I’m looking at the myriad programs listed on task manager and can’t identify most. Any that look new I google to check if I should worry, but some that I’m not sure of or see a lot, use a fair amount of resources. Any suggestions on FREE programs to examine task manager and identify what is necessary and what I can safely shutdown or disable?
Process Explorer would be a good start
Also the site BlackViper is said to have a lot of usefull info about background tasks.
You can use HijackThis to get a good list of everything that is actually started automatically on your system. TaskManager doesn’t show everything and a lot of stuff is hidden by things like svchost and rundll32.
I’ll second Process Explorer
Process Explorer wont identify them any better than task manager. All the OS sees is xxx.exe. You need to google the executable’s name to get more information. I cant think of any application that keeps a database of all the thousands of windows .exe’s out there. This stuff is just on the web in different places.
Yeah, but a bad guy can call an .exe anything he likes. If you see, say, spoolsv.exe in Task Manager and Google it, you might conclude that it is the harmless Windows component of that name. Something like Process Explorer, however, might reveal that is not the expected …\windows\system32\spoolsv.exe, but an .exe in some other directory. That would be suspicious. Googling the .exe name won’t necessarily tell you anything about possible malware using that name.
Process Explorer can do other useful things, like revealing what lurks under those catch-all svchost.exe entries.
Autoruns (Autoruns for Windows - Sysinternals | Microsoft Learn) can help identify executables that startup at boot. You can filter 3rd party executables easily.
You will also need to examine your Services control panel because anything running as a service will appear as svchost.exe in task manager and you can’t tell them all apart.
Shutting down the autostarts and unneeded services will go a long way toward trimming back memory usage and risk of running malware and spyware. Just be careful and know how to boot into safe mode if you turn off the wrong things.
You dont need a third party app like autorun when you have msconfig
command window > tasklist /svc
If the intention is to identify malware, then I suggest a real virus scanner. End users shouldnt be trying to figure out if some .dll is real or fake. It usually ends in a non-bootable machine.
Be very careful about shutting down services, especially those which show up in a comprehensive tool like SysInternals Autoruns. You need to know exactly what it is you’re shutting down. Some of them can turn your computer into a doorstop if turned off, you won’t be able to get back in to restart them without expert assistance.
In spite of things not to like about Vista, one thing to like is that the task manager will tell you which services are associated with a particular process (such as an instance of svchost.exe) - right click on the process name, and select “Go to services”. It will show you the services tab with the ones associated with that process highlighted.
This might be the ticket if you want to know just what it is that’s running, ProcessQuickLink.
Puts a link to the entry for the process at ProcessLibrary.com next to the Image Name in the Task Manager.
Makes for much less guess work when using Process Explorer.
CMC fnord!
Start, Run, MSCONFIG will show you programs that autorun in your registry and the Startup folder in Programs. Click the Startup tab of MSCONFIG to see the list. You can then Google the names of each to determine whether you really need them, and uncheck them if you want them disabled. Reboot the computer and run it a while, if there are any problems you can go back to MSCONFIG and re-check any processes that you need back.
Not true. *Some *services are dlls executed via svchost.exe & show up as “svchost.exe” in the standard Task Manager.
But many more services are run as conventional exes. In fact, most of the mysterious .exes seen in task manager are services.