Find if that Windows Process is Legitimate or a Virus?

Written by Amit Agarwal on Jul 21, 2012

Start the Windows Task Manager at any point of time and you’ll find that dozens of processes are running in your system. Some of these process names are obvious – if there’s iexplore.exe in the list, you have Internet Explorer open on your desktop – but other processes like csrss.exe or dwm.exe will often make no sense to most of us.

Is that Windows Process a Virus?

The first thing that will help you determine if any particular process is a legitimate Windows process or a virus, is the location of the executable itself. For instance, a process like explorer.exe should be running from your Windows folder and not anywhere else.

To confirm, open task manager, go to View – > Select Columns and select “Image Path Name” to add a location column to your task manager. If you spot any suspicious-looking directory here, it may be a good idea to investigate that process further.

NoVirusThanks, an online virus scanning service, offers a portable desktop uploader that will make it easy for you to check if any of the Windows processes are legitimate or a virus /worm in disguise.

Scan Windows Processes for Virus

When you run this tool, it will automatically generate a list of all your running processes just like Windows Task Manager. You can right-click on any process name and upload* the corresponding file online for virus analysis.

Related: Recommended Anti-Virus Software

Once the file is uploaded , NoVirusThanks will instantly scan it against a dozen or so popular anti-virus programs including AVG, Comodo and Kaspersky so chance are low that a bad file with go undetected.

Other than Windows Processes, you may also send your loaded DLLs, driver files and start-up programs for analysis online with a simple right-click.

Another tool that can sometimes help you detect bad processes is Microsoft’s Process Explorer. Launch the program (it requires no installation) and check “Verify Image Signatures” under Options. Now go to View – > Select Columns add add “Verified Signer” as one one the columns.

Windows Process Explorer

If the “Verified Signer” status of a process is listed as “Unable to Verify,” you may well give that process a second look. Not all the good Window processes will carry a Verified signature tag but none of the bad ones either.

[*] If you have trouble sending your Windows process file for scanning, switch to the settings tab of the uploader and change the server from to (or vice-versa).

Subscribe to our Email Newsletter