Other issues in this category (37)
All secrets are revealed: What surprises does a PC hide?
Wednesday, April 6, 2022
What do we do when our computer starts to slow down? As a rule, we suspect virus activity and repeatedly open the Task Manager—"What if something suspicious is there?" Unfortunately, in most cases, we don't find anything; we run the scanner and wait for the verdict from the anti-virus. In today's issue of the Anti-virus Times, we will describe how to search for malicious objects in hidden folders and whether it is possible to recognise them in the Task Manager.
What can a user find in the Task Manager?
First, let's understand the terminology. Windows Task Manager is a manager that displays running processes and their impact on a computer. It can be started by pressing CTRL+SHIFT+ESC. The newly appeared window is the Task Manager.
An inexperienced user may be frightened by the large number of running processes, but do not jump to any conclusions—almost all of them are legitimate and do not imply a forced shutdown. In other words, users should not feverishly "terminate a process" when they see something unfamiliar.
At the same time, some illegitimate processes can be hidden in the Task Manager. But they can be disguised so carefully that it is almost impossible to distinguish them from real system ones. For example, a naive user may be confused by the COM Surrogate process: "What is this? I didn't run this program!" Meanwhile, this is a system component designed for the correct operation of some programs. But viruses also can be hidden under its name. Microsoft employees on the official forum recommend that users check the file location, saying that this is the only way to determine the legitimacy of the process. If the file is located in Windows system folders, everything is fine.
However, Doctor Web specialists do not quite agree with this judgment. Some threats can hide in system folders and create multiple directories meant to confuse users. If virus activity is suspected, we recommend that you contact our technical support service directly. The best way to do this is in writing so that our specialists can request the necessary logs, screenshots, and other information that can be used to investigate the incident.
If, for some reason, you did not install Dr.Web, use Dr.Web CureIt! It can be used to cure an infected system once. But it doesn't provide resident protection.
Threats vary, and not all of them can be detected in the Task Manager. Even if their processes have suspicious names, the user may simply not see this. For example, there exist miners that will shut down when the user opens the Task Manager. All this makes it difficult to find a source of infection on your own.
All secrets are revealed
Perhaps, you’ve heard about hidden folders. Windows has a feature that hides rarely used folders. However, you can hide absolutely any file, but many system files and components are hidden by default. This is done to avoid extraordinary situations—an inexperienced user can not only terminate a process in the Task Manager but also try to delete a couple of system files from System32.
Of course, it is possible to display hidden folders. To do this, find "Manage work folders" in the search taskbar. Then go to "Advanced settings", where you can select "Show hidden files, folders and disks". This way users can view many folders on their computer. It should be noted that some trojans use not only hidden folders but also special system attributes, the display of which can also be unblocked in the "Manage work folders" option.
Where then are viruses stored? Of course, the user is unlikely to find them manually in hidden folders. Few virus makers are going to create a threat that they’ll then place in a hidden folder named "VIRUS" on a desktop. Discovering threats in a hidden folder on your own is not easy. Here, as well as in the case of the Task Manager, you should trust Doctor Web's technical support specialists.
In addition, cyber threats vary greatly, and the ways that malicious files are stored on a computer can differ significantly. This means that there exists no single mythical folder that is located on the conditional D drive and stores hundreds of thousands of threats.
The Anti-virus Times recommends
- Don't forcibly terminate "strange" processes in the Task Manager.
- Make all folders visible—your computer contains many more files than you think!
- Use Dr.Web to protect your personal data.
- If you suspect malicious activity, please contact Doctor Web's technical support service.
- Read Anti-virus Times issues to stay up to date on cybersecurity trends.