Get some answers

It's no fun to go into Task Manager and discover a load of mysterious processes running on your PC. In the case of the unknowns, you may ask yourself how much of this stuff you want. Or, more pertinently, if anything on your machine is doing harm.

Unfortunately, few of us have more than a passing familiarity with what's under Windows' hood: the programs that run it and those that run alongside it. In this section, we'll tell you how to identify most Windows system files and research an unknown file, so you can tell the good ones from the miscreants. And we'll show you how to trace every application running on your PC.

You never know where or when the next security breach will open up and swallow your data whole. Even if you run a firewall, up-to-date antivirus and antispyware scanners and maintain strict download discipline, you can still end up with the latest and meanest infectious agents on your PC. Here's how to see if malware is lurking on your system.

1. Cover your back at every step. System Restore can return you to the point just before you crashed. Click Start-All Programs-Accessories-System Tools-System Restore, select 'Create a restore point' and go through the wizard. Create a restore point before each change outlined in this walkthrough.

2. You need to make your system files visible. Open Explorer and click Tools-Folder Options-View. Click Show hidden files and folders, then ensure Hide extensions for known file types and Hide protected operating system files are unchecked. Click Yes to any warnings and delete only files you strongly believe to be malware.

3. Use Process Explorer ( Right-click a column and choose Select Columns, ticking Company Name and Command Line. Click the DLL tab, check Path and click OK. Choose View and ensure Show Lower Pane is checked. Finally, click View-Lower Pane View-DLLs.

4. Any processes running from the Temp folder should raise a red flag. If a running process points to a DLL (dynamic link library) in the Temp folder, be wary. In addition to Explorer.exe, XP users will find processes such as smss.exe, winlogon.exe, services.exe, alg.exe and lsass.exe. These are all critical files - don't touch any of them.

5. You will have several Windows program files running as well as these OS files. These normally start with 'Windows'. Examine the Description, Company Name and Command Line information for each process. You should be able to identify most of the programs associated with processes as software installed on your PC.

6. If you suspect a DLL might be bogus, the first place to check is Microsoft's DLL Help Database (, which lets you search for information about a DLL by name - handy if you suspect a file to be malware related. Another great resource is the Pest Encyclopedia at



Ransomware attacks are still very uncommon, but more are starting to appear, particularly from Russia and Asia.

If you're unlucky enough to fall victim to this type of cybercrime, do not pay the kidnappers and be sure to contact the police straight away. Make a note of the details of the ransom note and any other messages you've received. From an uninfected PC, run a Web search using these details. It's possible you could even find the password online. Finally, you could use an undelete program such as PC Inspector File Recovery (free; to recover some files, although it is very likely that you will find not everything can be restored.



Rootkit Revealer is a free alternative to programs such as F-Secure's BlackLight. It scans for Registry discrepancies that may suggest the presence of a rootkit. However, if rootkit makers do nothing to hide their malware, it doesn't always pick them up.


With all due respect to Rootkit Revealer, IceSword is considered the toughest rootkit scanner. In fact, the creators of the Hacker Defender rootkit made it their goal to defeat the program; so far, they've failed. It comes in the .rar format, so you may need to download WinRAR from


Hook Explorer can tell if a file has hidden itself behind legitimate programs. A file hooked into the Windows program winlogon.exe could record your keystrokes as you type your system password - if you tried to kill such a program, you'd crash your system.


SiteAdvisor is a free plug-in for IE and Firefox that colour-codes search results and sponsored links in Google, MSN and Yahoo. A red icon indicates spam, malware and links to other malicious sites. Yellow means the site is questionable; green means it's clean. And if there's a grey symbol, it's unknown.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ben Camm-Jones

PC World
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?