In case of the Windows Operating System, the underlying processes and services are the basis of its smooth operation. If you are a Windows user, you must be familiar with the most popular shortcut Key of them all – Ctrl + Alt + Del – which opens up the Task manager and shows you details of what’s actually going on under the hood,which application is hogging all the memory and which unneeded processes are running in the background.
Since the processes listed are vital to the smooth working of the computer, its a good idea to know how to track, where each process is located. Also, many computer viruses and spyware, make use of these process names to blend-in and thus go unnoticed even if you are familiar with usage of the Windows Task Manager. Compared to the Task Manager in Vista, which has seen a lot of improvements, the Task Manager in Windows XP doesn’t help much in locating a process location. Lets discuss how we can locate any process in both Windows XP and Vista. Windows 7 is in Beta right now, but I am sure, the operation would be very similar to that of Windows Vista.
Locating a Process in Windows XP:
As I mentioned before, the Task manager in Windows XP isn’t good enough to drill down a processes’ location. As you can see in the image above, when you right click on any process listed, it doesn’t provide us an option to locate the file. So in XP we are going to use the SysInternals Process Explorer.
Using Process Explorer in Windows XP:
The Process Explorer is a handy little utility from SysInternals, which was bought by Microsoft, some time back. Its just a 1.6 MB download. You can download it from here. It is a standalone program, which means like most other diagnostics programs, you don’t have to install it. Just extract the exe from the zip and run it.
Once Process Explorer is up and running, it shows you the list of all processes and related applications. Since in this example we are focusing on the process ALG.exe, lets see how Process Explorer shows us its details.
When you over the mouse pointer on alg.exe, it shows you the location of the process and the corresponding Windows Service its related to, its that easy.
If you feel you need more information,just right click on alg.exe and click on properties. It gives us a wide variety of information regarding selected process.
The Properties dialog box from Process Explorer:
It gives us a lot of information in this window. You can click on the tabs above like Performance and Performance graph etc, to know more about the process.
Locating a Process in Windows Vista:
As compared to Windows XP, the Windows Vista Task Manager has improved considerably. It lets you drill down and find more information about the process just by right-clicking and selecting Open File Location. That gives you the idea if the file is in expected location or not. If there a virus masquerading as a Process or Service, it would be stored in a different directory than the original and you would be able to eliminate it. Process Explorer is a great tool for manually detecting and removing Malware.
You could also click on the properties option above to get an overview about the process. The overview wont be as detailed as the one provided by Process Explorer though.
Using Process Explorer in Windows Vista:
Once you run the Process Explorer in Windows Vista, you just need to go through the listed processes and hover the mouse pointer on the target process. Process Explorer shows a Tooltip that displays the location of this Process.
To get more details, just right click on the process and select Properties, as shown above. The Properties dialog box shows great deal of information about the target process:
Again, you can know more about the process by checking the Performance, Performance Graph and other tabs. If you compare the Properties dialog boxes from Windows task manager and Process Explorer, you would see Process Explorer provides much more information.
Finding the location of processes is an important step when we are looking for viruses or spyware that may disguise themselves with fake names similar to or same as the original Windows Processes. Hope this information would be helpful to some of you.
Do you use any other tools for diagnosing you Windows OS? Also, if you have any questions related to this please let me know in the comments section below.