How to find out if a .exe process is spyware or virus

Windows XP has thousands and thousands of .exe files, and usually a lot of those executables are running at any given time. But are all of those .exe files legit or are they spyware/malware/viruses that are bad for your computer... I recommend you follow these instructions

First get the usual spyware finding stuff (if you don't have it already - DOWNLOAD IT!) like:

1. Spybot Search and Destroy
2. AdAware (the free version works fine...)
   
3. Windows Defender

Any one or more (more = better) of the programs listed below should be downloaded and run in order to search for any viruses. If the programs above find something then bingo! You've found the culprit! If not you'll have to do more digging....

Download Process Explorer from Microsoft's website and unzip the stuff and open up procexp.exe. There look for the .EXE file that you had your doubts about and click on the entry corresponding that bears the name of the executable. If you don't know what that entry means just right click on it and click on 'Search Online...'

Now it's time time to see if there are any suspicious DLLs associated with it. So just press Ctrl+L and then Ctrl + D to take a look at all the DLLs that don't have 'Microsoft Corporation' under the company name. If you aren't sure about the DLL then you'll have to search for it online and see what you get.

You'll also want to double click on the process, go to the 'Performance Graph tab' and see how much memory it takes up. It its taking too much memory or hogging up all the resources in your computer, then its probably a virus and should be dealt with accordingly.

If it doesn't show any of the symptoms mentioned above then it's probably supposed to be there, so just let it be there. Remember to run AntiVirus and spyware checks all the time though, because only those checks will tell you if something is bad or not.

Another tip that I can offer is to use your AntiVirus scanner to scan the specific .exe file you are suspicious about. To figure out where the .exe file is stored on your computer - double click the process in Process Explorer > Under the 'Image' tab you should see the 'Path:' box which is going to tell you where the .exe file is stored. Just point your AntiVirus to that location so that it can figure out if the file is a virus or not.

If you find anything suspicious using the methods above (yes, using the methods above is a requirement) then please post about it in the comments. If you need help in figuring out if a process is malicious, feel free to email me, and I'll try to help.