Solved

How to hide a process from TaskManager/Processes?is possible?

Posted on 2016-09-16
9
352 Views
Last Modified: 2016-09-21
How to hide a process from TaskManager/Processes?is possible?
thanks
0
Comment
Question by:john lambert
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
9 Comments
 
LVL 95

Expert Comment

by:John Hurst
ID: 41801692
Not really, because you can always unhide the processes.  Then you can always run Process Explorer (Microsoft SysInternals) and see all.
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41801702
Hello.

The list of processes that you get from the system are controlled by the OS kernel. And the list of processes returns specifically the process that are listed at different states. You cannot hide something from that list, the only processes that are not shown are the ones that are not specified if your do not have permissions to list them (like when you see the processes from a normal account, and not an administrative account). Despite of it you cannot.

There are cases of viruses that they try using different names (similar to normal processes) or they run as childs of a parent process. But even these malicious processes they cannot hide at all if they are processes. Unless there is a Kernel modification of the system, that could be something very deep.
0
 
LVL 81

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 41801704
you can obfuscate it but not really have it not show
1
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 35

Expert Comment

by:Kimputer
ID: 41801734
Rootkits have successfully hidden from the Taskmanager (and Windows as a whole, so that includes Antivirus as well). If you program something similar, you'll successfully hide your process. However, I don't want to be you if you are ever caught red handed for distributing these kind of software (see Sony fiasco).
1
 

Author Comment

by:john lambert
ID: 41801740
giv em a link Kimputer
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 41801748
Sorry, rootkits are malware. There's no way I will post malware links here. Slightly concerned that you don't mind making illegal software and distributing to your friends/customers/co-workers.
1
 
LVL 95

Expert Comment

by:John Hurst
ID: 41801755
If the author is trying to create viruses and malware, that is also against the posting rules.

If the question is truly legitimate, you can run, but not hide.
0
 
LVL 14

Expert Comment

by:Schnell Solutions
ID: 41801772
Hello,

If it is a process, it is shown on the process list of the system. Sometimes malware uses familiar names that we will not look through them. On other occasions they run within an infected different process. But it it is a process it appears there unless the OS kernel has been modified or special 'systems call' is passed to it (controlled by the kernel).

Some cases of malware do not appear as processes, because they are not processes at all, or because they are not running at that moment. They may be activated with different conditions or successes in the system, but not necessarily running at that moment.
1
 

Author Closing Comment

by:john lambert
ID: 41810095
thank you very much!!!!!!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powershell database 5 44
Powershell - Setting GPO 8 50
Puppet Help -- if else exec trigger file 4 33
How to add SCCM site server roles using powershell 4 21
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question