Menu
homeAndroid

How to stop unnecessary processes in Windows 7. How to find a virus in the list of Windows processes

The Task Manager utility is great for quickly reviewing the current state of the system. Open task manager possible by pressing the key combination and then clicking on the Launch Task Manager link in the Windows Protection screen that appears.

Processes

On the tab Processes, displays a list of programs, services, and system components that are currently running on the system. (By default, Windows 7 shows only processes that were started by the current user. To force Windows 7 to show all processes, you need to click the Show processes for all users button.) Initially, processes are listed in this list in the order in which they were started, but you can optionally The order can be changed by clicking on the column headings. (To return to the original chronological order, you will have to close the Manager window and reopen it.)

In addition to each process's image name, the name of the user who ran it, and a description, the Processes tab displays the following two performance metrics.

CPU

The values ​​in this column show how much CPU resources (in percentage) each process is using. If your system seems to be running slow, you can easily use this column to find the process that is using almost all of your CPU resources. Many programs can and will monopolize the CPU for short periods of time, but if a program is stuck at 100% for a long time, there's probably something wrong with it. In this case, you can try to end the program, and if this is impossible, select the process representing it and click on the End process button, and then click Yes when Windows 7 asks for confirmation.

Memory

The values ​​in this column show approximately how much memory each process is using. They are less useful because any process can actually require a lot of memory to run. A persistent increase in this value for a process that is not in use may indicate that there is a problem and therefore indicate that the process should be terminated.

Performance

The Performance tab, as you can see, offers a more significant collection of data about performance and, in particular, about such an important component of the system as memory.

The graphs show current and historical values ​​for both CPU usage (the total percentage of CPU resources consumed by active processes) and physical memory usage. Various numbers are displayed below the graphs, which mean the following.

Section Physical Memory (MB)

  • Total. The total amount of physical memory (RAM) on the system.
  • Cached. The amount of physical memory that Windows 7 has allocated to store recently used programs and documents.
  • Free. The amount of physical memory that is available to programs in Windows 7. It is important to note that the size of the system cache (see the previous paragraph) is not included in this value.

Section Kernel Memory (MB)

  • Uploadable. The amount of kernel memory that is mapped into pages in virtual memory.
  • Non-paged. The amount of kernel memory that cannot be paged in virtual memory.

Section System

  • Descriptors. The number of object handles used by all executing processes. A handle is a pointer to a resource. For example, if it is necessary to use a particular service provided by a particular object, the process must first ask the object for a handle to that service.
  • Streams. The number of threads used by all running processes. A thread is a single CPU task that a process runs, and many processes can use two or more threads simultaneously to speed things up.
  • Processes. The number of currently running processes (corresponding to the number of items that are displayed on the Processes tab if you click the Show processes of all users button).
  • Working hours. The number of days, minutes, and seconds that the current user session lasts in Windows 7.
  • Allocated (MB). Minimum and maximum page file values. What is a page file? In addition to the physical memory that was installed in the system, the computer can also use other memory. This “other” non-physical memory is called virtual memory and is implemented by dedicating a portion of the hard drive to emulate physical memory. This part of the hard drive is actually a single file, which is called the page file (or also, sometimes, the paging file or swap file). When physical memory becomes full, Windows 7 frees up space for new data by “swapping” some of the data currently in memory to a page file.

Below are some things to keep in mind about these values ​​when monitoring memory usage.

  • If the free physical memory value approaches zero, this means that the system is seriously starved of memory resources. The reason may be the presence of either too many running programs, or one, but very large and therefore consuming almost all memory resources.
  • If cached physical memory is less than half the amount of total physical memory, the system is not running as efficiently as it could because Windows 7 is unable to retain enough recently used data in memory. Because Windows 7 gives up some of the system cache when it needs physical memory, it's best to close programs that aren't needed.

In all these situations, the quickest solution is to reduce the amount of memory used by the system by closing either some documents or some programs. In the latter case, it is convenient to use the Processes tab and use it to determine which applications consume the most memory and which of them can be safely closed. A more effective, but also more expensive solution is to add additional physical memory to the system. This solution reduces the likelihood that Windows 7 will need to use a page file and allows Windows 7 to increase the size of the system cache, which significantly improves performance.

Instructions

First you need to open the task manager window, you can do this in two ways. Firstly, it can be called by pressing a certain key combination (Ctrl-Alt-Delete). This method is especially good if your operating system is completely and already on mouse movements. But remember that these keys may cause the system to reboot. Secondly, right-click on the free space on the taskbar (this line is located at the bottom of your screen). In the context menu that opens, click on the “Task Manager” item.

Sometimes when you press the Ctrl-Alt-Delete keyboard shortcut, you may see a "User Manager as Administrator" message. This can be caused by several reasons, for example due to viruses. So if you still want to unlock this useful feature on your , then you need to do the following. First, open the “Start” menu and in the “Run” line enter the command “gredit.msc”, then confirm it by clicking “OK”. As a result, a new “Group Policy” window should open in front of you, then you need to go to “User Configuration” - “Administrative” and click “System” - “Ctrl-Alt-Delete”. Double-click on the “Uninstall Task Manager” option. In the new window that opens, select “Disabled” and confirm the changes by clicking “Apply.” After this, you can simply close the window.

After launching the task manager, go from “Applications” to the next tab “Processes”. You will see a list of all processes running in the operating system. In this list, find and then select it by left-clicking. Next, in the task manager context menu, click on the “End process” button. Then you must agree to disable the selected process.

The Windows operating system runs many services that are usually not needed by the user and cause unnecessary system load. It is advisable to delete the processes of such services and disable the services.

Instructions

Optimizing the Windows operating system is especially useful for those who work on rather “slow” machines. Removing unused services not only improves system performance, but also increases security when working on the Internet.

To disable unused services in the Windows XP operating system, open: Start - Control Panel - Administrative Tools - Services. The disabling process is as follows: select the service to be disabled, double-click it. A window will open, click the “Stop” button. After stopping the service, change its startup type by selecting the “Disable” option from the menu.

Disable the following services: Automatic Updates – it makes sense to disable it if you update the operating system manually. Computer Browser – disable it if your computer is not connected to the local network.

It also makes sense to disable: Telnet – if you don’t use it. Wireless setup – if there are no wireless devices. Secondary login. Annunciator. Server. Time service. Remote registry. Security Center - it does not protect anything, but sometimes it is very annoying with its messages. If you are using a third-party firewall, disable the Windows Firewall service.

When something is wrong in the system or we just want to check the effectiveness of the antivirus installed on the computer, we usually press the three treasured keys Ctrl, Alt, Del and launch the Task Manager, hoping to find a virus in the list of processes. But in it we see only a large number of programs running on a computer, each of which is represented by its own process. And where is the virus hiding here? Our article today will help you answer this question.

In order to determine whether there is a virus in a process or not, you need to look very carefully at the list of processes. In the Windows Vista operating system, be sure to click the “Display processes of all users” button, otherwise you won’t really see anything. First of all, pay attention to the description of the process in the “Description” column. If there is no description or it is somehow “clumsy”, this should alert you. After all, program developers have a habit of signing their creations in understandable Russian or English.
Having noted the processes with a suspicious description, we turn our attention to the next column - “User”. Viruses are usually launched on behalf of the user, less often in the form of services and on behalf of the system - SYSTEM, LOCAL SERVICE or NETWORK SERVICE.

So, having found a process with a suspicious description, launched on behalf of a user or on whose behalf it is unclear, right-click on it and select “Properties” in the context menu that appears. A window will open with the properties of the program that launched this process. Pay special attention to the “Details” tab, where information about the developer, file version and its description is indicated, as well as to the “Location” item of the “General” tab - the path to the running program is indicated here.

If the "Destination" path leads to the Temp directory, Temporary Internet Files, or some other suspicious place (for example, to the folder of a certain program in the Program Files directory, but you are sure that you did not install such a program), then POSSIBLY this process belongs to the virus. But all these are just our guesses; for detailed information, of course, it is better to turn to the Internet. There are good lists of processes on the sites what-process.com http://www.tasklist.org and http://www.processlist.com. If, after all the searches, your fears about the suspicious process are confirmed, you can rejoice - a virus, Trojan or other malware has settled on your computer, which needs to be eliminated urgently.

But the window with the properties of the file that started the process from the Task Manager may not open. Therefore, in addition to standard Windows tools, you need to use various useful utilities that can provide maximum information about the suspicious process. We have already reviewed one of these programs - Starter (http://www.yachaynik.ru/content/view/88/).

In Starter, the “Processes” tab provides comprehensive information about the selected process: a description of the program and the name of the file that launched the process, information about the developer, a list of modules (software components) involved in the process.

Thus, there is no need to delve into the properties of the file that launched the process - everything is in full view. However, this does not prevent you from right-clicking on the suspicious process and selecting “Properties” to get detailed information about the process file in a separate window.

To get to the program folder that belongs to the process, right-click on the process name and select “Explorer to process folder.”

But the most convenient option in Starter is the ability to start searching for information about the process directly from the program window. To do this, right-click on the process and select “Search Internet.”

After you receive complete information about the file that launched the process, its developer, purpose and opinion about the process on the Internet, you will be able to accurately determine whether it is a virus or a peaceful program-worker. The same principle applies here as in the Task Manager. Suspicious are those processes and process modules for which the developer is not specified, in the description of which there is nothing or something vague is written, the process or the modules involved by it are launched from a suspicious folder. For example, Temp, Temporary Internet Files, or from a folder in Program Files, but you definitely remember that you did not install the program listed there. And finally, if the Internet clearly states that this process belongs to a virus, rejoice - the malware did not manage to hide from you!

One of the most common misconceptions among novice dummies concerns the svchost.exe process. It is written exactly this way and in no other way: svshost.exe, scvhost.exe, cvshost.exe and other variations on this theme are viruses masquerading as a good process, which, by the way, belongs to Windows services. More precisely, one svchost.exe process can run several system services at once. Since the operating system has many services and it needs them all, there are also many svchost.exe processes.

In Windows XP, there should be no more than six svchost.exe processes. Five svchost.exe processes are normal, but seven are a 100% guarantee that malware has taken up residence on your computer. In Windows Vista there are more than six svchost.exe processes. For example, I have fourteen of them. But there are much more system services in Windows Vista than in the previous version of this OS.

Another useful utility, Process Explorer, will help you find out which services are started by the svchost.exe process. You can download the latest version of Process Explorer from the official Microsoft website: technet.microsoft.com

Process Explorer will give you a description of the process, the program that launched it, the name of the developer, and a lot of useful technical information that is understandable only to programmers.

Hover your mouse over the name of the process you are interested in and you will see the path to the file that launched this process.

And for svchost.exe, Process Explorer will show a complete list of services related to the selected process. One svchost.exe process can run several services or just one.

To see the properties of the file that launched the process, right-click on the process you are interested in and select “Properties”.

To search for information about a process on the Internet using the Google search engine, simply right-click on the process name and select “Google.”

As before, suspicion should be raised by processes without a description, without the name of the developer, launched from temporary folders (Temp, Temporary Internet Files) or from the folder of a program that you did not install, and also identified on the Internet as viruses.

And remember, for the Process Explorer and Starter programs to work properly in Windows Vista, they need to be run with administrative rights: right-click on the program executable file and select “Run as administrator.”

However, I would like to disappoint you, only very stupid viruses reveal themselves in the list of processes. Modern virus writers have long learned to hide their creations not only from the eyes of users, but also from anti-virus programs. Therefore, in case of infection with a well-written malware, only a good antivirus with the latest databases (and even that is not a fact!), a backup copy with all your information, and a disk with the Windows distribution for reinstalling the system can save you. Nevertheless, it is still worth periodically looking into the list of processes - you never know what scvhost or mouse.exe is lurking there.

The Windows XP operating system contains a huge number of useful functions. One of them, of course, is.

When installed, some programs add special information about themselves to the system registry, thereby forcing the operating system to launch them every time it boots. This saves your time, for example, you do not need to run the antivirus when you turn on the PC - it will load automatically, using the information stored in special sections of the system registry. The Microsoft Office program, for example, also stores some of its elements in Startup, allowing you to increase the speed of launching Word or Excel.

As all kinds of programs accumulate on the computer, the Startup list grows and grows...

At first glance, everything is fine, convenient and fast, but if you look in more detail, you can find quite a lot of pitfalls and disadvantages of Autoload. Viruses, spyware, and simply unwanted applications can take advantage of it, so we will look at ways to remove a program from Startup using Windows.

So, we have already said that all information about downloaded programs is stored in the system registry. Many programs use the Startup function to speed up or simplify the user's work, but there are also those that PC users would like to permanently exclude from the list of automatically downloaded programs. In order to remove a program from Startup, there are a huge number of utilities and programs, but it happens that they are not at hand. This is especially true for novice PC users who are not burdened with such problems until some virus infects their operating system. Fortunately, the Windows operating system contains built-in tools to combat unwanted software that tries to run along with the operating system and go unnoticed.

1. How to remove a program from Startup in the Start menu

The easiest way: You need to open

Here you see a list of programs that are loaded with your operating system.

You can simply drag the shortcut for the game or program you want here to let Windows know that you want it to launch every time you start the OS.

By deleting this shortcut, you remove the program from the list Startup, but not from a computer, so you don’t have to worry about mixing up too much! Nothing complicated, right?

However, the Start menu is not the only way viruses use to escape the eyes of a novice user. There is a much more complex method - an entry in the system registry.

2. How to remove a program from Startup in Msconfig

The method described above often does not work, since viruses and spyware on our PC are able to hide much more reliably. The menu is used only by harmless programs that do not hide their presence.

You can launch a more powerful utility for searching and removing programs from Startup by opening Start - Run

- msconfig. I usually use this method, so I'll describe it in more detail.

So, let's click Start - Run.

A small sign will come out - in the line type msconfig- press "OK" (or Enter)

After which, another sign will appear. In the top tabs select

Be here PLEASE CAREFUL- don’t click on other tabs and don’t change anything :-)

We go strictly point by point.

Carefully review the list for names similar to recently installed programs.

Here too - don’t touch what you don’t know :-) And you can always find out what kind of process this is on Google :-)

To remove from Startup, simply uncheck the boxes next to suspicious and unnecessary programs. Let’s look at my example:

Because I know exactly what these processes are, and I know for sure that I don’t need them - I uncheck the processes on the left.

Beginner PC users need to be extremely careful here, since disabling a system program or component may damage the operating system

Then press Apply (or OK)


Then we simply close this sign with a cross. After that, something like this will come out:

To apply the settings, restart your PC.

If something goes wrong and your OS does not boot or reboots during boot, log in and return the unchecked boxes.

I'll just add -
Now, when you turn on the computer, two signs will pop up -
1.- the same one in which we changed “autoload”
2.- with text something like “you changed the settings. If this did not worsen the performance of the computer...” and even more :-) This is not so important, we didn’t change anything special except autorun. But, just in case, we simply close these signs and work with the computer as usual.
If everything is fine (which it should be, if nothing unnecessary has been disabled) - the next time you turn on the PC, in this sign, check the box next to “don’t show this window again” and that’s it :-) It won’t bother you anymore :-)

3. How to remove a program from Startup in Regedit

Now we have reached the very System registry. Here we can find the most complete list Automatic download and its parameters. To enter the built-in registry editor, go to Start - Run - regedit .

In the window that opens, you see all the registry keys (tweaks), sorted into folders. We need to get to information about Startup, so open:

HKEY_LOCAL_MACHINE - SOFTWARE - Microsoft - Windows - CurrentVersion - Run

On the right side of the window you will see a list of programs Startup. This removal method is much more convenient, since by double-clicking on the desired element, you will see a link to the executive file. That is, speaking for beginners, you will be able to see which program is downloaded without your knowledge and from which folder.

After reading the list, remove unnecessary programs by pressing the Del.

To do this, select a section Run and press File - Export.

In case of problems, you can restore the registry information by double-clicking on the resulting file.

4. More complicated ways, but more effective and suitable for almost all operating systems:

Use XP Tweker, built into Total Commander or as a separate program, there is a separate menu - Startup - where you can select startup programs. Well, the Total Commander program can be easily downloaded on the Internet by typing its name in a search engine!

The speed of a computer largely depends on how the operating system is configured. In Windows 7, the developers tried to take into account the mistakes of previous operating systems: the new software product from Microsoft is significantly optimized and ensures comfortable work with the Aego graphical interface even on low-power netbooks.

However, it is still desirable to have some performance reserves in order to be able to run resource-intensive applications - for example, games. System optimization will help free up additional power. It is worth doing it even if a quite productive machine begins to work more slowly. This can happen after installing an application, due to frequent software reinstallations, processing large volumes of photos or videos, and even just numerous sessions of surfing the Internet.

As a result of all this, the hard drive and Windows registry gets clogged, new library and driver files appear, software errors occur due to outdated audio and video codecs. I will talk about ways to increase the power of Windows 7 both manually, using standard OS tools, and using third-party utilities.

Preliminary test

The developers of the "seven" have added a tool to the system that tests the main components of computer hardware for performance. It allows the user to understand what can be expected when using the new OS. The test is launched in the “Computer Properties” window, to open which you should use the keyboard shortcut “Win ​​+ Windows”. Based on the test results, the system will issue an average score. Note that for netbooks this figure usually does not exceed 2.3. My test laptop with dual-core Intel processor (1.87 MHz), 1 GB random access memory and the ATI Radeon 1300 graphics system earned only 3.1 points. However, this is quite enough to comfortably work not only with office programs, but also graphics, audio and video. This result can be improved in laptops only by increasing the RAM and replacing the hard drive with a more powerful one. In the case of desktop systems, it is also possible to upgrade the video card. The system optimization methods described below will not increase your score, since this test only evaluates hardware.

Getting rid of unnecessary things

Practice shows that a freshly installed system without user programs works very quickly. But such a PC is only suitable for surfing the Internet and playing solitaire. To make it a full-fledged working machine, you will need to install at least an office suite and various players. While installing the necessary working utilities, we are forced to put up with the fact that new ones are added to the system libraries, drivers And registry entries, and the more programs, the more such garbage. However, many applications add themselves (or their auxiliary utilities) to system autostart.

Clean and speed up

Some programs automatically start when the OS boots and run in the background, wasting system resources. At best, such applications simply occupy RAM (the user may not even be aware of this). At worst, they are actively functioning: downloading updates, writing reports, indexing files, checking disks for viruses. You can view and edit the startup list in the “System Configuration” window, on the “Startup” tab. All applications loaded at system startup are listed here, indicating the manufacturer and file location of each program. By unchecking the boxes next to unnecessary components, you disable their autorun. You can open the standard “System Configuration” program from the “Start | Run | msconfig".

Unnecessary programs in the autorun list include all programs that you do not use every day - for example, Skype, BitTorrent client, components of Adobe and Google programs, various players. Reducing the number of applications in startup increases not only performance, but also the speed of Windows startup. You should not exclude only system programs (drivers, low battery indicator, etc.).

Disabling User Account Control

UAC is a user account control system that protects the OS from rash user actions. This service is useful, but too intrusive: launching any third-party program (that does not have a Windows certificate) requires confirmation. In addition, OS resources are spent on monitoring. This service can be disabled without major damage to system security: open “Start | Control Panel | User Accounts | Change User Account Control settings" and move the slider to the "Never notify" position.

Disable indexing and other services

A serious drawback of the Windows OS has always been a lot of unnecessary services. In the "seven" the situation has improved significantly: most of them (more than 100 in total) are configured to start manually, and only a few begin to work automatically. But even some of the latter can be disabled for optimization purposes.

By default, Windows 7 automatically indexes all files on your computer. This is done to speed up the search. In addition to the OS itself, this procedure is carried out by any programs designed to search the contents of a PC. Typically, indexing occurs only when the computer is idle, but you can turn it off to ensure maximum computer performance. To do this, you will need to deactivate the Windows Search service. Open the Start | Control Panel | Administration| Services". In the list that appears, double-click on the desired item and set the startup type to “Disabled”.
I also advise you to disable the “Remote Registry” service to protect your PC from a network attack.

Managing Windows Update

Among other things, Windows 7 has an update service that monitors the appearance of new patches, downloads and installs them into the system. But in automatic mode, the installation process can significantly slow down the operation of the OS. This service can be switched to start manually - then the update process will not be carried out at a time when maximum power is required from the PC.

Simplifying the interface

All beautiful effects Windows 7 interface uses a lot of system resources. In everyday work, you should not abandon them, but in cases where maximum performance is required from the PC, they can be temporarily disabled. This is quite easy to do in “System Properties” by selecting the “Advanced system settings” line in the window on the left. On the "Advanced" tab, click on the "Options" button and select the "Best performance" option. You can return to the original state by selecting “Restore Defaults”.

Defragmentation and disk cleanup

Defragmenting your hard drive significantly speeds up Windows, especially if you frequently copy or delete large files. By default, in the “seven” this procedure is automatically performed once a week, but sometimes it’s still worth checking the hard drive yourself for fragmentation. Don’t forget about regularly cleaning your disk from unnecessary files using the built-in utility. This stage completes the optimization of Windows 7 using standard system tools. If you wish, you can also use utilities from third-party manufacturers.

Evaluation of system optimization results

The experiment was carried out on a test PC with the following configuration: Processor: Intel Pentium 4 (2.8 GHz) Memory: 1.5 GB DDR (400 MHz) Video: NVIDIA GeForce FX 5200 Hard drive: Seagate (80 GB) As a result of performing all of the above recommendations, including disabling the Ago effect, the system startup time was reduced from 60 to 46 s, loading Microsoft Word from MS Office 2007 Pro from 7 to 4 s, and the Yandex start page in Internet Explorer from 10 to 6 With. The WinRAR archiver test (145 MB of data) showed a 2.5% acceleration of the disk system. In synthetic tests SiSoft Sandra, Fritz Chess and Super Pi, optimization gave an increase in hardware performance of 0.5-3.6%.