Common Windows Executable Processes
Below is a list of some of the more common Windows executable processes that, in most cases, should be left to run on your computer in order that your system continues to perform at its best without any problems. Do remember, however, that some malicious applications use similar and even identical process names in order to remain undetected and in resident on your system. Extra care should be taken before attempting to remove any process that may be a critical component of the Windows Operating System.
Smss.exe
The Session Manager Sub System handles the various sessions on your computer and is a critical component of the Windows operating system. The genuine version of this process should not be disabled because it will prevent your system from operating properly and efficiently.
Smss.exe is also known to be a component of a backdoor Trojan that can enable a hacker to gain access to your system and to your personal information. In order to determine whether you are running the genuine process or the Trojan, use ParetoLogic AntiSpyware in order to scan your system for any potential threats.
Csrss.exe
This is another process that could be either an essential Windows component or a backdoor Trojan. The genuine Windows component is known as the Client Server Runtime Server Subsystem and is used to deal with most graphical components and elements within Windows. It is required for the proper running of a Windows based system and should be left to run.
It is possible that csrss.exe could be part of a backdoor Trojan that can be used to steal information, alter system settings, install more malicious code, and more. Run an antispyware scan to determine which version is running on your computer.
Services.exe
The genuine services.exe process is always found within the system or system32 folder of your computer, and if you have a version that is stored in any other folder of your computer then you have been infected by the Sober.X worm.
The genuine process is responsible for the activation and deactivation of Windows services and is an essential component of your Operating System that is required in order to effectively use your computer.
The Sober.X worm is a mass mailing worm that collates email addresses from infected computers and then, using its own SMTP server, attempts to propagate to those email addresses. It will also reduce the security settings of any infected computer leaving it more vulnerable to attack from other infections.
Lsass.exe
Within the Microsoft Operating System, lsass.exe is responsible for dealing with local security settings and logon details, however, there are a number of malicious applications that also use this process name so care should be taken, in the shape of antispyware software, to ensure that you are looking at the genuine version.
At least two malicious applications use lsass.exe as an active process name. One is a backdoor Trojan that enables a third party to access your system, while another is a downloader that will download more malware to your computer until it is removed.
Svchost.exe
svchost.exe is a process that belongs to your Microsoft Operating System. Unusually, you may find a number of different versions of svchost.exe running on your system at any time but this does not indicate that you have a problem. The process is used to handle the functions that different DLL files have performed on your system, and typically these functions are grouped. Each group has its own instance of svchost.exe, hence the multiple versions that may be running on your computer.
As well as this genuine instance of svchost.exe it is also feasible that your system may be infected because there are a number of different threats that will use a process with this name. Use antispyware to scan your system and determine whether you have any infections or not.
Alg.exe
As with many genuine process names, alg.exe could either be a critical component of your Windows operating system or it could be a component of a worm, spyware, or virus. Locating the file or scanning your system with good antispyware software will help to determine which is the case for you.
If you access the Internet using a third party Internet connection or you have a third party firewall installed then the alg.exe process is necessary in order to use all the features of these applications. In these cases the file will be located in the system or system32 folder of your computer.
If the alg.exe file is located anywhere else on your computer then it is highly likely that you have been infected with a malicious program.
Wdfmgr.exe
This is a process that actually belongs to the Windows Media Player. While it is not a critical component of your operating system, it is required in order to combat certain compatibility issues that exist with the media player. If you use media player then you should leave this process to run, otherwise it is safe to disable or remove from your computer.
Explorer.exe
This is one of the main processes running on your computer and pertains to Windows Explorer. This includes your desktop, taskbar, and other components of your system. This genuine process can be found in the Widnows folder on your computer. If the file is located anywhere else then it is likely to be a virus or spyware. Users should also look out for a number of malicious processes that attempt to closely resemble this process name.
Cmd.exe
This process belongs to the Windows operating system, although it is not critical to the proper running of your machine. It is the command prompt or DOS section of your PC and the process may be active even when you do not have the command prompt screen open.
Rundll32.exe
This process is an important part of the Windows Operating System. It should be left to run unaltered on your machine because it is responsible for running the necessary DLLs and placing them into the library on your computer. Disabling or removing this process can cause serious errors with your system.
