Details of Task Manager required???

go4saket · 08-04-2006, 11:14 PM

Hello friends!

I am posting the image of the task manager that shows all the running processes in my computer. Can anyone please tell me the details of the running tasks, i.e. which software does a particular process represent, which are the tasks that can be safely turned off and what is "svchost.exe" as this entry is shown multiple times and hogs most of the resources.

For your convinence I am writing down the list of softwares that are running when I took this snapshot. Basicall no software was running except the ones that are on the taskbar. They are Kaspersky Antivirus, ZoneAlarm Firewall, Lawasoft Ad-Aware, Stardock ObjectDock Plus, Stardock WindowBlinds and Soundmax ControlPanel.

Thank you.

sakumar79 · 09-04-2006, 02:05 AM

svchost is the main Windows executable used to run services... Services are run as svchost.exe <Call to service dll> or something like that... You can use a free software called Daphne to give more info on each svchost call including parameters...

SMax4, SMax4PNP and SMAgent are related to your SoundMax Audio card (usu. part of the motherboard)

zlclient and vsmon are related to Zone Alarm

hkcmd is related to Intel Graphics/Multimedia

Ad-watch is related to Adaware

StarWindService is related to Alcohol 120% (which is a Virtual CD drive emulator)

ObjectDock and sdmcp are for ObjectDock program

wbload is related to Windows Blind

spoolsv is related to printer spooling, winlogon is related to windows login/switch user, services.exe is related to running services, smss is for handling sessions, alg is related to application layer gateway service, lsass is related to security policies, csrss is related to client-server runtime, mdm is related to machine debugging, wdfmgr is related to Windows Media Player - these are usually essential processes and not problematic...

Note: smss.exe and csrss.exe are also processes which are registered as a number of trojans and mass mailing worms, and the PWSteal.Wowcraft.B Password stealer. These Trojans allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
Also, winlogon.exe is also a process which is registered as Trojan.W32.Netsky and the Backdoor.w32.Prorat Trojans
Also, mdm.exe is also a process which is registered as the Win32.Lydra.a information stealing Trojan

avp is Added by the "Herman Agent" remote access TROJAN! The file is located in the system32 folder. This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry. It is to be removed asap...

Hope this helps...
Arun

go4saket · 09-04-2006, 08:53 AM

Thankyou so much sakumar79! Your post has really helped.

By the way, you said "avp" is a torjan. I have an antivirus and a spyware, both installed. Then why the hell does thse software doesn't detect this.

Anyways, how can I remove this manually. Do I need to go to the system32 folder and delete that file or will I have to do some registry editing also.

sakumar79 · 09-04-2006, 09:29 AM

Hmm, on further review, it is mentioned that avp can also be a process created by another program called TlcR, but there is no info about this...

Also, it is possible that trojans may not be detected by antivirus/antispyware software... Perhaps you can try ewido and see if it detects anything... Unfortunately, googling doesnt bring any solutions

Arun