Losing the data – or the phone itself – can prove difficult to deal with, depending on how highly you rate the phone and what importance you place on the data stored therein. Having a backup plan in case of emergency is certainly recommended. But to have a plan of action, you need to know what the threats are. Fortunately there are competent, free solutions available on all four popular smartphone platforms.

Anti-Malware

Let’s be realistic – modern smartphones offer more threats to your personal safety than a computer.

Skilled hackers can use malware to scrape personal data off your phone, leaving you in debt when they take credit out in your name a few minutes later. With an always-on Internet connection in your pocket you might get an email from your bank informing you of the huge overdraft you didn’t apply for, but by then it will be too late.

Although such cases are currently rare, you obviously need to be aware of the possibilities and protect against these types of threat. The best answer here is to avoid visiting unsafe websites and installing untrustworthy apps from unofficial sources onto your phone, but if you absolutely must do this, make sure you protect yourself with some anti-malware software.

Lookout Security & Antivirus for Android phones is a suitable response, while iPhone and Windows Phone owners should ensure their devices are not unlocked or jailbroken. Concerns about transferring data to your phone from your computer can easily be addressed by installing anti-malware software for Windows or Mac OS X.

Encrypting Data

Both remote threats and those closer to home (such as having your phone stolen) can be partially addressed by encrypting data. Personal data stored on your phone can then only be accessed by the person with the encryption key – you. Should your device be hacked remotely or stolen it will prove next to impossible for the perpetrators to be able to read the data you have stored on your smartphone.

Android owners can use SecureMemo to keep data, passwords, and other data secure while SecurePhoto, meanwhile, provides security for photos stored on your phone.

If you use iPhone 3GS or later, you will have the advantage of native encryption while the My Eyes Only – Secure Password Manager app is a popular choice for storing notes, passwords and credit card data.

BlackBerry also offers native encryption and you might choose to secure your data using an app such as iLocker Lite to lock specific software, preventing unauthorized access.

Windows Phone users meanwhile don’t have the advantage of native encryption but unlike Android handsets don’t have an (easily) removable MicroSD card. Hidden Pass is the most popular app for encrypting personal data on this platform.

Tracing A Stolen Phone

As we’ve already discussed, smartphones are increasingly popular targets for thieves who might be looking for personal data, a quick way to make a phone call or hardware that they can sell to support their chosen lifestyle.

Whether you have been able to protect the data on your phone or not, you should be prepared to trace the device in the event of loss or theft. This is something that can be achieved using native software or third party apps.

Android users can take advantage of the Plan B app which will email your phone’s location to your Gmail address when you use another device to text the word “locate”.

Apple iPhone’s Find My Phone tool will locate the device on a map and allow you to remotely play a ringtone, display a message, remotely lock and even wipe it. Windows Phone users have a similar option also called Find My Phone which offers the same functionality but is native to the platform.

BlackBerry doesn’t have a such a system, although lost devices can be wiped by your BES administrator.

Backing Up To The Cloud

If you have concerns over the safety of data on your phone you can store it online or at the very least save a backup to the cloud. This can then be accessed via a web browser from another device or computer, allowing you to at the very least keep your data if your phone is stolen.

Naturally Apple iPhones have access to the iCloud service which effortlessly backs up apps and data, while Windows Phone owners have SkyDrive. Meanwhile Android offers data synchronization with Google for standard data such as calendar, contacts and emails.

Dropbox apps are available free for all platforms, meanwhile, including BlackBerry.

Conclusion

With suitable responses in place to deal with any of these possibilities, you should find that in most cases you can overcome data loss and phone loss. There is even a chance that your device can be retrieved or returned to working order.

In the meantime, don’t leave anything to chance. Keep your phone safe at all times, use the apps suggested above to pre-empt any threats or misuse of your handset and remember to take insurance on the device. Your mobile phone network will be able to refer you to their favoured broker, although you should check if you have any suitable cover already via other insurance policies.

There are a lot of things you can do to protect yourself. You can educate yourself on new potential threats, read on how to keep your computer secure, and what security software doesn’t protect, and obtain the best tools for the job, whether they are anti-virus programs or extensions.

Here, I’ll be taking a look at ClamWin, an open-source anti-virus program that’s been around for a while. Should you get it? Read on to find out.

Getting ClamWin

ClamWin is an anti-virus program based on the only open-source anti-virus solution in the market, Clam AV, which is a toolkit initially designed for UNIX.

As you can probably tell by the name, ClamWin is available as a download for Windows machines only. You can download the installer here, which is almost 40MB, or you can also try the portable app for anti-virus protection on the go.

If you’re wondering about which version to go with, I’m using the portable version 0.97.3 for this review. This latest release has improved bytecode signature matching, in addition to the reigning features that characterize this anti-virus – virus scanner, scanning scheduler, automatic virus database updates, and integration with Windows Explorer and Microsoft Outlook.

If you’re using the installer, be aware that the Ask toolbar might be offered during the installation. Make sure you read what the checkboxes are offering before you click Next. I didn’t see any such thing during the portable application “installation”.

Launching ClamWin

When you first launch ClamWin, you’ll likely need to download the built-in database of viruses.

Doing so will just take a few seconds if you’re connected to the Internet.

Once ClamWin has finished updating its Database, you can see the main window where you’ll have the options to set your preferences, update your virus definition database once again, scan programs currently running in memory and finally, scan specific files or directories.

Running Memory Scan

Selecting this option allows you to scan the programs that are currently running in memory. If you’re as paranoid as this author, t’s probably a good idea to update your virus definition database before running your scans.

Unless you’re running Photoshop, Mozilla Firefox, and many other resource hogs, this scan should be completed in a couple of minutes. Mine took just over 3 minutes and scanned 28 processes in memory.

Running File Or Directory Scan

In the main window, there will be a directory browser where you can select a whole drive (e.g. your C drive), specific folder or even a file to scan.

Depending on what you chose, this scan can obviously last a while. When I was running a scan for my D drive, ClamWin was also working really hard, using almost 109 MB of RAM. Not that it’s a bad sign, but it’s probably a good idea not to multi-task on your PC while you let a scan run through an entire disk drive. After a scan is finished, you can see the report right after, save it or access it in the main window menu.

If a virus is detected during the scan, there are three options you can choose from in the Preferences: Quarantine it, report it, or remove it.

If you’re particular about your scans, you can also filter files to be included or excluded from the scan in the Preferences. You can also limit a file size to scan or not, and also whether to extract files from zipped files in the Preferences window.

If you installed ClamWin instead of using the portable version, you’ll be able to schedule scans right in the Preferences window, increasing security for your PC.

If you’re using the portable version and wish to schedule scans, you could always use Windows Task Schedulerand clamscan.exe which should be under ClamWinPortable/App/clamwin/bin.

ClamWin shines for being an open-source anti-virus program with file and directory scanners, scanner scheduler, automatic downloads of virus databases and more. It does lack a real-time scanner, which could be a big con, but for basic protection and its price, it’s a great product to have on your PC security arsenal.

Have you used Clam AV or ClamWin? Share your experience in the comments section below!

About ClamTk

ClamTk is available for most of the popular distributions such as Ubuntu and Fedora, but is installable on all systems via compilation of the source code. In Ubuntu, you can install it by searching for “Clam” and installing the “Virus Scanner” or by running this in the terminal:

sudo apt-get install clamtk

In Fedora, you should be able to install it by searching for “clamtk” in the package manager or running in the terminal:

sudo yum install clamtk

Interface

Once it has been installed, go ahead and open it from your dash/menu/etc. You will now see the (very simple) main window of the application. There are a couple of different buttons to scan your home folder, a directory, or a file, or to exit the application. Below those buttons are a few checks made by the program to see if the latest version of the ClamAV engine, the latest GUI version, and the latest virus definitions are installed.

The virus definitions should be updated automatically through the scheduler (more on that later), while the engine version and GUI version are dependent on what is pushed to your distribution’s repositories. If any of the two are majorly out-of-date, you should notify the repository maintainers using the recommended method. Most distributions ask that you file a bug complaint or simply wait.

Menu Options

Aside from the very simplistic interface, some more advanced features are hidden within the menus. Under Scan, you’ll find a few more options for scanning, including quick and recursive scans. Under View, you can see the history of actions taken with the program, as well as clear that log. Under Quarantine, you can check the status of your quarantined items, restore or delete individual quarantined items, or simply empty the whole quarantine.

Under Advanced, you can schedule scans, run the antivirus wizard, submit a file for analysis, or tweak other preferences. The scheduler is an important feature as it makes staying virus-free easy and doesn’t require you to remember to run the scanner. It also makes up for the lack of real-time protection. With the scheduler, you can schedule scans of your home folder or entire computer, as well as virus definition updates.

The preferences include multiple scanning preferences, startup options, an option to whitelist directories so that they won’t be scanned, and proxy options so that you can get your virus definitions without any issues.

Finally, under Help, you can manually check for updates for the antivirus engine and the GUI, as well as look up information about the GUI itself.

Conclusion

ClamTk is an easy-to-use GUI for the ClamAV engine that should help you keep your Linux system virus free. However, more importantly, this easy tool will help you get rid of nasty viruses that may be on a separate hard drive or removable media. Don’t forget that as a rescue solution, you can boot up a Linux environment using a LiveCD and install ClamTk to combat the virus that may be plaguing your Windows machine.

What do you think of ClamTk? Is there any antivirus solution on Linux that is better? Let us know in the comments!

For starters, open source software is usually a good start, as anyone can see exactly how the program is written, and can therefore tell you how well it should work. The most popular open source antiviral tool, Clam AntiVirus (or ClamAV for short), is decent enough to be used on a regular basis.

About ClamAV

ClamAV used to be a pretty simple tool that did nothing more than scan files for viruses from the latest available definitions. Today however, the Windows version has been expanded. A new tool powered by ClamAV is recommended on their site for use on Windows machines. This new tool uses ClamAV and also adds real time protection and a new interface.

Linux users can still get regular ClamAV from their respective repositories, which is fine because you don’t really need anything more advanced on Linux as you do on Windows.

Download and Installation

To download and install Clam Antivirus for Windows, you’ll need to download the tool (known on the site as Immunet, as the Windows client seems to be a joint project) and install it as any other program. During the installation it’ll ask you whether you want the regular version or a trial of the paid version (which I find a little strange for a product based on open source software). However, keep going with the installation, and in no time at all you’ll be presented with the main window of the product.

The Interface

The main window, although slightly cluttered with some ads for the paid version, has a pretty clean design so that it’s easy to keep an overview of everything going on. You get some community links on the left, scanning options and other related information in the center, and a link to the settings and one to update the program on the right.

Scanning

Scanning is pretty straight forward. You can tell it to scan archived or packed files in the settings, and from there you run a Flash Scan (scans running processes), a custom scan, or a full scan. The mentioned rootkit scan is only available, again, in the paid product. Note that virus definitions are in the cloud and don’t have to be locally updated.

Settings

The settings are also quite interesting to go through, as it mentions multiple different engines that the program can use to scan files for viruses. This is especially useful if you’re not very trusting of cloud services and would rather disable those while keeping the local ClamAV engine enabled. There are also some settings where new programs are deemed safe or not before they are even installed or run.

Conclusion

ClamAV/Immunet is a great way to keep your computer safe from viruses. Not only that, but the site heavily advertises that it works well with most major antivirus solutions, so you can always run Immunet in addition to whatever software you currently have to protect yourself. In the end, you’ll be safe rather than sorry.

Since this is a fairly different program that uses the Clam Antivirus engine, in the future I’ll be writing another article of it’s Linux counterpart, which appears in its true form. Stay tuned for that.

What’s your opinion of ClamAV? Do you think it’s a handy tool or just another project that will never have a major impact in the antivirus community? Let us know in the comments!

That’s what has happened in the case of Ramnit, a malicious worm that has been spreading via executable and HTML files since April of 2010 (yes, almost two years ago). Security firm Seculert recently noticed that it has begun to target Facebook users, stealing their login credentials. Most of the users targeted so far live in the United Kingdom and France.

While it’s impossible to know exactly why these logins were stolen, it’s fairly easy to guess. Compromised Facebook logins are an excellent way to spread malware or conduct phishing attacks. A simple wall post with a shortened URL can easily direct the friends of a compromised account to malicious websites. This can allow malware to spread or trick users into giving up personal information.

It’s also possible that victims with compromised accounts could have them used to grant access to other services. Many people use the same password for Facebook as they do for other sites including email and even online banking. In addition, most people list their employers on their profile, which opens up the possibility of attacks against governments and corporations.

Consider this a reminder that you shouldn’t use the same password for all your accounts. Also, it’s wise not to click through links on social networking sites without using a website or browser plugin that can reveal the link’s full URL, making it possible to verify that it goes where it claims.

Source: Ars Technica

These viruses didn’t necessarily make front page news in the same way as Sasser, MyDoom or the Storm Worm did, but many were the first of their kind. It’s also worth noting that many were non-destructive, with the real aim of creating a self-replicating program rather than causing data loss.

1971: Creeper

Creeper was written in 1971 by Bob Thomas who worked for BBN, and is widely considered to be the first example of a computer worm. The program was self-replicating in nature and non-destructive to data as its main purpose was to test the effectiveness of such code.

Creeper was technically not a virus due to its rather passive nature. The author commented in response to this article:

“…the creeper application was not exploiting a deficiency of the operating system. The research effort was intended to develop mechanisms for bringing applications to other machines with intention of moving the application to the most efficient computer for its task.”

Creeper did not take advantage of an exploit on the (pictured) DEC PDP-10 TENEX systems it came into contact with, and was eventually stopped with a program called Reaper, which was specifically designed to halt the spread.

1981: Elk Cloner

In 1981 a 15-year old called Rich Skrenta stumbled upon the world’s first boot sector virus, Elk Cloner for the Apple II. At the time the Apple II used floppy disks to boot into the OS, which made it particularly vulnerable to attacks.

If a user booted into the OS from an infected floppy, the virus would be copied to the computer’s memory. Any further floppy disks that were inserted into the computer once Elk Cloner was in the memory would also become infected. Whilst the code was not malicious, the user would see a poem on every 50th boot.

Skrenta’s virus was not only the first to specifically target the boot sector but also one of the first to spread “in the wild” – i.e. outside of the environment it was originally written.

1986: Brain

Considered by many the first computer virus written for MS-DOS (and thus the IBM PC standard), Brain affected floppy disks, more specifically the boot sector of the DOS File Allocation Table (FAT), by moving the real boot sector elsewhere and marking it as “bad”. A copy of the virus replaced the real boot sector, but hard drives were specifically avoided.

The virus can be traced back to two brothers from Lahore, Pakistan – Basit and Amjad Iqbal who included the following message:

Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS…. Contact us for vaccination…

The virus was originally written as a copyright safeguard for medical software the pair were working on. They received phone calls from all over the world demanding inoculation, and still trade today as Brain NET, an Internet service provider.

1987: SCA

Another first, SCA was the Commodore Amiga’s inaugural computer virus, written by the “Swiss Cracking Association” or “Mega-Mighty SCA”. The group mostly specialised in removing copy protection from floppies, and thus the SCA virus targetted the boot sector of write-enabled disks.

Every 15th reboot the following message was displayed, warning the user that they were infected:

Something wonderful has happened Your AMIGA is alive !!! and, even better…some of your disks are infected by a VIRUS !!! Another masterpiece of The Mega-Mighty SCA !!

The virus only affected write-enabled floppies but would ruin custom bootblocks, such as those used by games. The SCA virus led the same group to release the first ever Amiga virus scanner in order to remove the infection.

1988: Morris Worm

With its source code preserved on a dusty floppy in the Boston Museum of Science, the Morris worm is one of the most famous outbreaks in history – mostly due to a mistake by its author. The Morris worm was in fact one of the first spread via the Internet, and exploited known vulnerabilities within the UNIX operating system.

The worm was originally not written to be malicious, but instead to try and gather information about the size of the Internet according to its author, Robert Tappan Morris. What made the worm such an issue was its method of spreading, which would re-infect every 1 in 7 PCs that claimed to already be infected.

This proved to be overkill and it is thought that of the 60,000 machines connected to the Internet at the time, 10% were affected. Morris was studying at Cornell University at the time, but chose to release the worm from MIT to avoid detection. He was later the first person to be convicted under the USA’s 1986 Computer Fraud and Misuse Act.

He received three years probation, 400 hours community service and a $10,000 fine. The worm is thought to have caused somewhere between $10 million -$100 million in damage and undoubtedly changed Internet security forever.

2006: Leap

Leap, also known as the Oompa-Loompa virus was the first to ever infect Apple’s cherished OS X operating system. Whilst it was not a full-blown outbreak, and didn’t even transfer via the Internet, Leap proved that no matter how tight security was, there were always going to be potential vulnerabilities.

The virus transferred itself via iChat’s Bonjour buddy list, but only over local area networks. In order for a machine to become infected the user had to accept the latestpics.tgz archive, open it and run the executable (claiming to be an image of Apple’s next OS) within.

The virus would infect non-system applications owned by the user, but due to a bug within the virus, any infected programs refused to run after exposure to Leap. Removal of the virus did not require a complete OS re-install, and thus Leap will always be considered a low threat virus, albeit a world-changing one.

Conclusion

I hope you’ve enjoyed learning about some of my “favourite” viruses, their origins and of course the knock-on effects. Whilst infections like Elk-Cloner and Creeper weren’t particularly damaging they were highly innovative and certainly provided a taste of things to come.

Do you know of any other interesting virus outbreaks? Remember that sinking feeling once your machine was infected? Have a rant below!

Image Credits: Shutterstock, DEC PDP-10, Apple II, Brain virus

Victims are hooked by an official-looking fake email informing them they need to update their billing information with Apple. A link that appears to point to the Apple Store is included, but when clicked it re-directs users to a fake website that is apparently hosted on its own server.

To make matters worse, the fake site looks like a legitimate Apple login page. Only a support number that begins with a 0 instead of a 1 might alert users that something strange is going on. The site otherwise appears professional and is free of the grammar issues and improper or missing images that often give away such facades like this.

So what can you do to protect yourself? You could just avoid clicking email links, though that may not always be practical. Another idea is to pay attention to your URL bar to make sure that the proper URL appears when you visit a site. In the case of the fake site, the URL shows the IP address of the scammer’s server rather than the real Apple Store address. You could also use a security suite with built-in anti-phishing features.

For more tips on how to avoid these sorts of attacks, check out Danny’s article on common tactics that can help you avoid being phished.

Source: CNET

Unlike most cases of malware, this virus embeds itself deeper into your system and requires more than a simple malware scan. However, even though the removal process is more involved, someone who is computer illiterate will still be able to perform it, so if you’re not very tech-savvy, fear not!

What Is The Google Redirect Virus?

The main symptom of the GRV is that clicking on a Google search result link will take you to another unrelated website. It doesn’t matter which search link you click and it doesn’t matter which browser you use for searching. How can you get it? Unfortunately, it’s not very difficult. If you accidentally (or even purposely) visit a malicious or infected website, and if you don’t have the necessary anti-virus protection on your computer, you can get it.

Technically, the GRV is not really a virus at all – it’s a trojan – and despite the name, Google has nothing to do with the problem. It’s not a problem with Google’s website, search engine, or anything else. The problem is local to your computer and it will affect all of the main browsers that you have installed, including Internet Explorer, Firefox, Opera, and Chrome.

Why Is The Google Redirect Virus So Frustrating?

For many people, the GRV is one of the most annoying and infuriating computer infections to deal with. Not only does it interrupt your normal search sessions, it makes it incredibly difficult to find a solution – because you can’t search for one. At best, you’ll spend inordinate amounts of time pressing the “Back” button to negate the website redirects. At worst, your productivity will plummet and you’ll stop wanting to even use your computer at all.

To add to the frustration, the GRV is difficult to remove. It is a variation of the TDSS rootkit, which piggybacks on top of a system driver. Since the system driver is innocent in the eyes of malware detection programs, the GRV is not flagged as malevolent and, therefore, not removed.

The GRV is an objectively small inconvenience, but it can wear you down and ruin your mood rather quickly. Luckily, there are tools and programs to aid in the process of removing the Google redirect virus.

Remove Google Redirect Virus – Using TDSSKiller

Follow these steps to get rid of the Google Redirect Virus once and for all.

Download TDSSKiller. Download the TDSSKiller.zip file to your Desktop and extract the files using an extraction program. WinRAR is popular, as is 7-Zip. After extracting, you should see a TDSSKiller.exe file.

• If you are unable to download the file, then the TDSS rootkit on your system may be blocking the connection. In this case, you’ll need to download the file using another computer and transfer it to your own computer.

Run the TDSSKiller.exe. Double click on the TDSSKiller.exe file to run it. The program will initialize and then present you with the ability to scan your computer for problems.

• If nothing happens when you double click the file, you’ll need to rename it. Right click on the file and select Rename, then rename the file to 12345.com. Take note that the .com extension is very important – it is how you can bypass the TDSS block.
• If TDSSKiller still won’t run, you may need to scroll down and use FixTDSS instead.

Scan your system. Click on Start Scan to start the scan. TDSSKiller will search your system for related problems and report back to you if it finds anything. If TDSSKiller happens to not find anything, you may need to scroll down and use FixTDSS instead.

Cure the problems. If TDSSKiller does find any problems, choose to Cure as many of them as you can – all of them would be best. If you can’t cure some of them, leave it on the default Skip option.

• Only use the Cure or Skip options. Avoid the Delete and Quarantine options because using them on critical system files may cripple your computer and render it inoperable.

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted.

Google Redirect Virus Removal — Using FixTDSS

These steps are only necessary if TDSSKiller failed to clean up your system.

Download FixTDSS. Download the FixTDSS.exe file to your Desktop.

Run the FixTDSS.exe. Double click the FixTDSS.exe file to run it. After the program initializes, click on the Proceed button to start the scan. The program will look for potential problems and fix them if necessary.

Reboot your computer. To complete the removal of the TDSS rootkit, you will be required to reboot. Do so when prompted. After your computer boots back up, you will see the results of FixTDSS’s findings.

Conclusion

At this point, the TDSS rootkit should be successfully eliminated from your system. You can check if the infection is gone by searching on Google and clicking on any search result link. If you aren’t redirected to another website, the infection is gone.

In the future, you can help prevent infections on your system by utilizing free anti-virus software. Compound that with safe computer habits and you will drastically reduce your likelihood of catching another virus.

If you are the victim of the Google Redirect Virus, try these tools out and let us know in the comments if they helped or not.

According to Lookout, these ill-gotten gains generally come from malicious websites and apps that contain Trojans. Once installed, the software sends messages to premium-rate numbers and services. The owners of those numbers make off with the cash while the victim is left with an outrageously high mobile phone bill.

The malware known as GGTracker, which hit the United States in June, is one of the most recent examples of a severe SMS Trojan. Lookout claims to have detected many new threats in recent weeks as well, information that seems in agreement with an earlier report by Juniper Networks stating that Android malware has increased significantly.

How do you protect yourself? Lookout doesn’t go so far as to specifically recommend its own security app, but having some form of anti-malware protection is a good idea. I stick by my recommendation of Kaspersky’s Mobile Security. The report also states that users avoid third-party app stores, be wary of certain types of applications, and avoid shortened URLs, among other things. The suggestions are longer than this news article (the report is quite detailed) so be sure to read the full report.

Source: Lookout Mobile Security

But when you get one of those nasty little downloads – one of those little scripts or apps that dig its way deep down into the heart of your computer – it can be unnerving.

Suddenly, your keyboard doesn’t work quite right. Your CPU starts going haywire when you aren’t even doing anything. Your mouse starts flipping out every time you open a particular browser.

If you’ve ever been bothered with such a malware or virus software, then you know what I’m talking about. Those little apps sometimes latch themselves to the inner workings of your computer when you least expect it.

While we all trust antivirus software and anti-malware programs like IOBit or MalwareBytes to identify those nasty varmints, the truth is that sometimes things slip through the cracks.

Luckily, there is a new tool you can use to manually go through and clean up those evil processes.

Close the Door on Malware

The bottom line is that any malware is typically meant to run in some form on your PC, and somehow transmit information into or out of your computer via the Internet.

A very simple utility called CloseTheDoor lets you probe into the processes that are running on your computer, and analyze those processes at a level that usually requires a professional. The reason you can do this is because CloseTheDoor makes the analysis very simple and logical, putting all of the tools you need in one place.

When you first run the program, it performs it’s basic function fast and well. You’ll see a list of every process “endpoint” that is listening on any port on your computer whatsoever. The detailed list tells you the interface IP (if there is one), the port, communication protocol, process ID, and any associated services.

While this all may not tell you exactly what the process is right away, the information is an important first step toward recognizing that something is running on your computer that you do not want running.

In particular, look for processes without any associated company or description information.

Once you spot a process that looks fishy, and you want to learn more, just click on the “Selection” menu and then click on “Locate the executable file”.

As you can see below, by tracing down the actual executable, you will often be able to identify the software that kicked off the process. For example, in this case Windows Explorer opened to the path for PaperCut NG, which was an educational software package that I was testing recently.
This discovery told me that there was a process running that I didn’t know about, consuming precious memory. Uninstalling the software removed that process, freed up the memory, and ultimately improved performance.

If you click on “File” and then the summary, you will see a general report with totals for how many endpoints are listening on each interface IP address. You don’t need to be quite as concerned with the IP addresses as you do with the total number of processes that are listening on some port on your PC

The software also gives you an entire toolbox of shortcuts and tools you can use to troubleshoot any problem processes that you simply can’t seem to recognize as valid. Sometimes, there may be a process running that isn’t malware, but you really don’t want it running all the time. That may be from a startup shortcut being added to your Startup folder without your knowledge. You can check out things like that using the System configuration utility under “Tools”.

Here you can view running services on your computer, and more importantly you can view and disable or enable all of the applications that are set up to auto-startup when you boot up your computer. This configuration utility puts all of the Windows config tools that can help you with process analysis all in one convenient window.

Another fast way to analyze an unknown process is by right clicking the service in the main display, and clicking on either “Process services” to view the services that are kicked off by this process, or you can use any of the Google or Wikipedia links in the list to research exactly what the process might be, and what that particular port is usually used for.

If you click to view the services, you’ll get a table of all running services that were kicked off by that process. You can select any of these services and stop them if you want. More importantly, some of the detailed names for those services may also offer some clues as the what the mysterious process is really all about.

To help you do some extensive research on the processes and services that you find running on your PC, CloseTheDoor offers a list of online resources under “Internet References”. Click on any of these to open up your browser and review resources like a list of port numbers and their uses at www.iana.org, a list of all Windows services at Wikimedia.org or how to configure your firewall at Microsoft.

The bottom line is that there will always bee some new malicious app out there that somehow – no matter what protections or blockades you put in place – gets onto your PC. When things start heading south with your PC activity and performance, researching your running processes is always a really good idea, and CloseTheDoor makes the process simple and painless.

Try out this utility and see if it helps you identify things running on your PC that you didn’t know about. Share your experiences with the software in the comments section below.

Image Credit: Shutterstock