Author: deeire
Subject: Suspect processes
Posted: 16 June 2014 at 3:45pm
Hi -
Subject: Suspect processes
Posted: 16 June 2014 at 3:45pm
Hi -
In Process Explorer I have noticed that suspect processes are showing up in programs that I use regularly - eg Epic Chromium based browser, TCPView, Sandboxie etc.
In the listings in PE for the suspect processes the Icon changes from the normal one to a small box with light blue stripe along the top.
In the tooltip box that shows the Command Line and the Path
the Path listing shows the text - "The handle is invalid" instead of the path
The fields for "Description" and "Company Name" are blank.
Is this collection of indicators likely to be evidence of a malware infection affecting the programs in question ?
If the answer is yes which Sysinternals utilities would be most relevant to tracing back to the source of the malware infection ?
Scans with Malwarebytes Anti Malware in safe mode with networking have not detected any infection but I get a warning from Windows Security Center that the Zonealarm firewall is not loaded even though it's icon appears in the taskbar and alerts about new connections appear
after boot-up. The counter for blocked threats which used to increment by 3 or 4 per session
no longer increments. Also the Epic browser which normally maintains a count and a display of blocked trackers no longer does so.
Any help would be appreciated.
Regards
Deeire