When I’m checking out a system for malware, one of my first stops is to install Neuber’s Security Task Manager. I came across this little gem several years ago, when a client asked me to investigate the “Case of the Missing Space”. Basically, their drives were constantly losing free space, and none of the regular tools like TreeSize were able to determine where the massive amounts of used bytes were, and the regular task manager wasn’t showing any weird activity, but the server was acting very strange.
I finally came across Security Task Manager and gave it a go on the server. It instantly picked up a stealth process that was running Java. The process had created folders that were invisible and serving up German pirated movies via FTP. Using that information, cleanup was a snap!
What Does It Do?
The app basically does a thorough analysis of running programs and rates their risk based on behaviors (e.g. invisible windows, ability to record keystrokes, etc…) and also takes publisher information into account (e.g. core Windows processes that “act” suspicious aren’t thrown to the top of the list) and also community-based ratings. It’s still up to you to determine whether or not a process is malicious or not. There are many valid processes (e.g. MySQL server, some browser plugins, etc) that will get rated as risky, but are safe.
However, it’s a great way to quickly get a snapshot of the riskiest running processes in the system, including processes that might be hidden from the normal Windows task manager.