Tuesday, January 17, 2006

Spyware or Not? Identifying Files and Processes

Got any suspicious files sitting on your hard drive? Perhaps you noticed an odd looking process running and your curious as to what it is, and what it's doing.

Getting acquainted with your computers files and running processes is a good thing. Familiarity can stop some bad things from getting worse. By using Google and couple of online scans, you can indeed begin to manage your security simply
and effectively at no cost. Running processes can be accessed via your task manager (XP).


For odd files you have noticed, but are unsure what their purpose is, you can just use Google. All you need is the files name, for instance:
lsass.exe

Googling this exe brings up many results:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2003-52,GGLD:en&q=lsass%2Eexe

In this case, the very first hit is from WinTasks 5. An excellent source for process information. Just about all the hits are pointing to this exe being a legit, required process.

Some other file source info:
Answers That Work

SysInfo


Well, now you know how to find info on a file. Lets say you Google a file and it comes up with results that are not too clear on it's legitimacy, what then? Take for instance the info contained on the above mentioned SysInfo site about the same file:

Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder.

Here we get some detailed info for the correct file path that the file is supposed to be for your OS. So, now your really confused. Well there is another option. You can scan the file online.

There are a few sites which will scan any file (some size restraints) for free with immediate results. All you have to do is go to the selected site and download the file to their servers. They are very handy in trying to determine what an unusual file is, and they serve as a resource point for the many vendors that offer them with regards to new malware, or viruses,
trojans and worms.

Two highly regarded sites for file scanning:
Kaspersky File Scanner

Joti File Scanner (extremely busy, server can show 'page not displayed', be patient, try again)


Now you can go and track down every file on your PC, provided of course you have a few hours. But it would be a good exercise in learning what some files are on your PC and what they do, I'm certain you will find some interesting results.

No comments: