Terminate process logged?

MarjoryM · December 07, 2011, 02:35:03 PM

I was looking all the documentation trying to find out if the Terminate a process is logged.
Ya see.. I was looking at the process window and noticed a Russian Microsoft function in the process list.

I was so freaked out, I terminated it immediately and then realized I didn't see where it was located.

I found a log but it didn't contain the terminated process.
Yeah - I'm running anti-malware checks and scans but I'd like to be sure I caught the critter.

Thanks, MarjoryM

Miroku4444 · December 07, 2011, 06:47:15 PM

Did you check the prefetch files? Maybe you'll notice a file name in there that sounds like the one that was running. Then do a search for the file in windows search. You may then be able to locate the file?

MarjoryM · December 07, 2011, 08:29:42 PM

I believe it did. I found an odd file that ended in gtye.exe with .PF. It said it was the Russian version of Microsoft Direct Play 8. I could find references to the gtye file as malware but neither MSE or Spybot detected it. I downloaded he trial version of Webroot and that found it. There were quite a few hooks in my registry too.
Thanks you so much for the suggestion. Without it I don't believe I would have found the problem.

Jeremy Collake · December 08, 2011, 12:28:20 AM

As for logging terminated processes... I could do this I suppose, but I'm not sure how many people want or need it?

zed260 · December 08, 2011, 03:05:24 PM

it be usefull to have a log of terminated processes

Jeremy Collake · December 08, 2011, 04:48:34 PM

Ok, I will see what I can do.

Hotrod · December 08, 2011, 09:08:17 PM

Just add a "Log User Terminated Processes" as it already shows the ones PL terminates according to your personal rules.

Terminate process logged?

MarjoryM

Miroku4444

MarjoryM

Jeremy Collake

zed260

Jeremy Collake

Hotrod