CrowdInspect для Windows
In many instructions for removing Adware, Malware and other unwanted software, there is an item about the need to check the running Windows processes for the presence of suspicious among them after the use of automatic malware removal tools. However, to make this to the user without serious experience with the operating system is not so simple – the list of programs executed in the task manager has little about what can tell him.
Verify Windows Processes in CrowDinspect
In many instructions for removing Adware, Malware and other unwanted software, there is an item about the need to check the running Windows processes for the presence of suspicious among them after the use of automatic malware removal tools. However, to make this to the user without serious experience with the operating system is not so simple – the list of programs executed in the task manager has little about what can tell him.
Help in checking and analyzing running processes (programs) Windows 10, 8 and Windows 7 and XP can free Crowdstrike Crowdinspect utility, designed specifically for this purpose, which will be discussed in this review. See also: how to get rid of advertising (adware) in the browser.
Using CROWDINSPECT to analyze running Windows processes
CROWDINSPECT does not require installation on a computer and is a .zip archive with a single executable CROWDINSPECT.EXE executable file, which, when starting, can create another file for 64-bit Windows systems. The program will require the Internet connected.
When you first start, you will need to accept the terms of the license agreement by the ACCEPT button, and in the next window, if necessary, perform integration settings with the Virustotal virus check service (and, if necessary, disable the download of previously unknown files to this service, “Upload Unknown Files”).
After clicking “OK”, the advertising window of the Crowdstrike Falcon protection software will open on a short period of time, and then the main CrowdInspect program window with a list of processes running in Windows and useful information about them.
To begin with, information on important columns in CROWDINSPECT
- Process.Name. – Process name. You can also display full paths to executable files by clicking the “Full Path” button in the main program menu.
- Inject – Check on the injection code in the process (in some cases it can show a positive result for antiviruses). In suspected of a threat, a double exclamation mark and a red icon is issued.
- VT or HA – The result of checking the process file in Virustotal (the percentage corresponds to the percentage of antiviruses that the file is dangerous). The latest version displays the HA column, and the analysis is performed using the Hybrid Analysis online service (possibly more efficient than Virustotal).
- MHR. – The result of checking in the Team Cymru Malware Hash Repository (the base of the checks of known malware). Displays a red icon and a double exclamation mark in the presence of a hash process in the database.
- WOT. – When performing a connection with sites and servers on the Internet, the result of checking these servers in the Web of Trust reputational service
The remaining columns provide information on the process of establishing Internet connections: the connection type, status, port numbers, the IP-local address, remote address and the IP-representation of the DNS addresses.
Note: You may notice that one browser tab is displayed as a set of a dozen or more processes in CrowdInspect. The reason for this is that displays a separate line for each installed only process connections (and the usual site open in the browser makes to connect directly to many servers on the Internet). You can turn off this type of display, disabling TCP and UDP button in the top menu bar.
Other menus and controls:
- Live /History. – changes a display mode (or real-time list, which displays a start time of each process).
- Pause – gathering information to put on pause.
- KillProcess – to complete the selected process.
- Close.TCP – complete the connection over TCP / IP for the process.
- Properties – open the standard Windows dialog box with the properties of the executable file of the process.
- VTRESULTS. – open a window with the results of the scan to the VirusTotal and a reference to the result of the scan on the site.
- CopyAll – copy all the information about the active processes on the clipboard.
- Also, for each process by right clicking the file context menu is available from the main action.
I admit that more experienced users to date thinking, “great tool”, and beginners do not understand what is the use of it and how it can be used. So short and simple as possible for beginners:
- If you suspect that your computer is something bad, and Antivirus and utilities, such as AdwCleaner computer has already been verified (see. Top Malicious Software Removal Tool), you can look in the Crowd Inspect and see if there are any suspicious background programs running in Windows.
- Suspicious processes should be considered a red mark with a high percentage in the column VT and (or) the red mark in the column of the MHR. Red badges in Inject if you encounter is unlikely, but if you see – the same note.
- What to do if the process is suspect: see the results in VirusTotal, VT Results pressing the button, and then clicking on the link with the results of anti-virus file scanning. You can try to search for the file name on the Internet – common threats are usually discussed on forums and support sites.
- If as a result it was concluded that the malicious file – try to remove it from startup, remove the program, which refers to the process and use other methods to get rid of the threat.
Note: Consider that from the point of view of many antiviruses of various kinds of “programs for download” and similar funds, popular with us in the country may be potentially undesirable for what will be displayed in the CROWD InSpect MHR columns and (or) MHR columns. However, this does not necessarily mean that they are dangerous – it is worth considering every individual case.
CrowdInspect для Windows
CrowdInspect – небольшая, бесплатная, портативная программа, которая позволяет выявить вредоносную активность на ПК при помощи таких сервисов, как VirusTotal, Web of Trust и Malware Hash Registry. О каждом запущенном процессе, использующем подключение к открытой сети, утилита предоставляет подробный отчет, где отображается имя процесса, его идентификатор, тип соединения (TCP / UDP), локальные и удаленные порты, IP -адреса и многое другое. Также программа отмечает любые ненадежные домены, к которым могут иметь доступ процессы, отображать полные результаты проверки VirusTotal. При обнаружении проблемы имеется возможность завершить любой выбранный процесс. Имеется возможность отображать только активные процессы, подключенные к сети в данный момент, или же просматривать все процессы, которые уже использовали вашу сеть в любой заданный период времени.
ТОП-сегодня раздела “другое”
AdwCleaner 8.4.0 AdwCleaner – бесплатная программа от Malwarebytes для борьбы с нежелательным и рекламным ПО, которые.
CrowdInspect 1.7.0.0 Простая в использовании, легковесная и портативная утилита, с помощью которой можно легко.
Avast Secure Browser 109.0 Конфиденциальный, быстрый и безопасный браузер от компании Avast, который умеет.
My Lockbox 4.3.7 My Lockbox – бесплатная программа, которая служит для скрытия и защиты паролем директорий, и.
Hex Viewer 1.2 Минималистичное приложение, которое позволяет просматривать шестнадцатеричный код.
Win10 Security Plus 1.0 Win10 Security Plus – приложение для повышения безопасности вашей операционной системы за счет применения или отключения разнообразных скрытых параметров и настроек.
Comments are closed, but trackbacks and pingbacks are open.