News:

NOTICE: This forum is mostly an archive, though new posts are allowed. Registration may require manual admin activation. After registering visit https://bitsum.com/contact/ to request account activation.

Main Menu

Terminate process logged?

Started by MarjoryM, December 07, 2011, 02:35:03 PM

Previous topic - Next topic

MarjoryM

I was looking all the documentation trying to find out if the Terminate a process is logged. 
Ya see.. I was looking at the process window and noticed a Russian Microsoft function in the process list.  :o I was so freaked out, I terminated it immediately and then realized I didn't see where it was located.   :-[
I found a log but it didn't contain the terminated process.
Yeah - I'm running anti-malware checks and scans but I'd like to be sure I caught the  critter.

Thanks, MarjoryM

Miroku4444

Did you check the prefetch files? Maybe you'll notice a file name in there that sounds like the one that was running. Then do a search for the file in windows search. You may then be able to locate the file?

MarjoryM

I believe it did.  I found an odd file that ended in gtye.exe with .PF. It said it was the Russian version of Microsoft Direct Play 8.  I could find references to the gtye file as malware but neither MSE or Spybot detected it.  I downloaded he trial version of Webroot and that found it. There were quite a few hooks in my registry too.
Thanks you so much for the suggestion. Without it I don't believe I would have found the problem.   

Jeremy Collake

As for logging terminated processes... I could do this I suppose, but I'm not sure how many people want or need it?
Software Engineer. Bitsum LLC.

zed260

it be usefull to have a log of terminated processes

Jeremy Collake

Software Engineer. Bitsum LLC.

Hotrod

Just add a "Log User Terminated Processes" as it already shows the ones PL terminates according to your personal rules.