(This pertains to windows 7) As title really, is it possible for a threat loaded from something like a web page or something else, to inject malicious dll's into existing legitimate windows processes ? And when i say existing processes i mean the processes and type of stuff that most people always have running in the background like: csrss, explorer, lsass, lsm, services, sidebar, smss, svchost, taskhost, wininit, winlogon, wmiprvse etc etc. And then for that threat to be totally self sufficient, eg it is able to do what ever malicious actions it wants to, like keylogging or web redirection, or denial of access to the system or whatever, just solely buy using the dll''s it has injected into the legitimate processes, and not have to rely on any extra secondary none legitimate process ? (eg it can go about it's business without relying on a extra process that needs to be created via something like a startup entry in windows.) Or is it the case that all viruses, trojans etc always need a stand alone process running in the background in order to execute their actions/monitor the system ? Cheers.