If you open the Task Manager and go to the Processes tab, you will see a list of all the running processes on your computer. Generally, it is easy to identify what process is what. However, there will be times when you notice a strange process and don’t know if it is a good process or a virus. In those cases, you have to manually check whether a process is a virus.
For example, the infamous NotPetya ransomware virus disguised itself as a routine update and infected systems worldwide, causing severe damage.
As such, it is important that you know how to check if a running process is a virus or not when you have doubts. That way, you can keep your system secure and have peace of mind.
In this guide, I will show some simple yet effective ways to identify and check if a process or exe file is malicious.
Table of contents:
How to check if a process is a virus or not
There are three ways to find out if a process is malicious. The first method is using Process Explorer, an official Microsoft tool. It lets you quickly scan any running process with an online virus scanner. The second method shows you how to check for a digital signature, and the third shows how to manually upload the process’s exe file to an online virus scanner and check for viruses.
I recommend you follow at least two methods. i.e., the first two or last two methods, to make sure the process or exe file is clean.
1. Use Process Explorer To Check if the Process Is Malicious
Process Explorer is an official and free Windows task manager alternative from Microsoft and a part of the SysInternals suite.
You can think of Process Explorer as a jacked-up version of the built-in Task Manager. It gives you a lot more information and control over any running process in the system. For example, you can set affinity and priority, check the process tree, create dumps, filter processes, and more. One of the most useful options of Process Explorer is the ability to scan a process to find out if it is legitimate.
I’ve already written a detailed guide on using Process Explorer to check if a process is legitimate. So, follow the steps in that article.
2. Check the Digital Certificate of the Process
Another way to find if a process or exe file is a virus or not is by checking its digital certificate. Almost all Windows processes have a Microsoft Digital Certificate issued to them. By checking if the process has an official digital certificate, you can be sure that it is legitimate.
Here’s how to check the digital certificate of a process:
- Right-click on the taskbar.
- Select the Task Manager option.
- Go to the Processes tab.
- Right-click on the process you want to check.
- Select the Open File Location option.
- Right-click on the file in File Explorer.
- Select the Properties option.
- Go to the Digital Signatures tab.
- Select the certificate and click the Details button.
- Click the View Certificate button.
- You will see the Microsoft-issued certificate details.
- Click the “Ok” button and close all Windows.
If you don’t see certificate details for the official Windows process, there is a high chance that it is not a legitimate process and might be a virus. In that case, I recommend you scan the entire system with antivirus software like BitDefender, AVG, etc.
3. Use an Online Virus Scanner To Check the Process
If you don’t want to use Process Explorer to scan a process, you can manually upload the process’s exe file to VirusTotal and have it checked for virus infection. In fact, this is the same service that Process Explorer uses.
Let me show you how to open a process file location and have it checked for virus infections on Windows:
- Right-click on the taskbar.
- Select the Task Manager option.
- Go to the Processes tab.
- Right-click on the process you want to check.
- Select the Open File Location option.
- Open the web browser of your choice.
- Go to VirusTotal.com website.
- Drag and drop the exe file from File Explorer into the VirusTotal webpage.
- VirusTotal will scan the file and lists the results.
- Genuine processes will not be detected as a virus.
One thing to keep in mind while using VirusTotal is that some antivirus software may show false positives. i.e., flag a file as a virus, malware, or trojan even though it is not. This is especially true for exe files or processes that try to alter the system functionality in unexpected ways.
In those cases, I recommend you do more research on the process, check its digital certificate, scan with an offline antivirus scan, and more before deciding to act on the target exe file or process.
Frequently asked questions (FAQs)
Here are a few frequently asked questions about checking a process for virus infections:
There are several ways to tell if a process is legitimate or not. You can use Process Explorer, check the digital certificate, or run the process file through VirusTotal. I’ve shown you how to do all those three things above; follow them.
If you identify a malicious process on your computer, you should immediately stop the process and remove it from your system. You can do this by using antivirus software like BitDefender, AVG, Avast, etc.
To prevent malware infections on your Windows computer, you should keep your operating system and software up to date with the latest security patches, avoid downloading and installing software from untrusted sources, use antivirus software and a firewall, and practice safe browsing habits.
Yes, malware can disguise itself as a legitimate process to avoid detection. This is why it is important to check the process name and location, analyze process activity, and use other methods like checking the digital signature of the process or scanning the process file with antivirus software.
You can check the digital signature of a process by right-clicking on the process in Task Manager, selecting “Properties”, and then navigating” to the “Digital Signatures” tab. Here, you can see whether the digital signature is valid and the signer is a trusted entity.
No, a process cannot be both legitimate and malicious at the same time. However, a process can be compromised by malware. In such cases, removing the malware from the compromised process and restoring the original process functionality is important.
Check if the Process Is a Virus or Not — Conclusion
As you can see, checking whether a process is a virus is really easy. As I said earlier, you should follow at least two methods.
If possible, follow all three ways shown in the article. i.e., using Process Explorer to analyze process activity and scanning, checking the digital certificate of the process to verify its authenticity, and using VirusTotal to scan the process or EXE file for virus or malware infection.
You can identify and remove any malicious processes from your system using these three methods. You should also do a deep antivirus scan when in doubt.
—
That is all. It is simple to check whether a process or EXE file is a virus.
I hope this simple and easy Windows how-to guide helped you.
If you are stuck or need help, send an email, and I will try to help as much as possible.
