Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Listing Processes and DLL Files with HijackThis
This section provides a tutorial example on how to use the Process Manager in HijackThis to review running processes and their loaded DLL files on a Windows system.
Another nice feature of HijackThis is the Process Manager which allows you to review each running process and its required DLL files:
1. Double click "C:\local\HijackThis\HijackThis.exe". You will see HijackThis started with its main menu:
2. Click the "Open the Misc Tools section" button. You will see the configuration screen with the "Misc Tools" tab open.
3. Click the "Open process manager" button. You will a list of running processes.
4. Select the "C:\Program Files\McAfee\Common Framework\McTray.exe" entry and check the "Show DLLs" checkbox. You will a list of DLL files that are required by McTray.exe.
5. Click the Disk icon and save the running process list and DLL file list of the selected process to a file.
[pid] [full path to filename] [file version] [company name] 4860 C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE 2.2.1.0 Lenovo Group ... 4296 C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE 6.2.2.0 Lenovo Gro... 4968 C:\Windows\system32\taskhost.exe 6.1.7601.18010 Micro... 1788 C:\Windows\system32\Dwm.exe 6.1.7600.16385 Microsoft Cor... 1232 C:\Windows\Explorer.EXE 6.1.7601.17514 Microsoft Corporat... 5608 C:\Windows\System32\hkcmd.exe 8.15.10.2538 Intel Corp... 5648 C:\Windows\System32\igfxpers.exe 8.15.10.2538 Intel... 5784 C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe 1.... 3868 C:\Program Files\McAfee\Common Framework\McTray.exe 2.1.1... 4600 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE 14... 1852 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe 6.... 3576 C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.ex... ... DLLs loaded by process C:\Program Files\McAfee\Common Framework\McTray.exe: [full path to filename] [file version] [company name] C:\Windows\SYSTEM32\ntdll.dll 6.1.7601.18247 Microsoft Corpor... C:\Windows\system32\kernel32.dll 6.1.7601.18229 Microsoft C... C:\Windows\system32\KERNELBASE.dll 6.1.7601.18229 Microsoft C... C:\Program Files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.... C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1... C:\Windows\system32\msvcrt.dll 7.0.7601.17744 Microsoft Corpor... C:\Windows\system32\USER32.dll 6.1.7601.17514 Microsoft Corpor... C:\Program Files\McAfee\Common Framework\McTrayInterfaceLib.dll ...
This tool definitely will help you to detected any process hijacked by malware.
The picture below shows the Process Manager of HijackThis for listing current processes and their loaded DLL files:
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
►HijackThis - Browser Hijacker Diagnosis Tool
Downloading and Installing HijackThis
Scan Report Generated by HijackThis
HijackThis Log File Entry Types
Building "ignorelist" for HijackThis
Fixing Settings Reported by HijackThis
Generating Startup Program List by HijackThis
►Listing Processes and DLL Files with HijackThis
Listing Installed Programs with HijackThis
HijackThis Configuration Settings
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal