New Computer Hope tool

Started by Computer Hope Admin, November 10, 2008, 05:33:41 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Computer Hope Admin

This weekend for my form of fun I wanted to program so decided to create a new tool for Computer Hope that I hope everyone can find useful. This tool is known as the "Windows process search tool" and is currently in the alpha stage of testing. The idea behind the tool is to enable users to search for one or more process and find additional information about that process. What makes this unique from all the other services like this is that you can copy and paste a long listing of processes (e.g. from HijackThis) and quickly identify everything running on the computer. In addition to the easy to read listing of processes you can also click the top bar to quickly and easily sort any row of data (helpful for grouping programs from the same company). Finally, all processes can be looked at individually to give additional helpful information and link into other services such as pulling the company links (if any), Q&A links (if any), and related dictionary links (if any).

Found at:
http://www.computerhope.com/cgi-bin/process.pl

Example of a HijackThis log with processes:
http://www.computerhope.com/cgi-bin/process.pl?o=00

This is still being developed so still a lot of work to do and only had the time to add a few hundred processes. Would appreciate any feedback, suggestions, etc. from the community.  ;D

p.s. Anything found as Unknown is automatically logged so I can get them added.

Update:
YouTube video giving a quick overview of this tool found here.
Everybody is a genius. But, if you judge a fish by its ability to climb a tree, it will spend its whole life believing that it is stupid.
-Albert Einstein

Calum

Looks great!
Must have took a lot of work.

Ivy

That is simply awesome!

Now I understand why you were spending so much time on the malware section (I actually thought you wanted to be a malware removal specialist and were learning to study HJT logs....I actually did!)

I copied a few things from the HJT log and got info on all three Items, wow thanks a lot Nathan!

Amazing tool!!

[size=8pt][color=green]Use what talent you possess.
The woods would be very silent
If no birds sang except those that sang best-[/color] [color=Black]Henry Van Dyke[/color]
[/size]

Carbon Dudeoxide


Computer Hope Admin

Thanks for the feedback. I've made a few more updates to fix issues with posting the full HijackThis log instead of just the processes section. Now either method will work. Also added a dozen or so more processes seen in the unknown file.
Everybody is a genius. But, if you judge a fish by its ability to climb a tree, it will spend its whole life believing that it is stupid.
-Albert Einstein

Carbon Dudeoxide

I went ahead and posted my HijackThis Log as well as a list of my disabled startup items (wow long list) and about 60% of them were unknown.

I managed to hold back from putting in carbon.exe.....

Computer Hope Admin

Updated again and added some additional processes.
Everybody is a genius. But, if you judge a fish by its ability to climb a tree, it will spend its whole life believing that it is stupid.
-Albert Einstein

Computer Hope Admin

Posted another large update to this tool. In addition to adding several hundred more additional processes. Will now parse out complete HiJackThis logs and also look out .dll files.
Everybody is a genius. But, if you judge a fish by its ability to climb a tree, it will spend its whole life believing that it is stupid.
-Albert Einstein

Ivy

Bye Bye Malware removal specialists! :'(  ;D
[size=8pt][color=green]Use what talent you possess.
The woods would be very silent
If no birds sang except those that sang best-[/color] [color=Black]Henry Van Dyke[/color]
[/size]

Carbon Dudeoxide

Good work Nathan.

I don't think our Malware Specialists will be removed any time soon. :D

patio

carbon.exe can only be removed by a complete DOD Format and a clean install...
" Anyone who goes to a psychiatrist should have his head examined. "

CBMatt

Quote from: Carbon Dudeoxide on November 11, 2008, 08:16:07 AM
I don't think our Malware Specialists will be removed any time soon. :D

Not at all.  We use programs like this on a regular basis to help us get through logs quickly.  They are not something should be relied upon, however.  As helpful as they are, they are unable to catch many things such as certain file extensions or hidden registry entries.  Personally, I think these process scanners should only be used by those who have proper training.  A lot of people tend to take the results at face value and end up removing the wrong things.




This is a great project, though, and I hope it will be ongoing.  And of course, I'd be more than happy to help if any assistance is ever needed.
QuoteAn undefined problem has an infinite number of solutions.
—Robert A. Humphrey

ChrisXPPro

Most intriguing - and for sure a lotta work.  I will watch with interest.


(BTW - notification emails seem to have dried up!)
Ain't technology great - until it goes wrong!

Computer Hope Admin

Thanks for the feedback and regarding notifications believe that's due to mail server issues currently working on it.

Just on a side note. During the late server crash of '08 ;) I had a lot of spare time while I was moving thousands of files and made a ton of additional updates and fixes to this script and added a few hundred more entries to the data file. Below are some of the updates I can recall doing at this moment did a lot and was half asleep so sure I'm missing a few.

- Will no longer report common system files as being potentially infected because of new check mentioned below.
- When parsing a HiJackthis log for processes that contain file path information if it notices that in the log that the Windows process is not in the directory it should be e.g. c:\windows vs. c:\windows\system32 it'll report this.
- When parsing a HiJackthis log that contains missing files registry entries it'll mention each of those and give warnings.

Any other suggestions welcome.
Everybody is a genius. But, if you judge a fish by its ability to climb a tree, it will spend its whole life believing that it is stupid.
-Albert Einstein

evilfantasy

How about getting it to check for the up to date Windows versions for XP and Vista? With XP either SP3 or SP2 is still considered up to date. Vista is SP1. The HJT header information is just as important as the rest of the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:16 AM, on 11/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600) <- Warn of out of date service pack (SP1 and below)
MSIE: Internet Explorer v7.00 (7.00.6000.16735) <- Current IE v7
Boot mode: Normal

Note: The current IE v6 is MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) or SP3