Windows 7 Can virus's inject into legitimate process's ? (One for all you tech wizards out there)

#1
(This pertains to windows 7)

As title really, is it possible for a threat loaded from something like a web page or something else, to inject malicious dll's into existing legitimate windows processes ? And when i say existing processes i mean the processes and type of stuff that most people always have running in the background like: csrss, explorer, lsass, lsm, services, sidebar, smss, svchost, taskhost, wininit, winlogon, wmiprvse etc etc. And then for that threat to be totally self sufficient, eg it is able to do what ever malicious actions it wants to, like keylogging or web redirection, or denial of access to the system or whatever, just solely buy using the dll''s it has injected into the legitimate processes, and not have to rely on any extra secondary none legitimate process ? (eg it can go about it's business without relying on a extra process that needs to be created via something like a startup entry in windows.) Or is it the case that all viruses, trojans etc always need a stand alone process running in the background in order to execute their actions/monitor the system ?

Cheers.
 


Last edited:
#2
I'm no security expert here, but I am reasonably sure viruses can inject code into existing exe files and thus basically you'd be running the virus along with any program you're starting. I am not sure but I think I remember something like this happening to me a few years back.
I am not claiming to be an expert, so please correct me if I'm wrong!
 


patcooke

Microsoft MVP
Staff member
Premium Supporter
Microsoft MVP
#3
There's virtually nothing that they can't infest - that's how they work. And they don't need any permissions or external support to do their thing, they just get on with it. That's why you need antivirus software running to try and block anything from getting in to start with and also regular runs of something like malwarebytes to sweep up anything which manages to get past your first line defenses.
 


Last edited:
This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top