tasklist.exe

kalossimitar · Oct 10, 2007

Ok, I want to verify my tasklist to see the applications running in it, so I can act if theres suspicious ones. BUT, when I try to click on "tasklist.exe" from "run" in start menu or from its location in system32, I only have a glimpse of it before it disappear.

What I mean is that, for like 0.5 seconds, tasklist is open, then suddenly, it closes itself. I tried clicking it many times, but the 0.5-like sec isnt enough for me to be able to really see appl running in it.

Can someone help me get access to it or explain why it does that? Can it be because my tasklist.exe is corrupted? It really doesnt give me a "error"message or anything like that, it just closes by itself after like 0.5 sec being opened. Thank you.

chaslang · Oct 10, 2007

Welcome to Major Geeks!

tasklist is meant to be run from a command prompt. Click Start, Run and enter cmd and click OK. This will open the command prompt window. Now in the command prompt window enter tasklist and hit the enter key. If you wish to save the output to a file, use tasklist > C:\tasks.txt And then you can view the C:\tasks.txt file with notepad.

kalossimitar · Oct 10, 2007

thank you very much, it worked, BTW, would you know, by any chance, if rundll32.exe is a spyware version of the real one if its ran in tasklist? I saw that on a forum, it said that if its ran in tasklist, its not the real or uncorrupted version of that application, I wanna be sure, cuz I know the repercussion of deleting rundll32 (= no more control panel, etc..)

Edit: you may not be able to answer me, so ill post that issue on the malware part of the forum, again, ty for helpin me access tasklist

Edit Edit: just saw your thread on adware removal etc., ill follow the procedure, doin that, I should see if the rundll32.exe programs I had were all legitimate.

chaslang · Oct 10, 2007

rundll32.exe is valid if running from C:\windows\system32 (or C:\winnt\system32 depending on your Windows installation). You will not be able to tell where it is running from using tasklist or Task Manager because these Microsoft tools are too limited in there capabilities. You can use a program like Process Explorer to see where they are running from but you need to configure like below.

Unzip it to its own folder somewhere you can locate it.

Now run procexp.exe by double clicking on it.

Let's configure some options first:

Click View and select Show Lower Pane. And where it says "Lower Pane View" make sure DLL's is checked.

Now click on explorer.exe.

Now also under the View menu choose "Select columns" and put a check mark on "Image Path".

Now click on File and then Save As. And save the process list.

You can post this log back here as an attachment.

Also note that it is also a matter of what rundll32.exe is actually loading so just because rundll32.exe is valid, it does not mean that the DLLs being loaded by it are valid. If you are having malware issues, you need to run the READ & RUN ME sticky procedure given in the Malware Forum.

kalossimitar · Oct 10, 2007

You are a real encyclopedia, again, thank you.

kalossimitar · Oct 10, 2007

I did what you said, the 2 are located in system32, so at least, they are legit. Ill google the DDL files, but I still put an attachment log with this post.

Again, it may sound corny, but Im happy to see I got such a fast answer from someone who knows what hes talking about. This forum seems like a good place to get answers. tyvm

Edit:As I said, ill check the malware part of the forum, so you dont have to read the attachment if you dont feel like it (I would understand that ;P). Anyways, if I still have questions, ill post back here. ty

Log in or Sign up

tasklist.exe

kalossimitar Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

kalossimitar Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

kalossimitar Private E-2

kalossimitar Private E-2

Attached Files:

explorer.exe.txt