In W2K/XP, press crtl+shift+Esc keys at the same time to open the Windows Task Manager. Click "Processes" and you can see many running processes. Take a closer look. Are there many strange EXE files running? The following are not real services, but programs or processes that run under different circumstances, many of which are necessary processes.
[Csrss]: This is one of the core parts of Windows, and its full name is ClientServerProcess. We cannot end the process. This 4K-only process often consumes about 3MB to 6MB of memory. It is recommended not to modify this process and let it run.
[Ctfmon]: This is the "language bar" displayed in the lower right corner of the desktop after installing WinXP (especially officeXP). If you do not want it to appear, you can cancel it through the following steps: double-click "Control Panel", "Region and "Language Settings", click the "Language" tab, click the "Details" button to open the "Text Services and Input Language" dialog box, click the "Language Bar" button in the "Preferences" below to open the "Language Bar Settings" dialog box, uncheck "Show language bar on desktop". Don't underestimate this detail, it will save you 1.5MB to 4MB of memory.
[dovldr32]: If you have a CreativeSBLive series sound card, you may encounter this process, which takes up about 2.3MB to 2.6MB of memory. Somewhat strangely, when I disabled the process from the taskbar and experimented with the DVD, no errors occurred. But if you rename this file, the Windows file protection warning window will appear, and the CreativeMixer and AudioHQ programs will fail to load. Of course, if you want to save some memory, you can disable it.
[explorer]: This is not Internet Explorer. Explorer.exe always runs in the background. It controls the standard user interface, processes, commands, desktop, etc. If you open the "Task Manager", you will see an explorer.exe in Runs in the background. Depending on the system's fonts, background images, active desktop, etc., it usually consumes 5.8MB to 36MB of memory.
[Ldle]: If you see it showing 99% usage in the "Task Manager", don't be afraid. In fact, this is a good thing, because it means that your computer currently has 99% of its performance waiting for you to use it! This It is a critical process and cannot be ended. The process is only 16KB in size and counts CPU idleness cyclically.
[IEXPLORE]: This is the IE browser. When we use it to surf the Internet, it takes up 7.3MB or more of memory. Of course, this increases with the number of open browser windows. But when all IE windows are closed, it will not disappear from the task manager. IEXPLORE.EXE is still running in the background. Its function is to speed up the speed when we open IE again.
[GenericHostProcessforWin32Services]: If after you install ZoneAlarm, ZonAlarm always complains that it cannot connect to the Internet when connecting to the Internet, then you should take a good look at the following text. Svhost.exe is GenericServiceHost, which means that it is the host of other services. If your Internet connection is not working, it is likely that you have disabled some necessary services. For example, if you have disabled the "DNS search" function, then you will not be connected to the Internet when you enter www.cfan.com.cn. But if you enter the IP address, although you can still surf the Internet, you have actually destroyed the key process of surfing the Internet!
[msmsgs]: This is the famous MSN process of Microsoft's Windows Messenger (instant messaging software). It is bundled in the home and professional editions of WinXP. If you are also running programs such as Outlook and MSN Explorer, this process will run in the background. Supports all these new technologies such as NET functions that Microsoft claims are very cool.
[msn6]: This is the MSNExplorer (MSN browser) process bundled by Microsoft in WinXP. This process requires msmsgs.exe to be run in advance.
[Navpw32]: This is a process started after installing the NortonAntiVirus2002 software. Unless you do not need the virus detection function, do not end this process.
process, this process also assumes the function of automatically updating the virus definition library file and the function of displaying a small icon in the system taskbar.
[Point32]: This is a program started after installing special mouse software (Intellimouse, etc.). Since there are many new mouse functions built into WinXP, there is no need to run it in the background of the system, which wastes 1.1MB. 1.6MB of memory, but also takes up space on the taskbar!
[Promon]: This is a program installed by Intel series graphics cards. It displays an icon control program on the taskbar and occupies about 656KB to 1.1MB of memory.
[Smss]: It is only 45KB in size but occupies 300KB to 2MB of memory space. This is one of the core processes of Windows and is the session management program of the Windows NT kernel.
[Svchost]: This is actually a service. Sometimes you will often see several of the same process in the "Task Manager" (respectively in charge of system, network, user or others). In Windows XP, If you end this process, the system will automatically shut down within one minute. In Windows 2000, this process will be displayed as a critical process and is prohibited from ending!
[SystemIDLEProcess]: This is a normal process called when no program or process makes a request to the CPU. The process cannot be ended. If it shows that the CPU usage is 97%, it means that there are only 3% of the CPU processes. It is occupied by a real program. If you find that this ldleprocesses has always maintained a low value (for example, it always displays 3%), then there must be an application that has been running and needs to be checked!
[taskmgr]: If you see this process running, you are actually looking at the "Task Manager" itself of this process. It takes up approximately 3.2MB of memory, so don't forget to include it when optimizing your system.
[Vptray]: This is an icon process displayed by NortonAV on the taskbar, occupying about 2.9MB of memory. If we remove this icon from the taskbar, some memory can be recovered, but in fact it is still running in the background.
[Winlogon]: This process handles login and logout tasks. In fact, this process is necessary. Its size is related to the time you log in. I have personally seen the fluctuation of the space occupied by this process. One is logged in for about an hour. , the memory fluctuates between 1.7MB and 8.5MB; the other has been logged in for more than 40 days, and the memory fluctuates between 1.7MB and 17MB.
[Wowexec]: When you run some old applications (such as some 16-bit programs) or run DOS command line programs under the DOS console, you will find it in the process.
[TaskSwitch]: This process will appear after powerToys is installed in the XP system. Press Alt+Tab to display the switching icon, which takes up approximately 1.4MB to 2MB of memory space.
[In WIN2000/XP, the system includes the following default processes]:
csrss.exe
explorer.exe
Internat.exe
lsass.exe
mstask.exe
Smss.exe
Spoolsv.exe
Svchost.exe
Services.exe
System
SystemIdleProcess
Taskmgr.exe
winlogon.exe
Winmgmt.exe
[More processes and their brief descriptions are listed below]
process name
describe
smss.exe
SessionManager
csrss.exe
subsystem server process
winlogon.exe manages user login
services.exe contains many system services
lsass.exe
Manage IP security policies and enable ISAKMP/Oakley (IKE) and IP security drivers
svchost.exeWindows2000/XP file protection system
SPOOLSV.EXE loads the file into memory for later printing
explorer.exe explorer
Pinyin icon in the tray area of internat.exe
mstask.exe
Allows a program to run at a specified time.
regsvc.exe
Allow remote registry operations. (System Services)->remoteregister
winmgmt.exe provides system management information (system services)
inetinfo.exemsftpsvc,w3svc,iisadmn
tlntsvr.exetlnrsvr
tftpd.exe implements the TFTPInternet standard. The standard does not require usernames and passwords
termsrv.exetermservice
dns.exe
Respond to queries and update requests for Domain Name System (DNS) names
tcpsvcs.exe provides the ability to remotely install 2000 Professional on PXE remotely bootable client computers
ismserv.exe allows sending and receiving messages between Windows Advanced Server sites
ups.exe
Manage uninterruptible power supplies (UPS) connected to computers
wins.exe
Provides NetBIOS name services for TCP/IP clients that register and resolve NetBIOS-type names
llssrv.exe Certificate Recording Service
ntfrs.exe maintains file synchronization of file directory contents between multiple servers
RsSub.exe controls the media used to store data remotely
locator.exe manages the RPC name service database
lserver.exe registers client license
dfssvc.exe manages logical volumes distributed over a LAN or WAN
clipsrv.exe supports a "Clipbook Viewer" so that clipped pages can be viewed from a remote clipboard
msdtc.exe parallel transactions are distributed among more than two databases and message queues.
File system or other transaction protection resource manager.
faxsvc.exe helps you send and receive faxes.
cisvc.exe Indexing Service
System management services requested by madmin.exe Disk Management.
mnmsrvc.exe allows authorized users to remotely access the Windows desktop using NetMeeting.
netdde.exe provides the network transport and security features of Dynamic Data Exchange (DDE).
smlogsvc.exe configures performance logs and alerts.
rsvp.exe
Provides network signaling for programs and control applications that rely on Quality of Service (QoS)
and local communication control installation function.
RsEng.exe coordinates services and management tools used to store infrequently used data.
RsFsa.exe manages the operations of remotely stored files.
grovel.exe scans the Zero Backup Storage (SIS) volume for duplicate files and points the duplicate files to a data storage point.
to save disk space (only useful for NTFS file systems)
SCardSvr.ex manages and controls access to smart cards inserted into a computer's smart card reader.
snmp.exe
Contains agents that monitor network device activity and report back to the network console workstation.
snmptrap.exe receives trap messages generated by local or remote SNMP agents and then delivers the messages to
An SNMP management program is running on this computer.
UtilMan.exe launches and configures auxiliary tools from a window.
msiexec.exe installs, repairs, and removes software based on commands contained in .MSI files.
【Summarize】:
The secret to discovering suspicious processes is to read more of the process list in the Task Manager. After reading too much, you can spot suspicious processes at a glance, just like finding a stranger among a group of familiar people.