How to check all Windows running processes for modifications
Sysinternals' Process Explorer is just the best when it comes to watching all processes that are running on your machine. I've been using it for years and I'm not afraid to say it's the best single executable I ever came across. Tools such as this one are what makes Windows a great OS to work on.
I use it all the time to check:
- how much memory/cpu processes take
- to kill processes
- to find new processes running on my machine (such as after a new software install: I dislike those pesky installers that silently install services and processes that start with Windows)
- to find the path to a certain executable
What I recently discovered however is that right from within Process Explorer, you can actually verify the signatures of all presently running executables.
and even better submit the hash of every single running executable to Virustotal for validation with all major antivirus engines.
Here's how it looks once the check was done.
As you can see I have one process that requires further attention. It's Notepad++. Simply clicking on the "1/57" brings up the virustotal report which after verification proves to be harmless.