Wednesday, September 23, 2009

Lost Task Manager? alternate solution!

It is often happens the very annoying alert message in the windows operating system, "Task manager has been disabled by the administrator!" really??. This is because of some malicious program being run in the back ground and it is normally invisible to the user. The only easy way to monitor this simply the task manager! right?. Task manager is a graphic tool used to monitor the current running process and applications and related details of these.

it is happy to know that the malicious program writers or the virus writers are really scare with this Task manager. A experienced administrator can easily find out
with the help of this task manager what are the suspected programs running in the background other than the normal programs. consequently their program process could be stopped by the administrator. In order to prevent this these ugly guys often programmed into disable the task manager.

Task manager can be re enabled in a file using "gpedit.msc" in the administrative templates that is there.But the "ugly" writers are more than of that when we re enable the task manager, within seconds or less than of second they will disappear it again.This means the malicious program still running in the background and must be stopped right?

Here is the solution...
netstat command could be used for alternative of to identify what are the program running in the background according to their name,memory usage and process ID.
here is a brief description of netstat with very useful options.


netstat -anbo

-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection
-a Displays all connections and listening ports
-b Displays the executable involved in creating each connection or
listening port.


the above command in the cmd will result a detailed status of the program with name, process id, including the dll fles etc.

simply use the process id to input to the "tskill" command.

ex.
tskill 8299

where 8299 will be the process id of suspected process.And this is one of the ways you can achieve this task right?.

regards..

2 comments:

LinkWithin

Related Posts with Thumbnails