|
I just found out about this and thought it was very cool.
Edit: fixed link
If you get the latest version of the free SysInternals tool Process Explorer[^], you can easily scan your running processes using VirusTotal.com (which checks against 57 different virus scanner's definitions).
It's super fast and very cool.
Unfortunately, I can't paste images in here to show you but here are steps to using it shown in the following linked images.
1. Start up ProcessExplorer
2. Start the virustotal.com scan of running processes:
http://raddev.us/images/sysinternals/procexp3.png[^]
You'll see ProcExp examining all the hashes of the running procs:
http://raddev.us/images/sysinternals/procexp1.png[^]
Finally, you'll see the results.
0/57 means none of the 57 virus checkers saw any problem.
You can see that one virus scanner thought my notepad++ was possibly malicious.
If you click the link it'll take you to virustotal.com so you can examine more info.
http://raddev.us/images/sysinternals/procexp2.png[^]
Check it out, I think you'll like it.
Disclaimer: I am not affiliated with sysinternals at all. I wish I was.
modified 26-Feb-16 11:18am.
|
|
|
|
|
|
|
When something is reported it is too late because the malicious code is already running and the system is compromised.
So it is a good feature for a quick check but you would know that a lot of work is ahead when something is reported.
But more important, there is malicious code meanwhile that can detect the virustotal requests.
|
|
|
|
|
Jochen Arndt wrote: When something is reported it is too late
You are right about that.
I just know that at times my various machines (laptops, desktops, etc) become extremely slow due to I/O and I wonder what it is. I was using this for that and to determine that something malicious isn't running at present time.
Of course, the answer to the killer I/O is always due to Microsoft updates.
Jochen Arndt wrote: there is malicious code meanwhile that can detect the virustotal requests
That is extremely interesting and terrible!!!
|
|
|
|
|
raddevus wrote: extremely interesting and terrible
What's really interesting and terrible is the quality of the coders that produce this crap. They are extremely good, some of them - it takes real work to avoid or bypass some of the security. If they put their effort into "legitimate" activities, they'd probably make more money, and the whole world would be a happier place.
I don't understand the mindset that writes this stuff, really I don't.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
|
OriginalGriff wrote: I don't understand the mindset that writes this stuff, really I don't
Code that can successfully exploit previously unknown/undisclosed flaws can sell for serious money. I'm sure you can understand that mindset.
|
|
|
|
|
Thanks for sharing! I used ProcMon just the other day to find missing dlls in a new installer. What a great and useful tool! I'm sure this one is awesome too.
"Go forth into the source" - Neal Morse
|
|
|
|
|
kmoorevs wrote: What a great and useful tool
The same can be said about pretty much anything from Sysinternals and Mark Russinovich in general.
|
|
|
|
|
I have been using the virus-scanner part of process explorer for awhile. I troubleshoot PCs at my work and this has been a valuable tool... one of my favorites.
It's interesting how some virus scanners detect things differently. Just because one or two detect it as a hit does not mean its infected but does give an idea of how suspect the file is.
Nice idea to share this on codeproject!
|
|
|
|
|
That's good additional information.
Thanks for chiming in.
|
|
|
|
|
Is elevator sex wrong on so many levels?
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
Only if you push all of her buttons!
Hogan
|
|
|
|
|
Going down...
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Nope, it would lift my spirits!
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Aye. And it would push my buttons.
/ravi
|
|
|
|
|
Gives new meaning to 'getting the shaft'.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
And reaching new heights.
/ravi
|
|
|
|
|
always hoping that no one has to apply the brakes.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
This is quite worrisome, I think you should be grounded.
|
|
|
|
|
Agreed. I don't think this thread is taking off like I thought it would.
/ravi
|
|
|
|
|
You want people to think outside the box on this one?
|
|
|
|
|
Sure, the door is still open for more posts.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
Ah good - I was feeling down.
/ravi
|
|
|
|