List of Processes to flag potential dangers

My Os is win 10 prof 64 bit and I recently underwent a hacking and I am uncertain if the hacker had left any malware to come to live whenever the pc is booted on.  Hope if the Experts please take a look at the list of processes that are running and flag for me any potential threat that is still running.  Thank u. regards
3-List-of-Processes-running.JPG
4-List-of-Processes-runniing.JPG
1-List-of-processes-running.JPG
2---List-of-Prtocesses-running.JPG
jegajothyretiredAsked:
Who is Participating?
 
HackooConnect With a Mentor Commented:
You can run this batch file to check and Find all instances and paths of svchost.exe
@echo off
Title Finding all instances and paths of "%ProcessName%" by Hackoo 2017
Set "ProcessName=SVCHOST"
Set "Tmp_Services=%Tmp%\%~n0.txt"
If Exist "%Tmp_Services%" Del "%Tmp_Services%"
Set "ProcessLog=%Tmp%\%ProcessName%.log"
If Exist "%ProcessLog%" Del "%ProcessLog%"
Set "Legits_Services_SVCHOST=%~dp0Legits_Services_%ProcessName%.txt"
Set "Legit_Location=%windir%\system32\svchost.exe"
Set "LogFile=%~dp0%ProcessName%_ProcessList.txt"
Set "Suspicious_LogFile=%~dp0%ComputerName%_%ProcessName%_Suspicious_Paths.txt"
If Exist "%LogFile%" Del "%LogFile%"
Set /A Counter=0
Taskkill /IM "SMSvcHost.exe" /F >nul 2>&1
Setlocal EnableDelayedExpansion
for /F "skip=1" %%a in ('WMIC Path win32_process where "name like '%%%ProcessName%%%'" get commandline') do (
    for /F "delims=" %%b in ("%%a") do (
        Color 0A
        set /A Counter+=1
        set "p=%%b"
        for /f %%f in ('echo !p! ^|Findstr /LI "%Legit_Location%"') do (
            echo [!Counter!] : !p!
        )
            ( echo "!p!" )>>"%LogFile%"
    )
)
 
Powershell.exe Get-WmiObject Win32_Process ^| select ProcessID,ProcessName,Handle,commandline,ExecutablePath ^| Out-File -Append "%ProcessLog%" -Encoding ascii
Type "%ProcessLog%" | find /i "%Legit_Location%" > "%Tmp_Services%"
 
(
    echo(
    echo Those are legitimes services of "%ProcessName%.exe"
    Tasklist /SVC /FO TABLE /FI "IMAGENAME eq %ProcessName%.exe"
)>con
 
(
    echo(
    echo Those are legitimes services of "%ProcessName%.exe"
    Tasklist /SVC /FO TABLE /FI "IMAGENAME eq %ProcessName%.exe"
)>> "%Tmp_Services%"
CMD /U /C Type "%Tmp_Services%" > "%Legits_Services_SVCHOST%"
echo(
Echo All instances of "%ProcessName%" in this path "%Legit_Location%" are legitimes services
echo(
echo Hit any key to look for a suspicious "%ProcessName%" paths
Findstr /LVI "%Legit_Location%" "%LogFile%" > "%Suspicious_LogFile%"
pause>nul
Start "" "%Suspicious_LogFile%"
Start "" "%Legits_Services_SVCHOST%"

Open in new window

0
 
JohnBusiness Consultant (Owner)Commented:
1. svchost is normal
2. WinZip and other Windows programs are normal
3. I see most of these in my / client machines.

A bad process can take a good name, but what you posted looks normal.
1
 
Andrew LeniartSenior EditorCommented:
jegajothy,

My Os is win 10 prof 64 bit and I recently underwent a hacking and I am uncertain if the hacker had left any malware to come to live whenever the pc is booted on.

By "hacking", do you mean a hacker gained control of your computer?

If so, then you are wise to be suspicious and should consider restoring from a known good backup image, or if you don't have a backup available, backup your data and consider wiping and reinstalling Windows 10.  

The problem with cleaning up after a take over control hack has happened is that you can never be certain that a rootkit or time activated malware hasn't been left behind, which won't necessarily show up in your running processes.

I'm not a big fan of recommending re-installs, but in cases like a hacker gaining access to your system, it really is the only way to be "certain" that you are safe. With that said;

Hope if the Experts please take a look at the list of processes that are running and flag for me any potential threat that is still running.

I see nothing of concern in any of your posted screenshots and I concur with John, all the running processes look normal to me.

Hope that's helpful.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
dbruntonCommented:
SmileBoxTray could be malware.  Some Google links flag it as such.

Will do more research on this.
0
 
HackooCommented:
Scan_Registry_Run_Keys.bat is a batch file to get informations about your running keys on the registry and to check all your startup items that starts with windows, all running processes with their commands lines, all connections (established and in listening)
  • Startup items
  • Process list
  • Services List
  • Scheduled task list
  • File Hosts's contents
  • All Network connections
  • DNS Cache
So you should, copy and paste this code with your notepad and save it as Scan_Registry_Run_Keys.bat and execute it as administrator to generate a text report that you can join it on the http://pastebin.com and post its link here in your next reply !
0
 
dbruntonCommented:
SmileBoxTray could be malware.  Some Google links flag it as such.

Will do more research on this.

Have a read of  https://www.file.net/process/smileboxtray.exe.html  and  https://www.cnet.com/forums/discussions/smilebox-tray-exe-591706/  to help you decide if SmileBoxTray is malware or not.  You can submit the executable to any of the online virus scanners to check.

Now there are about 3 anti-virus scanners running on your machine; Avast, Hitman and MalwareBytes.  You normally only use one as more than one slows the whole system down.
0
 
serialbandCommented:
If you've been hacked previously, you really should reinstall your OS and restore your data from backup.  If you have to ask about running processes, then you don't really know enough to figure out which ones are bad and which ones are good.  If you are still infected, then you're just wasting time while the hacker is grabbing more data from you.

If you somewhat know what you're doing, you'd have already take the system offline and started a scan of the disk from another known good working system first.  Once it's cleaned, you would still boot up disconnected from any network and then start your diagnosis completely offline.  These are just the first steps.  Unless you're doing forensics, this is a waste of time and you should really reinstall the system.

While the processes may look normal, you can't know without checking more deeply.  Micosoft's built in Task Manager is inadequate for this.  If you don't know how to do that already, it's time to reinstall and restore your data from backup.  A reinstall is the only way to be certain that whatever was on there is no longer there.
0
 
JohnBusiness Consultant (Owner)Commented:
Yes and this question is a follow on from the author's first question on this where we did suggest reinstalling the OS.
0
 
jegajothyretiredAuthor Commented:
thank u.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.