Did write myself this task to make sure we'll whitelist Vistas system entries
Did write myself this task to make sure we'll whitelist Vistas system entries
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
Question?
What are the 4 digits that that show up in the white box when I do a quick scan?
Example : 9096
Do you have Windows 2000? And refer to the lower white box on the Quick Scan tab?
The only thing mentioned with numbers there would probably be hidden processes. You can open Windows Task Manager, make sure the column PID is shown, and look for task 9096 (or whatever the current number is).
As a sidenote, that RootAlyzer tells you to not close or open other applications while it does the quick scan is important here; the method to detect rootkits is by comparing the contents of various system lists, and if one of these system lists shows a PID (process ID, a unique number assigned to an instance of an application in memory) that is NOT visible in the main process list, it's usually hidden by something there. Since reading these complete system lists takes a few seconds, they would get out of sync if applications have been opened or closed in between. Since you didn't see any name after the number, it could mean a program that has been closed during the scan.
If it happens more than once when starting RootAlyzer, chances are not that big that again an application has closed itself exactly in this moment.
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
9096
I have windows xp home edition
When I open windows task manager how do I get the PID column to show?
When the four digit numbers appear the green circle is red at....Invisible processes(from handles). And no other applications are being open or closed. Could it still be an application that the system is running that closes while Rootalyzer is running? It is the red that concerns me.
thanks you so much for the help
Great products! Your dedication to internet safety is appreciated.
One more thing....I downloaded the update....the older version u could click on the four digit number and terminate it. But it does not work on this version...And the newer version has an update button....when I click on it nothing happens.
Last edited by einnob; 2008-04-30 at 18:18. Reason: spelling
pid column
Found the PID column
under view...select columns
Posting Permissions
Reply With Quote