Monday, October 15, 2012

Process Explorer

Not too much more can be said about Process Explorer than has already been said. However, there's one little tip I found by accident.

One day while troubleshooting a particular piece of malware I copied the Process Explorer file to a user's computer but renamed it procex.exe (instead of the standard procexp.exe). This little mistake was invaluable. The malware I was removing was coded to stop task manager, Symantec AV and Process Explorer programs from starting. Clever.I found that by renaming it the malware was not searching for it and I could open the program and subsequently kill the malware and finish the clean up operation with little effort.

From that point on I have a folder with renamed single executable files ready to wreak havoc on most all malware.