Ingeniously Pick Out the Viruses and Trojan From Process
Any viruses and Trojan can’t be irrelevant with the processes when they exist in system. Their trace is still discovered from the processes though using the hiding technique. Therefore checking the active process in the system is the most direct way for us to detect the virus and Trojan. However, with so many simultaneous running processes, which is the normal system process, while which is the Trojan process?
When you ensure there are viruses in the process but could not find the unusual process in the task management. It proves to be that the viruses have taken some methods to conceal.
Three ways for the Trojan conceal in the process.
1. Mix the false with the genuine.
The normal processes in system are svchost.exe, explorer.exe, iexplore.exe and winlogon.exe etc. Maybe you find that there exist such processes as svch0st.exe, explore.exe, iexplorer.exe, and winlogin.exe. After a comparison you will find the difference. For this is the common trick they use to fool the users, they slightly modify one of the letter in the process name from o to 0, from l to I, which will easily dodged the users’ eyes.
2. Perpetrate a fraud.
Provide it meets with a careful user, the above trick may not take effect and even be removed immediately. However the viruses can also improve its skill for it cleverly makes use of the fault of the task management that it can’t detect the executable file of the process. We know that the corresponding executable file for the process svchost.exe locates in C:\WINDOWS\system32 (while for Windows2000 it is at C:\WINNT\system32). If virus copy itself to the C:\WINDOWS\ and change the name as svchost.exe, it will be the same with a normal system process in the task management. At this time how can you distinguish it?
3. Revive in a new guise.
Except for the above two patterns, the virus adopts insert technology to insert the desired DLL files into the normal system process. Superficially it seems no suspicious condition, while actually the system process has been invaded by the viruses. It is very knotty to find out the hidden viruses without a professional detective tool of process. So there is a registry cleaner helping you scan your system and fix a variety of errors or viruses.