Analysis of running processes (Process Manager)

In first, click the "Scan" button. The program starts to scan your system. Progress bar appears on the screen. You will see list of processes in main table when progress bar reaches the right end. The processes will be sorted by their status (rating of danger). The program shows main properties of each process. The main process properties - Identifier (ID), Parent Process Identifier, File Name, Company, Description, Window Caption.



The program examines each process and assignes status of the process (rating of danger). Unsafe processes can be determined by rating of danger. The highest possible rating of danger is red. The red process is dangerous. The yellow process is suspicious. Highly rated process is not always dangerous. It can just contain similar code of virus or spyware. You have to decide is what to do with this process: delete it or mark as safe.

Current version of the program can assign statuses:
  • Dangerous - the process is hidden or uses virus/spy technologies. For example, "Hijack.exe" process is Trojan (shown as red on screenshot above). Its process has Dangerous status. The trojan process has empty "Company" field, but it can be signed by any name.
  • Altered - Process hash (checksum) has been changed or a thread has been created by another process in this process. The process contains and executes alien code of another process. This process is potentially dangerous. System process hash can be changed when you install Service Pack or Windows Hotfixes.
  • Suspicious - the process has not a visible windows and icons. Drivers (hardware utilities) only runs in the backround with no visible windows. You can see several suspicious processes (shown as yellow on screenshot above). Almoust all of them are drivers. Processes of Advanced Micro Devices are mother board drivers. Processes of C-Media Electronic are audio card drivers. Processes of NVIDIA Corporation are video card drivers. Processes of Lexmark International are printer drivers. Warning! LEXPPS.EXE driver of printer has empty "Company" field. Sometimes developers forget to sign their drivers. One suspicious process "GoogleToolbarNotifier.exe" is not driver. It is "Google Toolbar" update program. If You don't want it, you can delete it.
  • Deleted - the process is deleted, but it still presents in system records. The first reason is that dead process has unclosed handles.
  • Normal - the process has visible windows and don't use virus/spy technologies.
  • System - Operating System doesn't work correctly without the main system processes. Each system process has to be signed by Microsoft.
  • Good - the process was found in database of good processes.
  • Safe - the process was marked as Safe.
Do double-click on a process or select 'Process Information' in menu for detailed information about selected process.




You can mark a process as Safe or delete it and you can do other commands in the context menu or in "Process Information" window.

Process Information - To open the information window of selected process.
Mark as Safe - Mark the process as Safe.
Check this file for viruses with Virustotal.com - Download and install VirusTotal Uploader (vtsetup.exe 80KB) to upload files to www.virustotal.com. This is a useful, free and small program that enables you upload files to www.virustotal.com and determine the presence of viruses or malicious software that could do considerable damage to your computer. Please visit www.virustotal.com/metodos.html to download.
Add to startup - Add the process to startup. The process will run on Windows startup, or on user login.
Set priority - Set priority of selected process.
Hold priority - to hold a priority of selected process. If a process changes the priority then SPD will change it back.
Stop the process - The process stops executing application code (until you will do "Resume the process" command).
Resume the process - The process resumes executing application code.
Save the process - Save the process to the file on disk.
Load the process - Load the process from selected file.
Delete the process - Delete the selected process. Warning: be careful when you delete the system processes. If you delete it, Operating System can reboot.
Delete the process and its file - Delete the selected process and its file. Warning: be careful when you delete the system processes or drivers. If you delete it, Operating System can crash.
Block starting of the process by filename - It is works permanently, when SPD is not running or even deleted. Warning: be careful when you block the system processes. If you block it, Operating System can reboot.
Block starting of the process by filepath - It is works only when SPD is running. Warning: be careful when you block the system processes. If you block it, Operating System can reboot.


Copyright (C) 2006-2009, System SoftLab
Last update of this page: October 3, 2009.