July 7th, 2003, 02:50 PM
What is SUPPOSED to be running?
My computer internet has been acting strangely lately and I'm trying to determine if I have
a trojan or whatnot.
I have Norton, but am unsure if it would stop things like trojans.
Anyway, is there a list of processes that one can reasonably expect to be running on a Win200 box?
I know this would be highly variable, but I don't have much software on my machine
that should be activated on startup, but I find that I have a screen-and-a-half of processes running on startup.
Is this the right forum? Can someone point me in the right direction?
July 7th, 2003, 03:08 PM
its surprising how much useless crap win2000 runs by default. Howevever, most of it is harmless. You will have a bunch of processes running as svchost.exe. There will be the task scheduler, the system idle process, LSASS, System, and a bunch of others. Exactly how has your computer been acting? Keep in mind you are running windows
$person!=$kiddie or die(\"Alas, die you hotmail hacker!!\");
July 7th, 2003, 03:12 PM
Default Processes in Windows 2000
The information in this article applies to:
* Microsoft Windows 2000 Professional
This article was previously published under Q263201
This article describes the processes which run by default in Microsoft Windows 2000. These processes can be viewed using Task Manager.
Csrss.exe - You cannot end this process from Task Manager.
* This is the user-mode portion of the Win32 subsystem (with Win32.sys being the kernel-mode portion). Csrss stands for client/server run-time subsystem and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment.
Explorer.exe - You can end this process from Task Manager.
* This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.
Internat.exe - You can end this process from Task Manager.
* Internat.exe runs at startup; it loads the different input locales that are specified by the user. The locales to be loaded for the current user are taken from the following registry key:
Internat.exe loads the "EN" icon into the system tray, allowing the user to easily switch between locales. This icon disappears when the process is stopped, but the locales can still be changed through Control Panel.
Note The locales for the "System" are loaded from here:
These locales are used by system services that are running under the Local System account or when no user is logged on (for example, at the logon prompt).
Lsass.exe - You cannot end this process from Task Manager.
* This is the local security authentication server, and it generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.
Mstask.exe - You cannot end this process from Task Manager.
* This is the task scheduler service, responsible for running tasks at a time predetermined by the user.
Smss.exe - You cannot end this process from Task Manager.
* This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).
Spoolsv.exe - You cannot end this process from Task Manager.
* The spooler service is responsible for managing spooled print/fax jobs.
Svchost.exe - You cannot end this process from Task Manager.
* This is a generic process, which acts as a host for other processes running from DLLs; therefore, don't be surprised to see more than one entry for this process. To see what processes are using Svchost.exe, use Tlist.exe from the Windows 2000 CD-ROM; the syntax is tlist -s at the command prompt.
For more information, see the following article:
250320 Description of Svchost.exe in Windows 2000
Services.exe - You cannot end this process from Task Manager.
* This is the Services Control Manager, which is responsible for starting, stopping, and interacting with system services.
System - You cannot end this process from Task Manager.
* Most system kernel-mode threads run as the System process.
System Idle Process - You cannot end this process from Task Manager.
* This process is a single thread running on each processor, which has the sole task of accounting for processor time when the system isn't processing other threads. In Task Manager, expect this process to account for the majority of processor time.
Taskmgr.exe - You can end this process from Task Manager.
* This is the process for Task Manager itself.
Winlogon.exe - You cannot end this process from Task Manager.
* This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.
Winmgmt.exe - You cannot end this process from Task Manager.
* Winmgmt.exe is a core component of client management in Windows 2000. This process initializes when the first client application connects or continuously when management applications request its services.
Many of the processes that cannot be ended from Task Manager can be ended using the Resource Kit utility kill.exe. However, this command may cause system failure or other unwanted side effects.
hope this helps
yeah, I\'m gonna need that by friday...
July 7th, 2003, 03:30 PM
It origonally had Windows 95, then upgraded to ME, then 2000. I think. It's an old 400MHz and
needs to be put down
It's been behaving badly when I connect to the internet. IE sometimes weirds out on me.
I think I need to tweak the security on it.
This is a great start, and good to know information anyway.
July 7th, 2003, 04:24 PM
If you're still worried that you might have a trojan then you can always download a free trojan scanner. I recommend Swatit because it's free and works well. You can download it at http://swatit.org/download.html but you have to download the basic version if you want it for free. It takes up about 1.8 meg of HD space. If you would prefer to not download anything and save space you could try an online scan like the Panda Active Scan here http://www.pandasoftware.com/actives...asp?language=2 but I doubt if it could pick up anything that Norton would miss.....but Swatit could.
July 7th, 2003, 09:29 PM
For future reference, Try these sites too Baglor.
(These have both been posted in threads here before, so I don't take credit for finding them, Just passing them on)
The object of war is not to die for your country but to make the other bastard die for his - George Patton
July 7th, 2003, 09:38 PM
lol, ShagDevil, it would be really hard to find something of worth that *hasn't* been posted here (on AO) before. I think it's good to dig up stuff from other threads to supply someone with the info that they need.