Sunday, November 2, 2008

Different Microsoft Processes And What Are They?

Most of us would have tried a three finger trick on XP and further OS by microsoft..The combination of alt+ctrl+del gives us the taskmanager..Here under processes you can get a number of process that are running.Have you ever wondered what exactly these processes do??Read more to know....

Svchost:In software Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs) within the Microsoft Windows operating system.At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging, but it also causes some difficulty for end users wishing to see the memory usage or vendor legitimacy of individual services and processes.

Winlogon.exe:In computing, Winlogon is the component of Microsoft Windows operating systems that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running (requiring another authentication step). The actual obtainment and verification of user credentials is left to other components. Winlogon is a common target for several threats that could modify its function and memory usage. Increased memory usage for this process might indicate that it has been "hijacked".

Lsass.exe:Local Security Authority Subsystem Service (LSASS), is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens. It also writes to the Windows Security Log.Should the lsass.exe program end, for example, by the Sasser worm's effects, then a countdown timer will appear on the screen, advising the user to save their work and close all programs before Windows shuts down. This timer, however, can be thwarted by changing the computer's date and time settings or by executing the shutdown -a command.

Ctfmon.exe:ctfmon (ctfmon.exe) is a process used by Microsoft Office to activate the Alternative User Input Text Input Processor (TIP) and also the Microsoft Language Bar. Ctfmon is also a component of Windows XP Tablet PC Edition and Windows Vista which enables advanced user input services in applications (pen and ink, speech etc)

Hkcmd.exe:hkcmd.exe is installed alongside Intel multimedia devices and allows configuration and diagnostic options for these devices. This program is a non-essential process, but should not be terminated unless suspected to be causing problems.

Explorer.exe:explorer.exe is the Windows Program Manager or Windows Explorer. It manages the Windows Graphical Shell including the Start menu, taskbar, desktop, and File Manager. By removing this process the graphical interface for Windows will disappear. This program is important for the stable and secure running of your computer and should not be terminated.

Note: explorer.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

These are some of the important system processes

Stumble Upon Toolbar

No comments: