Join or sign in Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below. Use Your Email Use FacebookUse Linkedin

how do I know if these files are fake or real?

Locked

To name only a few:
csrss.exe
smss.exe
ati2evxx.exe
acrotray.exe
cidaemon.exe

I’ve read some are to be capitalized, some have fake makeovers with the same “name”. Does anyone know how I tell if what I have is authentic?

Thanks.

Topic

You can get a good idea from its properties

In reply to how do I know if these files are fake or real?

Use the search function to locate the file, place the curso on it, click the right hand mouse button, and select the ‘Properties’ option – this will open a window. then review the properties of each tab and compare them to similar files from the same organisations. Also check the file location as that will help as well.

As an example on my 64 bit system smss.exe is in the location C:\Windows\System32 – it properties show that it is version 5.2.3790.1830 by Microsoft

The company name and version are the most obvious give away – most of the faked stuff don’t have the Microsoft info in the ‘Version’ tab. Most, not all, companies put thier info in the properties, but MS do it for all theirs.

cidaemon

In reply to how do I know if these files are fake or real?

Cidaemon.exe is an indexing service which catalogues files on your computer to enable for faster file searches. Program courtesy of Microsoft.

www.processlibrary.com

In reply to how do I know if these files are fake or real?

That website, which by the way is trying to sell you a tool, has a good library of process names and their function.

Whats handy about it, is that it tells you whether you can live without it, useful if you are trying to trim out some of the junk.

James

Thanks!

In reply to www.processlibrary.com

Great site, I looked up 49 running process on my system to see how through the site is, and each of them dinged a response.

Another web site I use

In reply to how do I know if these files are fake or real?

is http://www.answersthatwork.com/ . It has a good list of Task List programs with a good explanation.

Double thanks!

In reply to Another web site I use

Another great site!

The atie2evxx.exe file?

In reply to how do I know if these files are fake or real?

I suspect it could be associated with an ATI graphics card. Are these files that have been flagged by an antivirus scan or are they just mysterious files you are curious about? What antivirus program do you use? Do you have a firewall? You could try Googling them.

For a good antivirus program go to downloads.com and download AVG antivirus and run the full scan. Make sure you download the latest updates before you run the scan. This is a free program although they do offer AVG pro for about $30. Do not rely on Symatech’s Norton or McAfee for protection, they are next to or almost useless.

AVG updates are available on almost a daily basis and download quickly.

[b]Dawg[/b] ]:)

It is definately from the ATI drivers set

In reply to The atie2evxx.exe file?

I use an ATI card. I’ve actually tried alternative drivers that work better.

The challenge of course is there have been trojans/viruses with legitimate names. I once had a process that the processlibrary identified as a Norton Anti-Virus file. Given that I knew that I never installed Norton, I knew it was problematic. I deleted the related registry keys and the files.

I use AVG at home.

James

hmmmmm….fake or real?

In reply to how do I know if these files are fake or real?

ati2evxx is definitely a part of the ati graphics driver set. If however u got a nvidia card for eg, then there’s an issue!
csrss, smss, lsass, winlogon etc, are some windows sytem files, but are known to be targets of some ravenous worms like ‘rontkbrom.gen’. when modified, they appear normal in the windows task manager; but programs like procexp, tuneup, winxp manager, or any process explorer will give them away. the original versions of these files are located in the windows ‘system 32’ folder, but the modified forms can be located in any other folder, eg the windows ‘system’ folder, the ‘application data’ folder (a normally hidden folder) or any other location. Also watchout for the amount of cpu and memory usage; in the extreme of circumstances these files wont use more than 1-1.5mb of ram and little or no cpu. they are not necessarily capitalized or in small case, that will depend on your system configuration. if u disable acrotray.exe from running in the background, ur pdf documents will load a tad bit slower.

Files…..fake or real???

In reply to how do I know if these files are fake or real?

Had the same problem and discovered a great web
site that’ll answer your concerns. Go to “Answers
That Work.com” (without the quotes). Allow site
page to load, scroll down a little till you see
4 green rectangular-shaped buttons. Click on the
“Task Lists” button and another page will load
with an alpha-numeric list of buttons. Use the
first letter of each file that you have a question
about and click the corresponding “letter” button.
Scroll down the list till you find the matching-
named file and read all about it.
This is a four-five step process, but very informative. I highly recommend that you ‘bookmark’ (save) the web page to your “Favorites” folder for future reference. Has
helped me out numerous times. Good Luck!

Bud
Quincy, MA.

I use this mob to check any processes

In reply to how do I know if these files are fake or real?

http://www.processlibrary.com/directory/files/wuauclt/index.php

I hope this helps,
Max Inglis
Cairns,
Australia

Thank you to all of you!!!

In reply to how do I know if these files are fake or real?

Thank you to all of you who replied and gave me such helpful information! I’ve been having all sorts of problems computer-wise and even couldn’t get on this website for quite a while. Thank you for your kindness in giving me ideas of what to do. I really appreciate your thoughtfulness!

here you go…

In reply to how do I know if these files are fake or real?

hey Suzanne..

dont worry most of them are processes which are required by windows..they are constantly running under processes..under the task manager..you can also verify the above mention by searching them in google which will give you the exact information with regards to each of the mention processes.. here a link which could help with the same..
http://www.liutilities.com/news/articles/article9/
ati2evxx.exe is your graphics card i.e. ATI.. application.. acrotray.exe is part of your Adobe Acrobat..

I was a bit sketchy.. about..ciadaemon.exe so did a bit of R&D.. & got the following link which shall give you the information regards the same…

http://www.auditmypc.com/process/cidaemon.asp

if you have any other queries pls lemme know.. .

thanks … bye…

Fahim…

[Author]

Replies