Find if that Windows Process is Legitimate or a Virus?

Published in: antivirus

Start the Windows Task Manager at any point of time and you’ll find that dozens of processes are running in your system. Some of these process names are obvious - if there’s iexplore.exe in the list, you have Internet Explorer open on your desktop - but other processes like csrss.exe or dwm.exe will often make no sense to most of us.

Is that Windows Process a Virus?

The first thing that will help you determine if any particular process is a legitimate Windows process or a virus, is the location of the executable itself. For instance, a process like explorer.exe should be running from your Windows folder and not anywhere else.

To confirm, open task manager, go to View – > Select Columns and select “Image Path Name” to add a location column to your task manager. If you spot any suspicious-looking directory here, it may be a good idea to investigate that process further.

NoVirusThanks, an online virus scanning service, offers a portable desktop uploader that will make it easy for you to check if any of the Windows processes are legitimate or a virus /worm in disguise.

Scan Windows Processes for Virus

When you run this tool, it will automatically generate a list of all your running processes just like Windows Task Manager. You can right-click on any process name and upload* the corresponding file online for virus analysis.

Related: Recommended Anti-Virus Software

Once the file is uploaded , NoVirusThanks will instantly scan it against a dozen or so popular anti-virus programs including AVG, Comodo and Kaspersky so chance are low that a bad file with go undetected.

Other than Windows Processes, you may also send your loaded DLLs, driver files and start-up programs for analysis online with a simple right-click.

Another tool that can sometimes help you detect bad processes is Microsoft’s Process Explorer. Launch the program (it requires no installation) and check “Verify Image Signatures” under Options. Now go to View – > Select Columns add add “Verified Signer” as one one the columns.

Windows Process Explorer

If the “Verified Signer” status of a process is listed as “Unable to Verify,” you may well give that process a second look. Not all the good Window processes will carry a Verified signature tag but none of the bad ones either.

PS:If you have trouble sending your Windows process file for scanning, switch to the settings tab of the uploader and change the server from to (or vice-versa).

📮  Subscribe to our Email Newsletter for Google tips and tutorials!
Published in: antivirus

Looking for something? Find here!

Meet the Author

Web Geek, Google Developer Expert
Amit Agarwal

Amit Agarwal is a Google Developer Expert in Google Workspace and Google Apps Script. He holds an engineering degree in Computer Science (I.I.T.) and is the first professional blogger in India. He is the developer of Mail Merge for Gmail and Document Studio. Read more on Lifehacker and YourStory

Get in touch

Google Add-ons

Do more with your Gmail and GSuite account

We build bespoke solutions that use the capabilities and the features of Google Workspace for automating business processes and driving work productivity.

  1. Mail Merge with Attachments
    Send personalized email to your Google Contact with a Google Sheet and Gmail
  2. Save Emails and Attachments
    Download email messages and file attachments from Gmail to your Google Drive
  3. Google Forms Email Notifications
    Send email notifications to multiple people when a new Google Form is submitted
  4. Document Studio
    Create beautiful pixel perfect documents merging data from Google Sheets and Google Forms
  5. Creator Studio for Google Slides
    Turn your Google Slides presentations into animated GIFs and videos for uploading to YouTube