Do you ever hear your computer’s fan spin up randomly? This kind of activity can be related to several things such as a process running for a recently opened application, scheduled virus scan or even a virus trying to execute an attack your PC. One program that I use to check my computer’s processes is called Process Explorer.
Process Explorer
Process Explorer is a combination of task manager and system monitor for Microsoft Windows. PE provides the functionality of Windows Task Manager along with other features for gathering information about processes running behind the scenes.
The feature I want to mention today is Virus Total’s integration with Process Explorer. Virus Total is a free multi-engined anti-virus online scanning service that analyzes files,URLs and hashes. Virus Total uses AV engines such as AVG, Avast, Avira, BitDefender, ESET, F-Secure, GData, Kaspersky, Malwarebytes just to name a few, to identify viruses, worms, trojans and other kinds of malicious content within a few seconds. With the Virus Total integration into Process Explorer, you will be able to analyze suspicious files/processes in real time.
- Download Process Explorer here
- Extract the contents from the ZIP file. Right click the Zip file and select “Extract all..”
- Once the program is extracted, double-click the file procexp.exe to run Process Explorer
Once PE is opened, right-click the a file and select ‘Check VirusTotal’ in order to scan the file of a process running on your computer. Before you can submit a file, you have to agree to the Terms-of-Service . After you click Yes for the ToS, the file will be submitted to Virus Total and return with a result.
Generally you will see a result like 0/56. If you see a result like 1/56, it means that only one AV detected something. This generally means that the result is a false positive/ clean file. The more questionable processes will have results like 2/56, 3/56, 4/56 etc. Clicking on the link will open a new browser window displaying info like which anti-virus provided a result, the time of the scan along with the type of infection/malware that was found . Here is an example report:
Detailed results of a file/process marked by Virus Total
Another way to submit the file to Virus Total is to right-click the file and select ‘Properties’. Once the properties window appears, click on the submit button to send the file to VirusTotal.
This added functionality added in PE will be very useful for anyone wanting to quickly scan a suspicious file on their PC too see whats going on behind the scenes.
Cybergent_101 
There are few tools in my USB arsenal, but Process Explorer is definitely one of them! I’ve used VirusTotal in the past as well, however by the time I’m called in to help family and friends, the infection or malware is usually quite clear and doesn’t need additional research. Malwarebytes Anti-Malware is my go to tool of choice.
LikeLike
Yeah I agree with malwarebytes. Definitely my favorite as well. It has improved a lot over the years. For me process explorer is more of a “what is my machine doing” curiosity. I have a few tools in my USB stick rotation too.
LikeLike