Security Windows

How to Handle Suspicious Windows Task Manager Processes

Tina Sieber 05-05-2014

CTRL + ALT + DEL is the keyboard shortcut you routinely use when you suspect something’s wrong with your Windows computer. Sorting through the Task Manager Mysteries Of The Windows 7 Task Manager: Why You Don't Need an Alternative This might seem contrary to what you read about throughout the Internet, but the Windows Task Manager is fine as it is – it doesn’t need a replacement. You could interpret that as a simple... Read More , you notice something like svchost.exe using 99% of your CPU or several instances of a cryptic process running. So now what?


Bill Gates admitted the CTRL + ALT + DEL keyboard shortcut was a mistake. It used to open the Task Manager, but was later replaced by a more comprehensive menu. The problem is, looking at raw processes listed in the Task Manager leaves most people confused and just as clueless as before. So they turn to Google and maybe that’s how you found this article.

If you’re wondering about a particular process or how to fix an issue it causes, we’ll equip you with the resources to find the solution yourself.

What’s in the Windows Task Manager?

It looks intimidating, but you need not get a headache when you look at the Windows Task Manager. You came here for a reason: to find out what’s distressing your computer. Maybe you’re looking for the process that causes high CPU usage How to Fix High CPU Usage in Windows Does your PC suffer from high CPU usage up to 100%? Here's how to fix high CPU usage in Windows 10. Read More , which in turn makes your annoyingly noisy fan 6 Things You Can Do to Silence a Noisy Laptop Fan Wondering why your laptop fan is so loud? Here are several ways to get some peace and make your laptop fan quieter. Read More run at full speed.

Be sure to click Show processes from all users to also see System processes or processes from other logged in users.

Windows Task Manager


To get a better overview of the issue at hand, for example to identify the process that hogs up all your memory, sort the entries in the Processes tab by clicking the respective category header. If you’re running Windows 8, the Processes tab will look slightly different. It is meant to provide a quick overview; switch to the Details tab for more information.

Windows 8 Task Manager Processes

How to Get Information via the Windows Task Manager

So one of the processes caught your attention and you’d like to find out more. Your options within the default Task Manager are somewhat limited, although in Windows 8 Microsoft took some cues from Process Explorer, Microsoft’s advanced Task Manager for Windows Process Explorer - The Most Powerful Task Manager Replacement [Windows] Let’s be honest, the Windows Task Manager isn’t that great for understanding and managing the processes running on your computer. Even on Windows 8, where it’s much-improved, the task manager can’t come close to the... Read More .

You can right-click a process and select Properties to identify when it was Created (installed) and other details. This might give you a clue whether or not a cryptic process is legit or potential malware. Additionally, you can open the file location or end the process or its entire tree via the right-click menu. In the Windows 8 Task Manager The Windows 8 Task Manager: A Gem Hidden In Plain Sight While many parts of Windows 8 are debatable (maybe Modern is the future; maybe it's not), one element of Windows 8 that has undergone a massive overhaul and made it unequivocally more awesome is the... Read More , you can also search online to find out more about a process.


Is This Process Safe?

Often, malware will try to mask itself in the Task Manager by imitating legitimate Windows system processes. Processes running under a user name or with a description that deviates from the norm are particularly suspicious. In the end, only a thorough investigation and malware scans can reveal whether or not your system is clean.

Meanwhile, the best source for finding out more about a cryptic process is the Process Library. It’s a continuously updated database with information about Windows processes, that presently contains almost 200,000 entries. Simply enter the process name in the search field and get an instant opinion regarding its security level.

Process Library on svchost.exe

When you find yourself using this service on a regular basis, you can install their ProcessQuickLink tool to take you directly from the Task Manager to the website.


I Think I Identified Malware!

Should you discover a process that appears to be malware, take immediate action. First, see whether you can get rid of the process by removing startup items 10 Startup Programs You Can Safely Disable to Speed Up Windows Computer booting slowly? You probably have too many programs running at startup. Here's how to disable startup programs on Windows. Read More ; maybe it’s a harmless tool that you don’t really need.

Windows Startup

If the process is persistent and not a system process, scan your system for malware Make Sure You're Clean With These Free One-Time Scan Antivirus Tools [Windows] It sucks to be constantly bombarded by computer-related threats, whether they’re spyware, malware, viruses, keyloggers, or whatever else. A popular way to combat this problem is to install an antivirus solution that sits in the... Read More . You can also ask for advice on MakeUseOf Answers. If it turns out you caught an infection after all, follow our Malware Removal Guide The Complete Malware Removal Guide Malware is everywhere these days, and eradicating malware from your system is a lengthy process, requiring guidance. If you think your computer is infected, this is the guide you need. Read More to eliminate unwanted guests. Aaron’s 10 Steps To Take When You Discover Malware 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More are also highly recommended.

Chrome Is a Special Case

My Task Manager screenshot above reveals that Chrome is RAM needy Is Chrome Hogging All Your RAM? Make It Behave With These 2 Extensions Chrome or Firefox? This might be the hottest question in today’s tech community, and one you’ll never find a straight answer for. Personally, I think both browsers are great, but have been using Firefox more... Read More and it’s also running a whopping 53 times. That’s because in Chrome, each tab and extension receives its own independent process.


If Chrome concerns you, know that the browser itself offers a way more powerful tool to examine its processes than the Windows Task Manager.

Chrome Task Manager

In Chrome’s own Task Manager, you can immediately identify which websites or extensions consume most of your memory and CPU power. Right-click the title bar of any Chrome window and select Task manager or simply click SHIFT + ESC. Google also offers Stats for nerds; click the respective link in the bottom left of its Task Manager.

How Often Do You Check the Task Manager?

Windows Task Manager processes are often cryptic. Worse, malwares try to fly under the radar by mimicking the names of legit Windows system processes. A suspicious candidate can be tackled from different angles: checking when and where it was installed, under what user it’s running, what the description says, what a library says about the item, and whether or not it raises a red flag in a malware scan. If everything appears to be harmless and the process doesn’t consume a ton of resources, you should let it go.

If you ever struggle with unresponsive apps How to Force Close a Program Without Task Manager Wondering how to force close a frozen program on Windows? Here are several ways to force-close apps without the Task Manager. Read More , know that you can kill them with or without the Windows Task Manager.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Eddy S.
    January 12, 2018 at 3:09 am

    Windows Task Manager helped me discover the dreaded vmxclient.virus by showing it appear in applications producing two client applications and then disappearing. Obviously, it is malware/Spyware. IT was driven by a process called snbvgrtsvce.exe which did NOT show up in Windows task manager.It was also driven by rasiezt.exe *32 which did show up in windows task manager but you couldn't kill it (these names might be randomized on different systems). My only point at this juncture is that vmxclient is embedded into the wininit.exe and has become corrupted. I determined all of the above from Process Explorer. I have Malwarebytes, Zemana and Unhackme and they are unable to detect and remove. While they are not consuming a lot of CPU (any good virus writer is going to make sure that this is not going to happen) I do see changes on my system and have wracked my brains in the last week. I am by no means an expert but I welcome corrections or insights.

    • Tina Sieber
      January 21, 2018 at 3:02 am

      Thank you for sharing your case, Eddy! Have you made any progress with eliminating the malware?

  2. Eddy S.
    January 12, 2018 at 2:51 am

    Windows task manager is not the complete answer running processes. Any programmer will tell you that you can hide processes in Windows Task Manager. Your best bet is Process Explorer from I found out a lot more from that. The only thing good about task manager I have seen is that it tells you which applications may be running on your system.

  3. Don
    October 4, 2017 at 3:26 pm

    I don't know if this is interesting enough:
    It's in Startup in Task Manager; a file that's called ' pcejmoty.vbs' , that's in a folder in Roaming called 'asihetvq' ,
    I've Googled all over and no clues yet ?

  4. Craig Connor
    September 16, 2016 at 7:23 am

    Hi there.
    I loaded windows 10 on to my old laptop and in task manager under services I noticed a few copies? can anyone fill me in if these are normal or maybe malicious?
    Contact Data
    Contact Data_267c3
    Messaging Service
    Messaging Service_267c3
    Sync Host
    Sync Host_267c3
    User Data Access
    User Data Access_267c3
    User Data Storage
    User Date Storage_267c3

    • Tina Sieber
      September 16, 2016 at 3:52 pm

      I don't see the Contact Data, Sync Host, User Data Access, and User Data Storage ones, but I do see the Messaging Service ones, though both have been stopped. I'm not sure what they are, but I'd ask Google or post the question in a Windows forum to get an answer.

  5. Bruce A. Henderson
    May 20, 2015 at 9:30 pm

    Hello, Tina...

    A very informative article. I have spent decades studying relational software and have totally neglected operating systems and hardware. If I knew then what I know now I would have reversed direction at the very beginning. Being retired I now have the time, and best yet the inclination, to know as much as I can about operating systems. Interesting stuff.

    Thanks again for a great article.

  6. Inf0Junki3
    May 7, 2014 at 8:39 am

    The task manager has improved with time, but I still prefer using Process Explorer ( - it's a free tool from Sysinternals -- er, I mean Microsoft -- which allows you to see a whole lot more process information. For instance, you can see which processes are sub-processes of others; for a given process you can see which files are open, what registry keys are used, which DLL's it is using, what servers are registered under it. If you're not familiar with it, I'd definitely recommend taking a look at it!

  7. Michael Dowling
    May 6, 2014 at 10:06 pm

    I have another layer of protection by running my browser and email in Sandboxie.

  8. Buffet
    May 6, 2014 at 2:28 pm

    Why won't anyone ever tell how to get rid of that damned "System Idle Process"? That's what consumes all the resources!!

    • Victor O
      May 6, 2014 at 10:36 pm

      The "System Idle Process" is basically everything that's NOT being used by something else. If it is really high, then it means that there isn't much going on in your other processes. The task manager measures by percent of the processor used, and percentages always have to equal 100%.

  9. Rob H
    May 6, 2014 at 11:05 am

    It's a pity that after nearly 30 years of Windows development and over 30 years since the first large-scale computer virus outbreak (Elk Cloner on Apple II), Windows is still so insecure. Worse, a spokesman for Symantec (Norton Antivirus) recently said "...modern antivirus software only stops around 45 per cent of attacks on computer systems and lets the rest through. " (That's not an excuse not to get the best antivirus software available - currently Kaspersky, Norton, Comodo, Bitdefender rank highest).

    • Sean R Kethcart
      February 20, 2017 at 10:57 am

      As an update to anyone reading down through these comments, Webroot is now by far the number 1 ranked AV product for detection rates. They do antivirus differently than any of the others mentioned above. They do not put definitions on the machine, the client itself is incredibly lightweight and does not cause system slowdowns, and their detection engine is by far the best in the market.

      As an IT Security professional, I suggest all of my clients use Webroot, and all of them have after a brief demo from their sales teams. No, it's not free, but you truly do get what you pay for with AV. It's definitely very affordable, however.

      Do yourself a favor, skip all the rest, and go straight to Webroot. You can thank me later.

      • Tina Sieber
        February 20, 2017 at 5:30 pm

        Thank you for your input, Sean.

  10. A41202813GMAIL
    May 6, 2014 at 10:42 am

    A - Run The TASK MANAGER,

    B - Sort The Processes By Image Name Alphabetically,

    C - Do An Alt+PrintScreen Both On Normal Mode And On Safe Mode,

    D - Save The 2 Pictures For Future Reference,

    E - Do The Same For The MSCONFIG Startup List.

    Repeat From Time To Time - Create Files With 'YYYYMMDD-whatever' Names.

    If Any Doubt Arises In The Future, Just Compare The New Lists With The Ones You Have Saved.

    If There Is A New Process In The New List, You Could Have Spotted Some Malware.

    This Is True For Processes That Do Not 'Copy' The Standard M$ Names, Of Course.

    There Are Free Utilities That Let You Delete Processes From The MSCONFIG List, If Necessary.


    • Tina S
      May 9, 2014 at 4:07 pm

      Great low-tech advice. Although it might also be a software that was intentionally installed since the last screenshot was taken.

    • A41202813GMAIL
      May 9, 2014 at 5:01 pm

      Thank You.

      I Just Found Out A Better One.

      ( If You Know How To Use A File Manager Like ZTREE Or A Similar One )

      Enter In Safe Mode And Rename All Your .EXE Files As ( A ).( B ):

      A - 'ALL UPPERCASE.*',

      B - Some Weird Combination Of Uppercase And Lowercase, Like '*.eXe'.

      Example: taskmgr.exe Would Become TASKMGR.eXe, And So On.

      Whenever You Install New Software, Like A Browser Update, Repeat The Process.

      You Have Just Created A Simple Alert When You Spot Any EXE Process Name That Does Not Comply.


  11. David B
    May 6, 2014 at 8:40 am

    If you're bitten by malware then simply terminating suspicious processes is likely not going to give you any relief (most malware processes will restart immediately, if not on the next reboot). Identifying and terminating bad processes (i.e. using a process monitor to 'end task' a suspicious process) is only a tiny first step in the process of identifying and removing malware. Some unwanted programs (that look like malware) will allow you to uninstall them via the control panel (I sort the entries in programs by date, to see what other programs piggybacked on the first unwanted program, because they have the same install date)

    The second steps involve identifying and removing suspicious processes that start up in Windows Task Scheduler, rebooting into safe mode (with networking) and downloading and installing a tool like HijackThis to scan the entries of everything that starts up (e.g. via the registry, autostarts, browser extensions, proxy changes) removing those, and going into service manager (run -> services.msc) and disabling bad services before rebooting into Windows and using a program like Malwarebytes Antimalware or Spybot to do a full malware sweep and cleanup. But first, *and this is very important*, you must know what a healthy, uninfected system looks like in terms of what processes and services start up, or you could end up causing problems that prevent things from working correctly.

    If you don't have the kind of experience with computers to know what things are supposed to be running, then you should leave malware removal to someone more knowledgeable or at least have a backup plan for saving your files and reinstalling your operating system.

    • Tina S
      May 9, 2014 at 4:05 pm

      Very true, David!

      The post is meant for people who panicked after noticing a suspicious process and turned to Google. The main objective was to help them figure out whether or not the process is really troublesome.

      Thanks for expanding on how to get rid of actual malware. I added a section to my post pointing the reader to our Malware Removal guide an an article that thoroughly explains what to do when malware was discovered.

  12. Bam
    May 6, 2014 at 5:56 am

    Don't forget in Process Explorer, you can suspend tasks rather than kill them, which is useful when dealing with malware that restarts itself when its processes are stopped.

    • Tina S
      May 9, 2014 at 4:00 pm

      I mentioned Process Explorer, including a link to our review of it.

  13. Jello
    May 6, 2014 at 12:02 am

    Good tips sweetie. I hate Chrome. There is like 8000 processes of chrome.exe eating up ram. I switched back to Firefox.

    • Tina S
      May 9, 2014 at 3:57 pm

      Did you check how Firefox compares to Chrome in terms of resource use? It probably got better, but it used to be worse than Chrome. Just because Chrome runs more processes, doesn't mean it's more resource intensive.

      You can reduce the number of Chrome processes by disabling or removing extensions by the way. And by closing open tabs of course.

  14. Paul B
    May 5, 2014 at 8:33 pm

    Nice, did not know about the Google Chrome task manager.