link!

@krah8052 2 жыл бұрын

Good to hear!

@redmockingbird4704 8 ай бұрын

Excellen Video Professor - Great to the point presentation

@sechelemehesles7832 6 ай бұрын

Very useful and easy to understand. Thank you!

@marlonbonilla919 2 жыл бұрын

Thank you for the great work!

@aDenstech 26 күн бұрын

An awesome video, easy to understand and easy to implement. Thanks a lot.

@salvadorseekatzrisquez2947 9 күн бұрын

Amazing video! I have been doing several of these for a lot of year but exceeded all the knowledge I had. Thanks for sharing... This is my first video.... So I am sure you should have some more great material... Subscribing!!!

@anta-zj3bw Жыл бұрын

Excellent, Sir!

@johnlemes Жыл бұрын

Hello!! thanks for the tutorial Great information. Would you please tell me how can find, using Process Explorer, which process creates temp files in the respective temp folder? Thank you

@switchmusic2959 Жыл бұрын

i have an svchost, isass and csrss that show no signatures, paths and cannot be scanned with virus total. what should i do?

@bazo0ky 10 ай бұрын

I have the same thing. Basically press Ctrl+D the look if it's verified by Microsoft.

@Martin-ot7xj 6 ай бұрын

Hi there, it was a very useful and informative tutorial video. thnx

@rafaloleksiak2587 2 жыл бұрын

very good help, thx

@icollided 4 ай бұрын

Great video. I had a trojan scare this week, and after doing these things, I'm thinking that it was a false positive.

@shibechef 2 ай бұрын

for anyone struggling to open the folder as admin, you can just open the command prompt as admin, and then set your directory to the folder using cd (file path). for example mine was "cd C:\Users\Shibe\Downloads\SysinternalsSuite"

@AA-mc5il 9 ай бұрын

oh sir this video is so awesome thak you

@thaqvaylith1151 10 ай бұрын

thank you

@chriss1402 8 ай бұрын

ty, very nice

@GordonMelsom 2 жыл бұрын

Too Good hank you

@wznzgq1354 Жыл бұрын

what if the process has no handles and no dlls??

@Heelo_0 7 ай бұрын

it says The term 'procexp64.exe' is not recognized as the name of a cmdlet, function, script file, or operable program.

@sdfffdsf3t Жыл бұрын

ik i have malware or smth but the thing is i cant see the path command line current directory autostart location or really anything but ik its a virus that injected itself into the svchost.exe

@jonasosvaldsen8856 7 ай бұрын

Any luck?

@RaeuberFotzenRotz 6 ай бұрын

Quick Guide thanks a lot.

@W1llellaTFT 19 күн бұрын

There are some in virustotal check that has count like 1/78 and some have "the system cannot find the file specified". What do i do to those?

@cyberoffense3808 19 күн бұрын

I would say the file is suspect but most probably a false positive. The missing files are probably a permission issue or you need to clean out your system and registry.

@notrhythm 3 ай бұрын

prime youtube content

@wznzgq1354 Жыл бұрын

i have a bunch of processes with are without description and also have no dll's when i use ctrl+d, what could that mean? example smss.exe, Memory Compression, Interrupts, crss.exe, dllhost.exe, postgres.exe etc

@gullible119 2 ай бұрын

>finding malware >has CCleaner installed🚨

@captainspaulding7612 Жыл бұрын

hey man i have like 14 svchost.exe running is that normal ?

@Edison-newworldBlogspot Жыл бұрын

It's normal only. You can check the location of the svchost.exe and if it is not from system folder and found in temp location or app data, then that process must be malicious.

@switchmusic2959 Жыл бұрын

@@Edison-newworldBlogspot i have an svchost, isass and csrss that show no signatures, paths and cannot be scanned with virus total. what should i do?

@sundowner1318 Жыл бұрын

I’ve also had a problem with this file occasionally spiking

@DumindaSamaranayake Жыл бұрын

I notice 1 virus running on my machine I think it might be a false positive

@doumi4570 Жыл бұрын

Hey, i would like som sort of help. When i want to scan it with VirusTotal it normally writes hash submitted, but after few seconds it says The device connected to the system is not working on mostly apps. VirusTotal scans max of 10 apps. Thank You for your help. To the error i used translator, so it might be not acurrate.

@Yek-H Жыл бұрын

Same issue