473,387 Members | 1,515 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > how do you find the owner of a process ? (2nd try)

Join Bytes to post your question to a community of 473,387 software developers and data experts.

How do you find the owner of a process ? (2nd try)

DD
I'm not sure that this msg made it out, the first time I sent it, so I
am trying again. --

Win XP Home Edition

I use System.Diagnostics.Process.GetProcesses()) to get info about the
processes running.
I don't see any members of class' Process' which allows me to get the
name of the owner of the process.

A related question: Can a running process hide itself from the
GetProcesses() call? If so, how can I find and kill it?

The reason I am asking this question, is that I apparently just picked
up a virus of some kind.

It is doing these things:
- trying to send a msg to IP 1.1.1.1 port 6667 every few seconds.
I prevented this from succeeding.
- immediately shutting down the window I get when I type Ctl-Alt-Del
- Immediately shutting down regedit, when I try to run it.
- runs even after a restart of the machine

So, I figured I would write a program to kill any process I want.
But sometimes I get an exception "access denied", even tho I am
running with admin privliges. I am guessing that this is for
processes owned by System.

If anyone has other ideas about what I can do, I'd sure like to hear
them. In particular, how can I find out which processes will
automatically run at startup, and how can I change that?

Alan
Nov 15 '05 #1
1 4283

<DD@chi-town> wrote in message
news:bd********************************@4ax.com...
I'm not sure that this msg made it out, the first time I sent it, so I
am trying again. --

Win XP Home Edition

I use System.Diagnostics.Process.GetProcesses()) to get info about the
processes running.
I don't see any members of class' Process' which allows me to get the
name of the owner of the process.
That's because it's not there.
A related question: Can a running process hide itself from the
GetProcesses() call? If so, how can I find and kill it?
Not sure. They might be able to. If they hide from you, it's
because you don't have enough privilege to see them, in which
case trying to find them is pointless. I'm not sure they can
do this, but if they can, you would have to be a user with a
higher set of privileges.
The reason I am asking this question, is that I apparently just picked
up a virus of some kind.

It is doing these things:
- trying to send a msg to IP 1.1.1.1 port 6667 every few seconds.
I prevented this from succeeding.
- immediately shutting down the window I get when I type Ctl-Alt-Del
- Immediately shutting down regedit, when I try to run it.
- runs even after a restart of the machine

So, I figured I would write a program to kill any process I want.
But sometimes I get an exception "access denied", even tho I am
running with admin privliges. I am guessing that this is for
processes owned by System.

If anyone has other ideas about what I can do, I'd sure like to hear
them. In particular, how can I find out which processes will
automatically run at startup, and how can I change that?


I think that this might be the ie85rk or whatever it's called.

It's a rootkit that shims itself in the kernel and hides all
traces of itself. There's nothing you can do to find it other
than to boot into safe mode and look at the list of drivers
in HKLM\System\CurrentControlSet somewhere, I forget.

Search www.ntbugtraq.com for more information about this.
Try searching for "root kit".

As far as killing processes, that's a bad idea. Some
processes are owned by SYSTEM and you can't kill them unless
you're logged in as SYSTEM (hint: set scheduler service
to run as SYSTEM and schedule cmd.exe to run with
INTERACTIVE 30 seconds from now, then, when it pops up,
open taskmgr.exe to kill the process), but that's a VERY
VERY BAD IDEA(TM).

Try the Safe Mode idea and look for the root kit.

-c
Nov 15 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Python CGI - Accepting Input, Invoking Another Process, Ending CGI
by: LarsenMTL | last post by:
Python Users: Based on previous suggestions from this group, I'm attempting to write a python CGI that takes input from an HTML form, invokes a second python script using this input, tells the...
Python
1
Dump tables with pg_dump - no or different Owner
by: Victor Spång Arthursson | last post by:
Hi! Have a problem, probably easy to solve... I want to dump a database which resides on my local server with another, and not existing, owner than the one who actually owns it locally. The...
PostgreSQL Database
2
API Help please - How do I find the owner of a file or folder using
by: John Regan | last post by:
Hello All I am trying to find the owner of a file or folder on our network (Windows 2000 Server) using VB.Net and/or API. so I can search for Folders that don't follow our company's specified...
Visual Basic .NET
3
GetNamedSecurityInfo - Read Owner pt II
by: Dave Coate | last post by:
Hello again, I am going to re-post a question. I got some excellent suggestions from Rob and Mattias on this but their ideas did not solve the problem. Here is the original post: ...
Visual Basic .NET
11
how to find not the next sibling but the 2nd sibling or find sibling "a" OR sinbling "b"
by: localpricemaps | last post by:
i have some html which looks like this where i want to scrape out the href stuff (the www.cnn.com part) <div class="noFood">Cheese</div> <div class="food">Blue</div> <a class="btn" href =...
Python
0
Creating a FileSystemSecurityRule for CREATOR OWNER
by: Roshan | last post by:
Hi, I am trying to programatically add a FileSystemAccessRule for CREATOR OWNER to the filesystemsecurity obj of a folder whose creator and owner is a user account say 'SomeUser'. The rule gets...
.NET Framework
4
How to find owner process ID?
by: Nayan | last post by:
The base process owns this thread. But the visible window is owned by the thread. How do I get the owner Process ID from a Thread ID? To understand, look at this "<<--" pointer in the...
C# / C Sharp
7
Owner and base
by: MarkJ | last post by:
him im kinda new to c-sharp... to reference up the class chain, how do i reference the super class (parent) example class mybase { protected int abc=0 } classs myclass:mybase {
C# / C Sharp
1
Owner of spawned process in threads
by: Vishal Sethia | last post by:
Just trying to understand the behaviour of spawn. Consider I have a function which creates two threads. And in one of the threads I make a call to pexpect.spawn. spawn would fork and create a new...
Python
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!