General discussion

  • Creator
    Topic
  • #2194286

    how do I know if these files are fake or real?

    Locked

    by persevering ·

    To name only a few:
    csrss.exe
    smss.exe
    ati2evxx.exe
    acrotray.exe
    cidaemon.exe

    I’ve read some are to be capitalized, some have fake makeovers with the same “name”. Does anyone know how I tell if what I have is authentic?

    Thanks.

All Comments

  • Author
    Replies
    • #3164121

      You can get a good idea from its properties

      by deadly ernest ·

      In reply to how do I know if these files are fake or real?

      Use the search function to locate the file, place the curso on it, click the right hand mouse button, and select the ‘Properties’ option – this will open a window. then review the properties of each tab and compare them to similar files from the same organisations. Also check the file location as that will help as well.

      As an example on my 64 bit system smss.exe is in the location C:\Windows\System32 – it properties show that it is version 5.2.3790.1830 by Microsoft

      The company name and version are the most obvious give away – most of the faked stuff don’t have the Microsoft info in the ‘Version’ tab. Most, not all, companies put thier info in the properties, but MS do it for all theirs.

    • #3164083

      cidaemon

      by bfilmfan ·

      In reply to how do I know if these files are fake or real?

      Cidaemon.exe is an indexing service which catalogues files on your computer to enable for faster file searches. Program courtesy of Microsoft.

    • #3163981

      www.processlibrary.com

      by jamesrl ·

      In reply to how do I know if these files are fake or real?

      That website, which by the way is trying to sell you a tool, has a good library of process names and their function.

      Whats handy about it, is that it tells you whether you can live without it, useful if you are trying to trim out some of the junk.

      James

      • #3112059

        Thanks!

        by synthetic ·

        In reply to www.processlibrary.com

        Great site, I looked up 49 running process on my system to see how through the site is, and each of them dinged a response.

    • #3112662

      Another web site I use

      by old guy ·

      In reply to how do I know if these files are fake or real?

      is http://www.answersthatwork.com/ . It has a good list of Task List programs with a good explanation.

    • #3112409

      The atie2evxx.exe file?

      by sleepin’dawg ·

      In reply to how do I know if these files are fake or real?

      I suspect it could be associated with an ATI graphics card. Are these files that have been flagged by an antivirus scan or are they just mysterious files you are curious about? What antivirus program do you use? Do you have a firewall? You could try Googling them.

      For a good antivirus program go to downloads.com and download AVG antivirus and run the full scan. Make sure you download the latest updates before you run the scan. This is a free program although they do offer AVG pro for about $30. Do not rely on Symatech’s Norton or McAfee for protection, they are next to or almost useless.

      AVG updates are available on almost a daily basis and download quickly.

      [b]Dawg[/b] ]:)

      • #3112028

        It is definately from the ATI drivers set

        by jamesrl ·

        In reply to The atie2evxx.exe file?

        I use an ATI card. I’ve actually tried alternative drivers that work better.

        The challenge of course is there have been trojans/viruses with legitimate names. I once had a process that the processlibrary identified as a Norton Anti-Virus file. Given that I knew that I never installed Norton, I knew it was problematic. I deleted the related registry keys and the files.

        I use AVG at home.

        James

    • #3113393

      hmmmmm….fake or real?

      by eneimi ·

      In reply to how do I know if these files are fake or real?

      ati2evxx is definitely a part of the ati graphics driver set. If however u got a nvidia card for eg, then there’s an issue!
      csrss, smss, lsass, winlogon etc, are some windows sytem files, but are known to be targets of some ravenous worms like ‘rontkbrom.gen’. when modified, they appear normal in the windows task manager; but programs like procexp, tuneup, winxp manager, or any process explorer will give them away. the original versions of these files are located in the windows ‘system 32’ folder, but the modified forms can be located in any other folder, eg the windows ‘system’ folder, the ‘application data’ folder (a normally hidden folder) or any other location. Also watchout for the amount of cpu and memory usage; in the extreme of circumstances these files wont use more than 1-1.5mb of ram and little or no cpu. they are not necessarily capitalized or in small case, that will depend on your system configuration. if u disable acrotray.exe from running in the background, ur pdf documents will load a tad bit slower.

    • #3113164

      Files…..fake or real???

      by rosebud6642@customerselects.com ·

      In reply to how do I know if these files are fake or real?

      Had the same problem and discovered a great web
      site that’ll answer your concerns. Go to “Answers
      That Work.com” (without the quotes). Allow site
      page to load, scroll down a little till you see
      4 green rectangular-shaped buttons. Click on the
      “Task Lists” button and another page will load
      with an alpha-numeric list of buttons. Use the
      first letter of each file that you have a question
      about and click the corresponding “letter” button.
      Scroll down the list till you find the matching-
      named file and read all about it.
      This is a four-five step process, but very informative. I highly recommend that you ‘bookmark’ (save) the web page to your “Favorites” folder for future reference. Has
      helped me out numerous times. Good Luck!

      Bud
      Quincy, MA.

    • #3113141

      I use this mob to check any processes

      by maxihelp ·

      In reply to how do I know if these files are fake or real?

      http://www.processlibrary.com/directory/files/wuauclt/index.php

      I hope this helps,
      Max Inglis
      Cairns,
      Australia

    • #3209897

      Thank you to all of you!!!

      by persevering ·

      In reply to how do I know if these files are fake or real?

      Thank you to all of you who replied and gave me such helpful information! I’ve been having all sorts of problems computer-wise and even couldn’t get on this website for quite a while. Thank you for your kindness in giving me ideas of what to do. I really appreciate your thoughtfulness!

    • #3279008

      here you go…

      by fahimsolkar ·

      In reply to how do I know if these files are fake or real?

      hey Suzanne..

      dont worry most of them are processes which are required by windows..they are constantly running under processes..under the task manager..you can also verify the above mention by searching them in google which will give you the exact information with regards to each of the mention processes.. here a link which could help with the same..
      http://www.liutilities.com/news/articles/article9/
      ati2evxx.exe is your graphics card i.e. ATI.. application.. acrotray.exe is part of your Adobe Acrobat..

      I was a bit sketchy.. about..ciadaemon.exe so did a bit of R&D.. & got the following link which shall give you the information regards the same…

      http://www.auditmypc.com/process/cidaemon.asp

      if you have any other queries pls lemme know.. .

      thanks … bye…

      Fahim…

Viewing 9 reply threads