There are situations when you need to install and use a program in secret from another person who understands computers and often glances at the task manager processes when it freezes or unstable work devices. Sometimes you need to activate tracking of your computer to prevent it from being cluttered unnecessary files. In other cases, you need to follow the person. There can be a lot of reasons, everyone has their own.
What are processes?
A process is a program that runs on a computer and occupies a specific place in RAM.
Processes are divided into:
System(programs and utilities that are components operating system and any emergency termination of one of them may lead to negative consequences, such as a crash in Windows).
Anonymous(they are extremely rare, they are program files that are launched as auxiliary due to user manipulation, without requesting permission to launch).
Network/Local(processes in task manager associated with local network, the Internet, and the Registry are important programs and components of Windows).
Custom(programs that are launched by the user).
Is it possible to define a "left" process?
It is not always possible to determine the “left” process. If the person who created it and thoroughly disguised it, it is unlikely that even an experienced computer engineer will be able to calculate it, without receiving a hint of this fact and a detailed study of the behavior of each process.
However, a person who is sure that there is something hanging on the computer extra program, and even poorly disguised, will be able to calculate it in a matter of minutes.
How to hide a process in task manager?
The easiest option to hide a process is to rename the main one executable file. But it is worth considering how the program works and whether it creates additional processes that issue it.
If there are no unnecessary processes, then you can proceed:
1. Open the folder with the executable file. This can be done in several ways: if you know where the file is located, you can go to the folder with it, or right-click on the process and select “Open file location.”
2. After going to the folder, find the executable file, it should match the name of the process in the manager.
3. Rename the file so that it is difficult to determine the name change. You can perform renaming through the context menu item of the same name. The file extension must still be executable (.exe).
4. Go to the task manager and look at the process that you yourself changed.
Everything went fine, but the process is visible and should be disguised so that no one will guess its real purpose? To do this, it’s worth considering a few nuances that may allow you to hide a process in the task manager without anyone’s help.
The process should be similar to a program that creates many copies of itself and is always on. A clear example of this is all browsers based on the Crome engine, or on a constantly running Windows program, which will not arouse suspicion.
Names can be changed by switching Russian-English letters, for example, replacing English with Russian and correcting foreign letters: a, b, d, e.
Finally, it should be noted that you may need to rename a few more files that are “sub-processes” of the program.
We hope you understand how to hide a process in Windows. Experiment, hide, learn.
When something is wrong in the system or we just want to check the effectiveness of the antivirus installed on the computer, we usually press the three treasured keys Ctrl, Alt, Del and launch the Task Manager, hoping to find a virus in the list of processes. But in it we see only large number programs running on a computer, each of which is represented by its own process. And where is the virus hiding here? Our article today will help you answer this question.
In order to determine whether there is a virus in a process or not, you need to look very carefully at the list of processes. In the operating room Windows system Vista, be sure to click the “Display processes of all users” button, otherwise you won’t really see anything. First of all, pay attention to the description of the process in the “Description” column. If there is no description or it is somehow “clumsy”, this should alert you. After all, program developers have a habit of signing their creations in understandable Russian or English languages.
Having noted the processes with a suspicious description, we turn our attention to the next column - “User”. Viruses are usually launched on behalf of the user, less often in the form of services and on behalf of the system - SYSTEM, LOCAL SERVICE or NETWORK SERVICE.
So, having found a process with a suspicious description, launched on behalf of a user or on whose behalf it is unclear, right-click on it and in the appeared context menu select "Properties". A window will open with the properties of the program that launched this process. Pay special attention to the “Details” tab, where information about the developer, file version and description is indicated, as well as to the “Location” item of the “General” tab - the path to running program.
If the “Destination” path leads to the Temp directory, Temporary Internet Files, or some other suspicious place (for example, to the folder of a certain program in the Program Files directory, but you are sure that you did not install such a program), then POSSIBLY this process belongs to the virus. But all these are just our guesses, detailed information Of course, it’s better to turn to the Internet. There are good lists of processes on the sites what-process.com http://www.tasklist.org and http://www.processlist.com. If, after all the searches, your fears about the suspicious process are confirmed, you can rejoice - a virus, Trojan or other malware has settled on your computer, which needs to be eliminated urgently.
But the window with the properties of the file that started the process from the Task Manager may not open. Therefore, in addition to standard means Windows needs to use various useful utilities that can provide as much information as possible about the suspicious process. We have already reviewed one of these programs - Starter (http://www.yachaynik.ru/content/view/88/).
In Starter, the “Processes” tab provides comprehensive information about the selected process: a description of the program and the name of the file that launched the process, information about the developer, a list of modules (software components) involved in the process.
Thus, there is no need to delve into the properties of the file that launched the process - everything is in full view. However, this does not prevent you from right-clicking on the suspicious process and selecting “Properties” to get detailed information about the process file in a separate window.
To get to the program folder that belongs to the process, right-click on the process name and select “Explorer to process folder.”
But the most convenient option in Starter is the ability to start searching for information about the process directly from the program window. To do this, right-click on the process and select “Search Internet.”
After you receive complete information about the file that launched the process, its developer, purpose and opinion about the process on the Internet, you will be able to accurately determine whether it is a virus or a peaceful program-worker. The same principle applies here as in the Task Manager. Suspicious are those processes and process modules for which the developer is not specified, in the description of which there is nothing or something vague is written, the process or the modules involved by it are launched from a suspicious folder. For example, Temp, Temporary Internet Files, or from a folder in Program Files, but you definitely remember that you did not install the program listed there. And finally, if the Internet clearly states that this process belongs to a virus, rejoice - the malware did not manage to hide from you!
One of the most common misconceptions among novice dummies concerns the svchost.exe process. It is written exactly this way and in no other way: svshost.exe, scvhost.exe, cvshost.exe and other variations on this theme - viruses masquerading as good process, which, by the way, belongs to Windows services. More precisely, one svchost.exe process can run several system services at once. Since the operating system has many services and it needs them all, there are also many svchost.exe processes.
In Windows XP, there should be no more than six svchost.exe processes. Five svchost.exe processes are normal, but seven are a 100% guarantee that malware has taken up residence on your computer. IN Windows Vista There are more than six svchost.exe processes. For example, I have fourteen of them. But there are much more system services in Windows Vista than in previous version this OS.
Another one will help you find out which services are started by the svchost.exe process. useful utility- Process Explorer. Download latest version Process Explorer you can from the official Microsoft website: technet.microsoft.com
Process Explorer will give you a description of the process, the program that launched it, the name of the developer and a lot of useful information. technical information, understandable only to programmers.
Hover your mouse over the name of the process you are interested in and you will see the path to the file that launched this process.
And for svchost.exe, Process Explorer will show a complete list of services related to the selected process. One svchost.exe process can run several services or just one.
To see the properties of the file that launched the process, right-click on the process you are interested in and select “Properties”.
To search for information about the process on the Internet using search engine Google, just right-click on the process name and select "Google".
As before, suspicion should be raised by processes without a description, without the name of the developer, launched from temporary folders (Temp, Temporary Internet Files) or from the folder of a program that you did not install, and also identified on the Internet as viruses.
And remember, for the Process Explorer and Starter programs to work properly in Windows Vista, they need to be run with administrative rights: right-click on the program executable file and select “Run as administrator”.
However, I would like to disappoint you, only very stupid viruses reveal themselves in the list of processes. Modern virus writers have long learned to hide their creations not only from the eyes of users, but also from antivirus programs. Therefore, to save you in case of infection, high-quality written malware can only good antivirus with fresh databases (and even that is not a fact!), availability backup copy with all your information and a disk with the Windows distribution for reinstalling the system. Nevertheless, it is still worth periodically looking into the list of processes - you never know what scvhost or mouse.exe is lurking there.
Hello, today I will show you how to hide any processAnd so let's get started:
1.Download the Tyts program
From the author:A program to "hide" a specific process in the Windows Task Manager. Supports any version of Windows starting from XP and newer, 32- and 64-bit editions, any localization. Built-in installer. Tested on Windows XP SP 3 RU x86 and Windows 7 x64 EN 1) For 64-bit Windows versions use the file "ProcessHide-x64.exe". 2) By default, the program hides the Radmin server process "r_server.exe" in the Russian version of Windows (window title "Windows Task Manager"). 3) Run the appropriate version of EXE and the program will pick up the settings from “config.ini”, if it exists. 4) If you need to hide any other process, and/or in a foreign language version of Windows, then put the “config.ini” file with the settings you need in it in the folder with the program. Sample configs are in the archive with the program. Description of the config parameters: Process - The name of the process that needs to be hidden. WinTitle - Title of the Task Manager window *** !IMPORTANT! *** If any of the "config.ini" parameters are not needed, then do not leave it empty, but delete it! For example, to hide Radmin Server in the English version of Windows, use the "config-sample-2.ini" config. Don't forget to rename it to "config.ini" and put it in the same folder as the program. *** !IMPORTANT! *** 5) If you run the program with the “install” parameter without quotes, the program will copy itself and “config.ini” to the “C:\WINDOWS\system32\” folder, add itself to startup, launch the freshly installed copy and close. After this, you can safely delete the installation. For example, you can give the program the name "svchost.exe" with the Russian letter "o" and run "install-sample-2.cmd" ;) If you want to treat me to beer, you can send money to WebMoney :) Z326054736241 R774079414449 http:/ /timsky.tk http://timsky.co.cc ®timsky
2. Take the file for the system we need - x86 or x64
After this, rename the ProcessHide.exe file, for example, to svcnost.exe
Create a file - svcnost.bat and write a line like this in it:Svcnost.exe install
3.Create a config.ini file and specify in it the process that we need to hide,
Let's say you need to hide the Opera process. in this case the config.ini file will look like this:Process=opera.exe WinTitle=Windows Task Manager
For the English-language system, change the line WinTitle=Windows Task Manager on WinTitle=Windows Task Manager
Everything seems to be
The files do not need to be created; you can rename those in the Samples folder.After launch, the program will copy itself to system32, add it to startup, start and close
Radmin is hidden by default
The article is provided for informational purposes only.
Use of this article entails liability in accordance with current legislation.
Most users, noticing that their trusty computer is slow, open the Task Manager and try to figure out what process is causing such a load on the system. But seeing the following picture, they are perplexed - what’s wrong?
However, upon careful inspection, the problem is quite easy to detect.
To do this, just look at the status bar of the Task Manager.
The number 77 somehow does not fit with the number in the list of processes presented above. It turns out that the Windows operating system has the ability to hide processes in the list and, of course, various programs with not very good functionality (Trojans, adware, etc.) could not help but take advantage of this. To view full list processes to be performed will have to be used by a third party software. There is quite a lot of it on the Internet, but I used the program Spyware Process Detector
. It is shareware, but the 14-day trial period is quite enough for our purposes. After launching this program, the picture is no longer so rosy.
The list of running processes expanded sharply and very suspicious entries appeared in it (Zitenop, Mail.Ru, makecab, etc.). Pay special attention to supposedly system names: the same makecab or DCHP (correct spelling D HC P). Carefully look at the path of the file to be launched - its atypical location can also give malicious process. We will try to get rid of all this.
To begin with, I would advise checking your computer for viruses using an anti-virus cleaning utility, for example Dr.Web CureIt!
. The utility does not require installation and can be launched regardless of whether you have another antivirus or not. If threats are detected, we neutralize them.
Then you need to try to remove the installed “left” applications. In the standard Control Panel applet Installing and removing programs or Programs and components(depending on the system version) malicious programs have also learned to hide, so we will again use third-party software - CCleaner . Install the program, go to the section Tools > Uninstall programs. Here the list of installed software will be more impressive. Delete everything suspicious programs by selecting it in the list and clicking the button Uninstallation.
After that, go to the Startup section and remove all suspicious items in this list by highlighting it and clicking the button Delete. But it’s better if you doubt some point or are afraid to delete something you need instead of a button Delete click Turn off. In this case, you can always turn back the item that was mistakenly disabled, and you can delete it later when you are sure that everything was done correctly.
Half the job is done. Now we need to check the list of running services. Services– these are applications that are automatically launched by the system at startup and do not depend on the user. Let's go Control Panel > Administrative Tools > Services and in the window that opens we see a list of all services installed on the computer.
Here the notorious DCHP, Bamcof, Dripkix Service, System Tester Service, Zitenop are immediately noticeable... As you can easily see, these services do not have descriptions. These are the ones you should always pay attention to first. But do not forget that quite useful services may lack descriptions, so everything described below should only be done if you are confident in your actions. Otherwise, it is better to contact a specialist.
In the next article we will talk about how to permanently remove malicious or unnecessary services that you previously disabled.
I repeat once again: watch what you do carefully! If in doubt, it’s better not to touch it and contact a specialist. If possible, first choose the disabling option, and only then, after checking the system’s functionality, use deletion.
Processes are divided into:
System(programs and utilities that are components of the operating system and any emergency termination of one of them can lead to, like, a crash in Windows).
Anonymous(they are extremely rare, they are program files that are launched as auxiliary due to user manipulation, without requesting permission to launch).
Network/Local(processes in Task Manager related to Local Network, Internet and Registry are important Windows programs and components).
Custom(programs that are launched by the user).
Is it possible to define a "left" process?
It is not always possible to determine the “left” process. If the person who created it and thoroughly disguised it, it is unlikely that even an experienced computer engineer will be able to calculate it, without receiving a hint of this fact and a detailed study of the behavior of each process.
However, a person who is sure that there is an extra program hanging on the computer, and even a poorly disguised one, will be able to figure it out in a matter of minutes.
How to hide a process in task manager?
The easiest option for hiding a process is to rename the main executable file. But it is worth considering how the program works and whether it creates additional processes that issue it.
Learn how to hide the Windows Task Manager process
Of course, the anonymity of the execution of some programs will make it possible to track those who excessively clutter up a personal computer. Such surveillance is especially important when several users have access to the PC.
Also, the desire to hide the process arises among those who install their own program and strive to prevent advanced users from being able to detect its presence in simple ways.
Any program execution is a process that requires a certain part of RAM. Processes are divided into:
- systemic;
- anonymous;
- custom;
- Internet related.
It is not recommended for those who do not have practical experience and the necessary technical knowledge to interfere with system processes, since such unreasonable implementation can provoke extremely undesirable consequences. One of these consequences may be the failure of the subsequent startup of the operating system.
You can learn to hide any user programs, and you don’t need to make a huge effort, just carefully read our recommendations. We draw your attention to the fact that even an advanced engineer who is unaware of your “creative deeds” will not simply notice the “left” process.
Algorithm of actions
If you need to hide a software application, you first need to figure out whether it is simple, whether it launches additional processes that can simply give it away, no matter how you try to hide the program.
If, indeed, your program is simple, if it appears in the Task Manager as a single line, we suggest the simplest way to hide the process. To do this, you just need to rename it.
So, we will help you figure out how to rename the process in the Task Manager so that the program continues to function perfectly in anonymous mode.
Step 1
Initially, you should go to the folder where the execution file of a specific program is located. If you know where it is located, then use the “route” that is familiar to you by opening the “Computer” window, going to system disk C, and then proceeding to its root folder.
If you don’t know where the execution file is hidden, it doesn’t matter, you just need to find this process in the list displayed in the Task Manager, right-click on it, and then select the line “Open file storage location” in the window that opens.
Step 2
After these actions, the folder you are looking for will open, and all you have to do is find the execution file in it. It will not be difficult to search, since this file has exactly the same name as in the list of processes in the Task Manager. In addition, this file has the extension “exe”.
Step 3
To rename a file, right-click on it again, and then select the “Rename” line. Now that you have managed to assign a new name to your software application, open “Task Manager”, See that this renaming is displayed there too.
Of course, the name you come up with will determine how “veiled” your program will become for other PC users. An unfamiliar process with a new name will arouse suspicion even faster and force a technical engineer to figure out what kind of program is running on the PC.
For this reason, many experienced users recommend coming up with names that do not arouse any suspicion at first glance.
In particular, open Chrome browser Creates multiple processes simultaneously, just like Windows. It is advisable to take the same process name, but since the system will not allow two processes of the same name to function simultaneously, it is recommended to use a little trick when renaming. Instead of some English letters in the name, it’s as if it’s accidental to write Russian ones. Outwardly, it is impossible to distinguish Russian letters from English ones, but the system will distinguish, and therefore will allow programs with conditionally identical names to work.
Results
So, as you have noticed, you can make some software application anonymous without much difficulty. Of course, there are still quite advanced methods that allow you to more reliably hide any process, but they are based on writing complex codes and programming skills. If you don't have such complex goals in mind, then hiding running software applications by renaming them is a perfectly acceptable option.
Operation
