Nowadays, it’s important to secure your computer. That also involves monitoring unusual behavior, for example a lot of disk activity while you are idle. Thanks to Windows, we have all the tools we need for that already.
1. Step First of all, close all of your programs to simplify this process.
2. Step Next open the Windows 7 task manager via CTRL + ALT + DEL (click at the bottom on start task manager)
3. Step Go to the tab Performance when after opening the Windows task manager
4. Step At the bottom there’s a button called Resource Monitor… with an admin icon, click on it.
5. Step Now get familiar with the UI of the resource monitor if you don’t use this tool a lot
6. Step When you’re done go to the tab Disk
7. Step Uncollapse the field Processes with Disk Activity
8. Step There are different columns, PID, Read (B/sec), Write /B/sec) and Total (B/sec) that are important
9. Step Click on the column name Write (B/sec) to sort all process with disk activity that are currently writing to your disk
10. Step Now analyse the processes that are very active (although all programs are closed)
11. For further analysis right-click on a suspicious process and click on Search Online
12. It should open a Google search for the process name
13. Append a “what is” at the beginning for even more explanations
14. Create a list of whitelist and blacklist processes. Put all supicious processes on a list and do some research on
I hope this will help some of you to find all suspicious processes with disk activity. Obviously, many viruses also use names of common applications and Windows files.
Warning: Do you have processes that have a name very similar to Windows processes. Let’s say svhost.exe instead of svchost.exe?
Viruses often use very similar names to confuse you. Make sure to properly read the names and identify them.