Thursday, December 01, 2011

Process Explorer

Process Explorer is one of my favorite utilities.  Originally from the collection of software by Systernals, which is now owned by Microsoft.  PE is essentially Windows Task Manager on steroids.  My favorite use of this utility is for tracking down processes and services that are hiding in or behind some generic Windows process.  Process Explorer allows you to break down generic processes like svchost.exe into its individual child-processes.  You can also search for a file name you have found suspect to see which process is running it, and selectively kill that portion of the process.  This is how I have found root-kit viruses hiding in the recycle bin or restore folders.  While you're at the Systernals page, check out the other utilities in the Systernals collection.