Results 1 to 7 of 7
  1. #1
    4 Star Lounger pccoyle's Avatar
    Join Date
    Apr 2001
    Location
    Auckland, Auckland, New Zealand
    Posts
    535
    Thanks
    3
    Thanked 2 Times in 2 Posts

    Hidden Processes

    I presume that hidden processes have an entry in the registry, that identify the process/programme. If that is so, what is the registry key where this information is stored please. I overhead a staff member talking about key loggers and want to quietly check our PC's
    <img src=/S/evilgrin.gif border=0 alt=evilgrin width=15 height=15> <img src=/S/flags/NewZealand.gif border=0 alt=NewZealand width=30 height=18>
    Paul Coyle
    Approach love and cooking with reckless abandon

  2. #2
    Silver Lounger Bruce K's Avatar
    Join Date
    Apr 2002
    Location
    Phoenix, Arizona, USA
    Posts
    1,876
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hidden Processes

    I am not sure where those keys reside, but apparently there are some hidden settings:
    Attached Images Attached Images

  3. #3
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Hidden Processes

    Check the Task Manager first (CTRL+SHIFT+ESC) to see if something interesting is running. If you're an administrative level user, you should be able to see all processes. Also, processes may or may not have an entry in the registry. You could use a tool like RegMon to see if something is awry. If they install as 99% of the world's programs do, they will add an entry into one of the following:

    <UL><LI>HKEY_LOCAL_MACHINESoftware
    <LI>HKEY_CURRENT_USERSoftware
    <LI>HKEY_USERS.DefaultSoftware[/list]If it runs at logon, check:
    <UL><LI>HKEY_LOCAL_MACHINESoftwareMicrosoftWindows CurrentVersionRun
    <LI>HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurr entVersionRunOnce
    <LI>HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurr entVersionRunServices
    <LI>HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurr entVersionRunServicesOnce
    <LI>HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurre ntVersionRun
    <LI>HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurre ntVersionRunOnce
    <LI>HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurre ntVersionRunServices
    <LI>HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurre ntVersionRunServicesOnce[/list]
    -Mark

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Hidden Processes

    Check out this recent feature in PC Magazine, "Watching You, Watching Me" for tips and tricks on activity monitoring products.

  5. #5
    4 Star Lounger pccoyle's Avatar
    Join Date
    Apr 2001
    Location
    Auckland, Auckland, New Zealand
    Posts
    535
    Thanks
    3
    Thanked 2 Times in 2 Posts

    Re: Hidden Processes

    Hi Mark,
    Thanks for the detailed info, exactly what I wanted.
    <img src=/S/clapping.gif border=0 alt=clapping width=19 height=23> <img src=/S/flags/NewZealand.gif border=0 alt=NewZealand width=30 height=18>
    Paul Coyle
    Approach love and cooking with reckless abandon

  6. #6
    4 Star Lounger pccoyle's Avatar
    Join Date
    Apr 2001
    Location
    Auckland, Auckland, New Zealand
    Posts
    535
    Thanks
    3
    Thanked 2 Times in 2 Posts

    Re: Hidden Processes

    <img src=/S/cool.gif border=0 alt=cool width=15 height=15> Wow that link was a great help, a real eye opener. The article reminded me of Msinfo32 which helped me solve another problem <img src=/S/clapping.gif border=0 alt=clapping width=19 height=23> <img src=/S/flags/NewZealand.gif border=0 alt=NewZealand width=30 height=18>
    Paul Coyle
    Approach love and cooking with reckless abandon

  7. #7
    4 Star Lounger pccoyle's Avatar
    Join Date
    Apr 2001
    Location
    Auckland, Auckland, New Zealand
    Posts
    535
    Thanks
    3
    Thanked 2 Times in 2 Posts

    Re: Hidden Processes

    Mark,
    Spot on, the local machine hive had an entry called ATSpooler, which had the commands to run the programme. I found the name ATSpooler using Msinfo32. Did a search for any information about ATSpooler, but came up with a blank. Will try again when I have more time after month end reports. <img src=/S/clever.gif border=0 alt=clever width=15 height=15> <img src=/S/flags/NewZealand.gif border=0 alt=NewZealand width=30 height=18>
    Paul Coyle
    Approach love and cooking with reckless abandon

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •