Does anyone have any favorite websites to use when searching for information about services and/or executables?
This seems like something I should be able to find without any issue but never have found one that gives me the info I am looking for.
Thanks
Adam
Does anyone have any favorite websites to use when searching for information about services and/or executables?
This seems like something I should be able to find without any issue but never have found one that gives me the info I am looking for.
What info are you looking for?
http//
Process Explorer will let you see what is running. You can then right-click on any process and choose "Search Online…" or CTRL+M
Also, http//
Adam,
Does anyone have any favorite websites to use when searching for information about services and/or executables?
This isn't something I would recommend relying on primarily. One of the age-old techniques used by malware authors…because it works so well…is to use names for their malware that are similar to (or in some cases, exactly) the names of legit services. One can run svchost.exe, the legit Windows service, and also run svchost.exe from another directory.
To start, I'd collect as much information as I can about the service from the system itself. Remember, one way that intruders can very effectively "hide" services is by loading them as DLLs beneath SvcHost…
Thanks for all the good info. I should have clarified a little more in my original post.
There is no specific investigation or suspected infection on the systems I am looking at. It's more for understanding what's running already, what new services are running and why, or vice versa.
It's more for understanding what's running already, what new services are running and why, or vice versa.
Right. RegRipper provides several plugins to extract the information in question.