In W2K/XP, press the crtl+shift+Esc keys at the same time to open the Windows Task Manager and click "Process" to see many running processes. If you look closely, there are many strange EXE files. run? The following are not real services, but programs or processes that run under different circumstances, and many of them are still necessary processes.
[Csrss]: This is one of the core parts of Windows, and its full name is ClientServerProcess. We cannot end the process. This process with only 4K often consumes about 3MB to 6MB of memory. It is recommended not to modify this process and let it run well.
[Ctfmon]: This is the "language bar" displayed in the lower right corner of the desktop after installing WinXP (especially officeXP). If you do not want it to appear, you can cancel it through the following steps: Double-click the "Control Panel" , "Region and Language Settings", click the "Language" tab, click "Details" button, open the "Text Service and Enter Language" dialog box, click the "Language Bar" button below, open the "Language Bar Settings" dialog box, Just cancel the "Show the language bar" checkmark on the desktop. Don't underestimate this detail, it will save you 1.5MB to 4MB of memory.
[dovldr32]: If you have a CreativeSBLive series sound card, you may record this process, which occupies about 2.3MB to 2.6MB of memory. Somewhat strange is that when I banned this process from the taskbar, through the DVD experiment, no error occurred. But if you rename this file, the windows file protection warning window will appear, and CreativeMixer and AudioHQ programs load errors. Of course you want to save some memory, then you can ban it.
[explorer]: This is not Internet Explorer. Explorer.exe is always running in the background. It controls the standard user interface, processes, commands, desktops, etc. If you open the "Task Manager", you will see an explorer. The exe runs in the background. Depending on the system's font, background picture, active desktop, etc., it usually consumes 5.8MB to 36MB of memory.
【Ldle】: If you see it in "Task Manager" showing a 99% occupancy rate, don't be afraid. In fact, this is a good thing, because it means that your computer currently has 99% of its performance waiting for you to use !This is a key process and cannot be ended. The process is only 16KB in size, and it cycles to count the CPU idleness.
【IEXPLORE】: This is the IE browser. When we use it to surf the internet, it takes up 7.3MB or more memory. Of course, this increases with the increase of the browser windows that open. But when all IE windows are closed, it will not disappear from the task manager. IEXPLORE.EXE is still running in the background. Its function is to speed up our opening of IE again.
[GenericHostProcess for Win32Services]: If you install ZoneAlarm and ZonAlarm always complains that it cannot connect to the Internet when connecting to the Internet, then you should take a good look at the text below. Svhost.exe is GenericServiceHost, which means that it is the host of other services. If your Internet connection is not working, it is very likely that you have banned some necessary services. For example, if you ban the "DNS search" function, then you will not connect when you enter www.cfan.com.cn Go online, but if you enter your IP address, you can still access the Internet, but in fact you have disrupted the critical process of surfing the Internet!
【msmsgs】: This is Microsoft's famous MSN process of Windows Messengr (instant communication software), which is bound in WinXP's home and professional versions. If you are still running programs such as Outlook and MSNEExplorer, the process will run in the background Supports all these new technologies such as Microsoft claims to be very cool, NET features.
[msn6]: This is the MSNEExplorer (MSN browser) process bound by Microsoft in WinXP. This process requires msmsgs.exe to run in advance.
【Navpw32】: This is the process started after installing NortonAntiVirus2002 software. Don't end this unless you don't need virus detection function.
Process, this process also undertakes the function of automatically upgrading the virus definition library file and the function of displaying a small icon on the system taskbar.
【Point32】: This is a program started after installing special mouse software (Intellimous, etc.). Since many new mouse functions are built into WinXP, there is no need to run in the system background, which is a waste of 1.1MB to 1.6MB of memory, and you also need to take up a place in the taskbar!
【Promon】: This is a program installed by Intel series graphics cards. It displays icon control program in the taskbar, occupying about 656KB to 1.1MB of memory.
【Smss】: It only has a size of 45KB but occupies 300KB to 2MB of memory space. This is one of the core processes of Windows and is the session management program of the Windows NT kernel.
【Svchost】: This is actually a service. Sometimes you often see several similar processes in the "task manager" (controlling system, network, user or other respectively), in Windows XP Inside, if you end this process, the system will automatically close within one minute. In Windows 2000, the process will be displayed as a critical process and is prohibited from ending!
【SystemIDLEProcess】: This is an ordinary process called when no program or process makes a request to the CPU. The process cannot be terminated. If it shows that the CPU occupancy rate is 97%, it means that only 3% of the CPU processes are It is occupied by real programs. If you find that the ldleprocesses has always maintained a very low value (for example, it always displays 3%), then there must be an application running all the time and needs to be checked!
【taskmgr】: If you see this process running, you actually look at the "task manager" of the process itself. It takes up about 3.2MB of memory, and when you optimize the system, don't forget to count it in.
[Vptray]: This is the process of NortonAV displaying an icon in the taskbar, which occupies about 2.9MB of memory. If we remove this icon from the taskbar, we can reclaim some memory, but in fact it is still running in the background.
[Winlogon]: This process handles login and logout tasks. In fact, this process is necessary. Its size is related to the time you log in. I have seen the fluctuations in the space occupied by this process. One is about an hour of logging in. , the memory fluctuates between 1.7MB and 8.5MB; the other logged in for more than 40 days, and the memory fluctuates between 1.7MB and 17MB.
[Wowexec]: When you run some old applications (such as some 16-bit programs) or run DOS command line programs under the DOS console, you will find it in the process.
【TaskSwitch】: This process will appear after powerToys is installed in the XP system. Press the Alt+Tab key to display the switch icon, which occupies about 1.4MB to 2MB of memory space.
[In WIN2000/XP, the system includes the following default processes]:
Csrss.exe
Explorer.exe
Internat.exe
Lsass.exe
Mstask.exe
Smss.exe
Spoolsv.exe
Svchost.exe
Services.exe
System
SystemIdleProcess
Taskmgr.exe
Winlogon.exe
Winmgmt.exe
【About more processes and a brief description of them below】
Process name
describe
smss.exe
SessionManager
csrss.exe
Subsystem server process
winlogon.exe manages user login
services.exe contains many system services
lsass.exe
Manage IP security policies and start ISAKMP/Oakley (IKE) and IP security drivers
svchost.exeWindows2000/XP file protection system
SPOOLSV.EXE Loads the file into memory for later printing
explorer.exe explorer
Pinyin icon for the internat.exe tray area
mstask.exe
Allows the program to run at a specified time.
regsvc.exe
Allow remote registry operations. (System Service)->remoteregister
winmgmt.exe provides system management information (system services)
inetinfo.exemsftpsvc,w3svc,iisadmn
tlntsvr.exetlnrsvr
tftpd.exe implements the TFTPInternet standard. This standard does not require a username and password
termsrv.exetermservice
dns.exe
Respond to query and update requests for domain name system (DNS) names
tcpsvcs.exe provides the ability to remotely install 2000 Professional on PXE remotely boot client computers
ismserv.exe allows sending and receiving messages between Windows Advanced Server sites
ups.exe
Manage uninterruptible power supplies (UPS) connected to your computer
wins.exe
Provide NetBIOS name service for TCP/IP customers who register and resolve NetBIOS-type names
llssrv.exe certificate record service
ntfrs.exe maintains file synchronization of file directory contents between multiple servers
RsSub.exe controls media used to store data remotely
locator.exe manages RPC name service database
lserver.exe registered client license
dfssvc.exe manages logical volumes distributed on LANs or WANs
clipsrv.exe supports "scrapbook viewer" so that clip pages can be viewed from remote scrapbooks
msdtc.exe parallel transactions are distributed in more than two databases and message queues.
File system or other transaction protection resource manager.
faxsvc.exe helps you send and receive faxes.
cisvc.exe indexing service
madmin.exe disk management requested system management service.
mnmsrvc.exe allows permissioned users to remotely access the Windows desktop using NetMeeting.
netdde.exe provides network transmission and security features of dynamic data exchange (DDE).
smlogsvc.exe configures performance logs and alerts.
rsvp.exe
Provide network signals for quality-based services (QoS)-dependent programs and control applications
and local communication control installation function.
RsEng.exe coordinates services and management tools to store infrequently used data.
RsFsa.exe manages the operations of remotely stored files.
grovel.exe scans duplicate files on the Zero Backup Storage (SIS) volume and points the duplicate files to a data storage point,
To save disk space (useful only for NTFS file systems)
SCardSvr.ex manages and access controls smart cards inserted into computer smart card readers.
snmp.exe
Contains agents can monitor the activity of network devices and report to the network console workstation.
snmptrap.exe receives a trap message generated by a local or remote SNMP agent and then passes the message to
Run the SNMP Manager on this computer.
UtilMan.exe launches and configures assistive tools from a window.
msiexec.exe installs, repairs and deletes software based on the commands contained in the .MSI file.
【Summarize】:
The secret to discovering suspicious processes is to look at the process list in the task manager more. After reading too much, you can discover suspicious processes at a glance, just like finding a group of strangers among familiar people.