awwsomeim
New Member
- Joined
- Apr 23, 2021
- Messages
- 3
- Thread Author
-
- #1
For couple of weeks now, I am getting an unknown icon that appears in the taskbar (running apps). When I open the taskbar icon, I can see multiple instances but after opening they close quickly. I am not sure what it is.
Any sort of help would be great.
Any sort of help would be great.
Solution
- Joined
- Jul 4, 2015
- Messages
- 8,998
I would either run export a list of running processes from powershell.
Get-Process | Select Name,Path | Export-Csv "$($env:userprofile)\Desktop\process.csv" -NoTypeInformation
and upload it to look at or
Download Procexp and run it and select Process > Check VirusTotal and if there's anything malicious it should ID it for you alternately in procexp look at process icons for those strange icons and that will likely help you ID them too.
Get-Process | Select Name,Path | Export-Csv "$($env:userprofile)\Desktop\process.csv" -NoTypeInformation
and upload it to look at or
Download Procexp and run it and select Process > Check VirusTotal and if there's anything malicious it should ID it for you alternately in procexp look at process icons for those strange icons and that will likely help you ID them too.
awwsomeim
New Member
- Joined
- Apr 23, 2021
- Messages
- 3
- Thread Author
-
- #3
I download Procexp and ran it to see all the processes. However, it didn't show me the processes icon that I have attached earlier in the thread. To my surprise when I opened the taskbar (running apps), there were around 20 instances running and they all closed within a second but I was able to capture a few.
I'll try to record a video next time. This has started to freak me out now.
Link Removed
awwsomeim
New Member
- Joined
- Apr 23, 2021
- Messages
- 3
- Thread Author
-
- #5
I ran the following script to document all the processes that are running in the system each minute.
I got surprising results from my analysis. The multiple instances don't appear in the processes list at all. However, two processes "smartscreen.exe" and "SystemIdleCheck.exe" started immediately after the closing of instances of this unknown process. Both "smartscreen.exe" and "SystemIdleCheck.exe" were purportedly closed by malware earlier. My analysis is, that somehow this process is able to hide it from the process managers.
Please suggest what should I do. This is driving me crazy.
:start
set /a var+=1
if %var% EQU 100000 goto end
echo %var%
tasklist > c:\process_dump\process_list_%var%.txt
timeout 60 > NUL
goto start
:end
echo var has reached %var%.
pause
exit
I got surprising results from my analysis. The multiple instances don't appear in the processes list at all. However, two processes "smartscreen.exe" and "SystemIdleCheck.exe" started immediately after the closing of instances of this unknown process. Both "smartscreen.exe" and "SystemIdleCheck.exe" were purportedly closed by malware earlier. My analysis is, that somehow this process is able to hide it from the process managers.
Please suggest what should I do. This is driving me crazy.
:start
set /a var+=1
if %var% EQU 100000 goto end
echo %var%
tasklist > c:\process_dump\process_list_%var%.txt
timeout 60 > NUL
goto start
:end
echo var has reached %var%.
pause
exit