Do you ever hear your computer’s fan spin up randomly? This kind of activity can be related to several things such as a process running for a recently opened application, scheduled virus scan or even a virus trying to execute an attack your PC. One program that I use to check my computer’s processes is called Process Explorer.
Process Explorer is a combination of task manager and system monitor for Microsoft Windows. PE provides the functionality of Windows Task Manager along with other features for gathering information about processes running behind the scenes.
The feature I want to mention today is Virus Total’s integration with Process Explorer. Virus Total is a free multi-engined anti-virus online scanning service that analyzes files,URLs and hashes. Virus Total uses AV engines such as AVG, Avast, Avira, BitDefender, ESET, F-Secure, GData, Kaspersky, Malwarebytes just to name a few, to identify viruses, worms, trojans and other kinds of malicious content within a few seconds. With the Virus Total integration into Process Explorer, you will be able to analyze suspicious files/processes in real time.
- Download Process Explorer here
- Extract the contents from the ZIP file. Right click the Zip file and select “Extract all..”
- Once the program is extracted, double-click the file procexp.exe to run Process Explorer
Once PE is opened, right-click the a file and select ‘Check VirusTotal’ in order to scan the file of a process running on your computer. Before you can submit a file, you have to agree to the Terms-of-Service . After you click Yes for the ToS, the file will be submitted to Virus Total and return with a result.
Generally you will see a result like 0/56. If you see a result like 1/56, it means that only one AV detected something. This generally means that the result is a false positive/ clean file. The more questionable processes will have results like 2/56, 3/56, 4/56 etc. Clicking on the link will open a new browser window displaying info like which anti-virus provided a result, the time of the scan along with the type of infection/malware that was found . Here is an example report:
Another way to submit the file to Virus Total is to right-click the file and select ‘Properties’. Once the properties window appears, click on the submit button to send the file to VirusTotal.