Quick Reference Guide
Results 1 to 2 of 2

Thread: Quick Reference Guide

  1. #1

    Quick Reference Guide

    Quick Reference guide:

    List of common Running Processes Win XP legit files

    C:\WINDOWS\System32\smss.exe <<< Session Manager Subsystem: starts, manages & deletes user sessions.
    C:\WINDOWS\System32\winlogon.exe <<< Windows NT logon utility that manages user logons and logoffs..
    C:\WINDOWS\System32\services.exe <<< Used for starting, stopping and interacting with the system services.
    C:\WINDOWS\System32\csrss.exe <<< Client/Server Runtime Server Subsystem: handles Windows and graphics functions for all subsystems
    C:\WINDOWS\system32\lsass.exe <<< MS Local Security Authentication Server: handles aspects of security administration
    C:\WINDOWS\system32\cisvc.exe <<< Windows Content Indexing service
    C:\WINDOWS\System32\svchost.exe <<< Generic Host process for services that run from dynamic link libraries(DLL's).
    C:\WINDOWS\System32\svchost.exe <<< 2nd Generic Host process used to load services that use DLL's.
    C:\WINDOWS\system32\spoolsv.exe <<< manages spooled fax and print jobs
    C:\WINDOWS\system32\msdtc.exe <<< MS Distributed Transaction Coordinator manages transactions across multiple servers.
    C:\WINDOWS\System32\svchost.exe <<< 3rd Generic Host process used to load services that use DLL's.
    C:\WINDOWS\System32\llssrv.exe <<< MS License Logging Service logs the licensing data for NT Servers
    C:\WINDOWS\System32\taskmgr.exe <<< Windows Task Manager: displays all running system processes
    C:\WINDOWS\System32\rundll32.exe <<< Run a DLL as an App
    C:\WINDOWS\Explorer.EXE <<< Windows Program Manager or Windows Explorer- handles the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager
    C:\WINDOWS\System32\mmc.exe <<< Management Console: displays the management plugin's in Control Panel i.e. Device Manager etc .
    C:\WINDOWS\system32\ntvdm.exe <<< NT Virtual DOS Machine, which simulates a 16-bit environment for MS-DOS and 16-bit Windows applications.
    C:\WINDOWS\system32\Wowexec.exe <<< system compatibility process hosting 16-bit apps on Win32-based operating systems
    C:\WINDOWS\system32\ctfmon.exe <<< handles the Alternative User Input Text Processor & the MS Office Language Bar.
    C:\WINDOWS\System32\svchost.exe <<< 4th Generic Host process used to load services that use DLL's.
    C:\WINDOWS\system32\wuauclt.exe <<< component of the Windows automatic updater (in ME and XP)
    C:\WINDOWS\system32\nddeagnt.exe <<< Network Dynamic Data Exchange Agent
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE <<< Microsoft Internet Explorer web browser
    C:\HijackThis\HijackThis.exe


    If you have any of the above processes running on your system, be assured that they are safe. You might not have all of them depending on what you are running or you can have a different process that is not listed above.

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    be assured that they are safe
    Indeed? It might not be possible that I replace a particular file, like mmc.exe,
    with my own "trojaned" version? Then, C:\WINDOWS\System32\mmc.exe
    is running, and if I look at this list, it's legit? (I have in mind "standard
    windows users", which are running, at least for installation purposes,
    under administrator privileges).

    Unfortunately, I think the issue is not that simple in general. It requires
    to digitally sign the applications (MD5 or SHA-1 hashes may, however,
    depend on the particular OS and Service Pack) or to calculate the hashes
    and store them externally/read-only medium.

    Just a thought

    Cheers
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides