Guy's Best Practice & Litmus Tests Ezine
#20 - Task Manager
Suppose that one of your machines was 'playing up', where
would you turn for assistance? Event Viewer, built-in help, TechNet? I suggest
that Task Manager would be a good place to start looking for clues Flashy Method to Launch the Task Manager
The Task Manager has been around for at least 10 years, so
your Vista, XP or even 2000 Pro machine will have the interface for you try my challenges.
If your left hand has a big reach then you may like to launch the Task Manager
using the shortcut keys: CTRL +Shift +Esc. Alternatively, try CTRL +Alt +Del
and click Task Manager. (Start Menu, Run taskmgr would be my other suggestion) Set Task Manger's Preferences
Before using any program in earnest, I like to set the
preferences; with Task Manager I like to remove the tick which says, 'Always on
top'. (Option Menu). Many, many years ago I fell for the trap of carelessly
double clicking inside Task Manger, and as a result the top menu with File,
Option, Help disappeared. I could not figure out what happened until I double
clicked near the top, and lo and behold the menu reappeared. It was a greenhorn
mistake; I mention it because there are about 3 or 4 other Microsoft programs
that display the same menu behaviour.
You have probably called up the Task Manager many times so
that you can zap programs that are not responding. If you are in charge of
other users, why not send them an email explaining or reminding them how to use
this tab? Our hidden agenda is to save you work in sorting out other people's
problems.
Calculating IP Address
ranges is a black art, which many network managers solve by creating custom
Excel spreadsheets. IPAT cracks this problem of allocating IP addresses
in networks in two ways:
For Mr Organized there is a nifty subnet
calculator, you enter the network address and the subnet mask, then IPAT
works out the usable addresses and their ranges.
For Mr Lazy IPAT
discovers and then displays the IP addresses of existing computers.
Download the Free IP Address Tracker
Task Manager Litmus Test:Professionals: Are familiar with the Task Manger in general,
and the Process Tab in particular. Experts know the significance of each Image
Name.
Amateurs: Complain that Image Names are too difficult to
understand. Beginners never look further than the Application Tab.
See the Win8 Task
Manager.
Get to know the Task Manager ProcessesMy goal is to help you play 'spot the impostor'. By that I mean
you can detect viruses, worms or Trojan horses in Task Manager. It almost goes without saying that a good virus checker should detect and quarantine such maleware. However, every time I have been
infected, my virus checker has lagged behind in issuing an update that could deal with the infection. Through
scanning the Image Names you can home in on a suspicious maleware program that has sneaked
into your system. Once you see a program that should not be there, then you not
only will you 'End Process', but also, you will research where the impostor came from. The interloper may
have been installed through Add or Remove programs; however the really naughty
programs hide their tracks, so search the registry for suspicious names in the
Image list. Another rich source of information is Google, the chances are that
if it is a virus, then a search for the Image Name will produce proof to condemn
the process.
So much for the baddies, now for the good guys in the
Process tab Image names. Here are list of the key Image names.
CSRSS - Client Server Sub System, this process IS the
Windows shell.
LSASS - This is the Local Security Authentication Sub
System, which is responsible for the Logon Box.
Winlogon - Only comes alive when you press CTRL +Alt +Del.
SMSS - Session Manager.
Services - As the name suggests this controls all those
Services like Workstation, Alerter or FTP.
System Idle Process - In my view the system cannot bear to
be idle, so rather like an engine on tick-over, Windows 2003 runs this process
when nothing else needs the CPU.
My list of Image names is meant to kick-start your
interest. I am sure that there will be other Image names that you can easily
recognise, for example, spoolsv, explorer and system.
Back to the main task of identify rogue programs. What
would think if you saw Avgserv and Agvcc32 amongst the image names? I must
admit my heart missed a beat, I thought my machine has been infected by a virus,
but no, it was actually my virus checker which had installed itself as a
process. Naturally I left that running!
How about msblast.exe? Was this a game that my nephew
installed? Well I tried a search in Google and up came W32/BlasterA virus.
Here was a case where I needed to check the registry as the blaster virus
cunningly re-infects those who are not diligent. Other viruses have more
innocuous names like Tlntsvr.exe and Wina.exe, so this is why you need to get to
know the regular image names.
Svchost.exe looks suspicious, moreover it seems to have
replicated itself already, but no, svchost is merely a shell for your services.
There are at least 20 services like DHCP, WINS, Terminal Services and Alerter.
Now it turns out that some of these services would fight each other, Windows
2003 knows this and separates services that cannot co-operate by creating
multiple svchost.exe shells. Again I make the point that if you study these
image names you are rewarded by greater knowledge of Windows or XP and a
smoother running machine.
As this week's bonus I have a program called Tlist.exe
(Task List). Remember my question when you see any new tool; ask where does
this utility come from? The answer for Tlist is that its part of the Windows
2000 resource kit, or else you can download it here. For our needs try Tlist -s
which lists the services and their processes.
Download
Tlist
It's funny how you have to keep on learning to get the most
out of a utility. The extra work needed here is to persuade the process tab in
Task Manager to display the PID (Process ID). How do you get this unique PID
number to appear? In Task Manger, select the View menu, then select columns and
check PID (Process Identifier) Now when you go back and run Tlist -s you can
match the PID in the 'Dos Box', with the PID in Task Manager.
Lots of useful Windows shutdown and hibernate articles
• Windows 8 Files •
Windows 8 Tips •
Windows 8 •
Free Network Device
Manager
• E 97 Shutdown •
E 82 Shutdown •
E 67 Hibernate •
SolarWinds Wake-on-Lan Gadget
•
E 20 Taskmanager •
E 2 Hibernation •
E 1 System Icon • Ezine
Back Numbers
|
