What are system processes? How do I do virus analysis through system processes? The sequential execution of a program on a computer is a process, and to start a process is to run a program. Processes are divided into user processes and system processes. System processes are used to complete various functions of the operating system. The process used for all launches is the user process. A process is the unit of resource allocation in the operating system.
Press the shortcut keys Ctrl, Alt and DELETE at the same time to call the task manager and view the program labels running on the computer. You can also view the tabs of programs running on your computer by right-clicking in the blank area of the taskbar and selecting Task Manager. Viruses that are harmful to the system also appear in the form of processes. Through system processes, viruses can be detected and killed in time to effectively prevent system disorder.
In the system running process, there are various operations and system management computer individual process, user opened and executed additional program process. In the program that the system runs, after understanding the process that is necessary for the system to run, we can distinguish the virus program more smoothly.
How do I do virus analysis through system processes
Many computer users tend to use anti-virus software to check and kill viruses on their computers. In fact, we can find and analyze viruses on our computers through system processes.
Svchost.exe
With the increase of Services in Windows system, Microsoft sets most of the services to be shared based on the purpose of saving resources, which is started by the svchost.exe process. The function of svchost.exe is a system service. You can save a lot of system resources by calling this program.
There are two svchost.exe processes in Windows2000 system: RPCSS service process, svchost.exe for service sharing; At least four Svchost.exe service processes exist in the Windows XP operating system. If the number of svchost.exe is more than five, virus detection is needed. When a program other than C: \Windows\ System32 is detected, it is considered a virus program.
Explorer.exe
The Explorer. Exe process is used to manage computer resources. Ending the Explorer in task Manager means ending the taskbar, desktop, and file.
The Explorer. Exe process is started with the system. If an Explorer. Exe program whose executable path is outside C: \Windows is detected, it can be identified as a virus program.
Iexplore.exe
Iexplorer. Exe is the Internet Explorer browser that we usually use. Programs outside of C: ProgramFiles\InternetExplorer are viruses unless you have moved the folder location of InternetExplorer. There are two cases that the iExplorer. Exe program still exists in the system without running IE browser. One is that the virus impersonates the program name, and the other is that the virus operates in the background through iExplorer.
Roundll32.exe
The roundll.exe program executes internal functions in DLL files in the system. The number of roundll.exe processes in the system is the same as the number of DLL files. Programs detected outside C: \Windows\ System32 can be considered virus programs.
Spoolsv.exe
Spoolsv is used to manage the network print queue and local print work. When stopping and shutting down this service and spoolSV. exe is still in the system, virus removal is required.
What are system processes? How do I do virus analysis through system processes? In this article, you can check the process by taking note of the file name and path.