Windows 7 Can virus's inject into legitimate process's ? (One for all you tech wizards out there)

Discussion in 'Windows Security' started by Prenum, Jul 19, 2012.

  1. Prenum

    Prenum New Member

    Nov 27, 2009
    Likes Received:
    (This pertains to windows 7)

    As title really, is it possible for a threat loaded from something like a web page or something else, to inject malicious dll's into existing legitimate windows processes ? And when i say existing processes i mean the processes and type of stuff that most people always have running in the background like: csrss, explorer, lsass, lsm, services, sidebar, smss, svchost, taskhost, wininit, winlogon, wmiprvse etc etc. And then for that threat to be totally self sufficient, eg it is able to do what ever malicious actions it wants to, like keylogging or web redirection, or denial of access to the system or whatever, just solely buy using the dll''s it has injected into the legitimate processes, and not have to rely on any extra secondary none legitimate process ? (eg it can go about it's business without relying on a extra process that needs to be created via something like a startup entry in windows.) Or is it the case that all viruses, trojans etc always need a stand alone process running in the background in order to execute their actions/monitor the system ?

    #1 Prenum, Jul 19, 2012
    Last edited: Jul 19, 2012
  2. alberto

    alberto New Member

    May 31, 2012
    Likes Received:
    I'm no security expert here, but I am reasonably sure viruses can inject code into existing exe files and thus basically you'd be running the virus along with any program you're starting. I am not sure but I think I remember something like this happening to me a few years back.
    I am not claiming to be an expert, so please correct me if I'm wrong!
  3. patcooke

    patcooke Microsoft MVP
    Staff Member Premium Supporter Microsoft MVP

    May 16, 2010
    Likes Received:
    There's virtually nothing that they can't infest - that's how they work. And they don't need any permissions or external support to do their thing, they just get on with it. That's why you need antivirus software running to try and block anything from getting in to start with and also regular runs of something like malwarebytes to sweep up anything which manages to get past your first line defenses.
    #3 patcooke, Jul 20, 2012
    Last edited: Jul 20, 2012
    1 person likes this.

Share This Page