Contents
What is a malicious process?
Malicious process: winlogon.exe is a process which is registered as a trojan. “This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data”. This process is a security risk and should be removed from your system.
How do you end a malicious process?
Kill malicious processes using Task Manager
- In order to open Task Manager, you should press ctrl+shift+esc or ctrl+alt+del at the same time.
- As soon as Task Manager shows up, select the Process tab, and look for malicious processes on the menu.
- Right-click them and select End Process.
What is the ID of init process?
Process ID 1 is usually the init process primarily responsible for starting and shutting down the system. Originally, process ID 1 was not specifically reserved for init by any technical measures: it simply had this ID as a natural consequence of being the first process invoked by the kernel.
What are the characteristics of a malicious process?
In some cases, malicious processes will exhibit characteristics that immediately raise a red flag, such as established network connections with an Internet Relay Chat (IRC) server, or the executable stored in a hidden directory.
Can a malicious process be captured in memory?
In addition to acquiring and parsing the full memory contents of a running system to identify artifacts of malicious code activity, it is also recommended that the digital investigator capture the individual process memory of specific processes that may be of interest for later analysis as covered in the next section.
Which is the best way to detect macro malware?
With logging and alerting via a security information and event management (SIEM) solution, malicious macro activity can be easier to detect. At a high level, the methods to detect this activity involve: Performing endpoint scans. A key place to look for potentially malicious activity is process creation.
How to distinguish between legitimate processes and malware?
▶ Distinguishing between malware and legitimate processes on a Linux system involves a methodical review of running processes.
https://www.youtube.com/watch?v=8BYZXBpFYsM