General discussion

Locked

how do I know if these files are fake or real?

By Persevering ·
To name only a few:
csrss.exe
smss.exe
ati2evxx.exe
acrotray.exe
cidaemon.exe

I've read some are to be capitalized, some have fake makeovers with the same "name". Does anyone know how I tell if what I have is authentic?

Thanks.

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

You can get a good idea from its properties

by Deadly Ernest In reply to how do I know if these fi ...

Use the search function to locate the file, place the curso on it, click the right hand mouse button, and select the 'Properties' option - this will open a window. then review the properties of each tab and compare them to similar files from the same organisations. Also check the file location as that will help as well.

As an example on my 64 bit system smss.exe is in the location C:\Windows\System32 - it properties show that it is version 5.2.3790.1830 by Microsoft

The company name and version are the most obvious give away - most of the faked stuff don't have the Microsoft info in the 'Version' tab. Most, not all, companies put thier info in the properties, but MS do it for all theirs.

Collapse -

Google them

by mjwx In reply to how do I know if these fi ...

just google the name.

Heres what I know
csrss.exe and smss.exe - windows processes (nesassary I think either way you shoulnt terminate them).

acrotray.exe - acrobat reader, speeds up opening PDF's in acrobat, OK to terminate

ati2evxx - You have an ATI video card, google it for more details

cidaemon - not sure, could be daemon tools. Google it anyway.

Remember people, google is your friend.

Collapse -

cidaemon

by BFilmFan In reply to Google them

Cidaemon.exe is an indexing service which catalogues files on your computer to enable for faster file searches. Program courtesy of Microsoft.

Collapse -
by JamesRL In reply to how do I know if these fi ...

That website, which by the way is trying to sell you a tool, has a good library of process names and their function.

Whats handy about it, is that it tells you whether you can live without it, useful if you are trying to trim out some of the junk.

James

Collapse -

Thanks!

by Synthetic In reply to www.processlibrary.com

Great site, I looked up 49 running process on my system to see how through the site is, and each of them dinged a response.

Collapse -

Another web site I use

by Old Guy In reply to how do I know if these fi ...

is http://www.answersthatwork.com/ . It has a good list of Task List programs with a good explanation.

Collapse -

Double thanks!

by Synthetic In reply to Another web site I use

Another great site!

Collapse -

The atie2evxx.exe file?

by sleepin'dawg In reply to how do I know if these fi ...

I suspect it could be associated with an ATI graphics card. Are these files that have been flagged by an antivirus scan or are they just mysterious files you are curious about? What antivirus program do you use? Do you have a firewall? You could try Googling them.

For a good antivirus program go to downloads.com and download AVG antivirus and run the full scan. Make sure you download the latest updates before you run the scan. This is a free program although they do offer AVG pro for about $30. Do not rely on Symatech's Norton or McAfee for protection, they are next to or almost useless.

AVG updates are available on almost a daily basis and download quickly.

Dawg ]:)

Collapse -

It is definately from the ATI drivers set

by JamesRL In reply to The atie2evxx.exe file?

I use an ATI card. I've actually tried alternative drivers that work better.

The challenge of course is there have been trojans/viruses with legitimate names. I once had a process that the processlibrary identified as a Norton Anti-Virus file. Given that I knew that I never installed Norton, I knew it was problematic. I deleted the related registry keys and the files.

I use AVG at home.

James

Collapse -

hmmmmm....fake or real?

by eneimi In reply to how do I know if these fi ...

ati2evxx is definitely a part of the ati graphics driver set. If however u got a nvidia card for eg, then there's an issue!
csrss, smss, lsass, winlogon etc, are some windows sytem files, but are known to be targets of some ravenous worms like 'rontkbrom.gen'. when modified, they appear normal in the windows task manager; but programs like procexp, tuneup, winxp manager, or any process explorer will give them away. the original versions of these files are located in the windows 'system 32' folder, but the modified forms can be located in any other folder, eg the windows 'system' folder, the 'application data' folder (a normally hidden folder) or any other location. Also watchout for the amount of cpu and memory usage; in the extreme of circumstances these files wont use more than 1-1.5mb of ram and little or no cpu. they are not necessarily capitalized or in small case, that will depend on your system configuration. if u disable acrotray.exe from running in the background, ur pdf documents will load a tad bit slower.

Back to Malware Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums