Welcome to Process-info.org library

Process-info.org is an online library of Computer Operating System's Processes, which helps you to identify processes running at background of computer operating system or at remote computers on your network.

Process-info.org contains a growing database of executable processes (mostly with .EXE extension) and DLL libraries. You can search for processes through search box or navigate alphabeticaly by starting letter of process name.

It is assumed that users are familiar with computer operating system they're using and agree with suggested changes. Process-info.org will not be held responsible, if changes you make cause a system failure.

The Latest News

15 latest global news related to computer security

March 28, 2015 3:09:23 AM CET

Rootkit:W32/ZAccess – Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.


March 28, 2015 3:09:23 AM CET

Trojan-Spy:W32/FinSpy.A – Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity.


March 27, 2015 1:43:53 AM CET

URSNIF: The Multifaceted Malware – The URSNIF malware family is primarily known for being a data-stealing  malware, but it’s also known for acquiring a wide variety of behavior. Known URSNIF variants include backdoors (BKDR_URSNIF.SM), spyware (TSPY_URSNIF.YNJ), and file infectors (PE_URSNIF.A-O). December 2014: Rise in URSNIF infections brought about by file infection routines In December 2014 we discussed a rise in URSNIF infections, […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroURSNIF: The Multifaceted Malware


March 27, 2015 1:00:00 AM CET

Trojan.Rloader.B!g2 – Risk Level: Very Low. Type: Trojan.


March 27, 2015 1:00:00 AM CET

Exp.CVE-2015-0328 – Risk Level: Very Low. Type: Trojan.


March 27, 2015 1:00:00 AM CET

Exp.CVE-2015-0326 – Risk Level: Very Low. Type: Trojan.


March 27, 2015 1:00:00 AM CET

Exp.CVE-2015-0325 – Risk Level: Very Low. Type: Trojan.


March 27, 2015 1:00:00 AM CET

Exp.CVE-2015-0323 – Risk Level: Very Low. Type: Trojan.


March 27, 2015 1:00:00 AM CET

Trojan.Ransomlk.AP!inf – Risk Level: Very Low. Type: Trojan.


March 27, 2015 1:00:00 AM CET

VBS.Cozer – Risk Level: Very Low. Type: Trojan.


March 27, 2015 1:00:00 AM CET

VBS.Cozer.B – Risk Level: Very Low. Type: Trojan.


March 26, 2015 7:03:00 PM CET

Private I: Trust and verify for network certificate roots – In a post on March 23, Google's security team explained that it had discovered that someone was delivering digital certificates to users for Google domains that weren't authorized by Google. A quick investigation discovered that a Chinese certificate authority (CA), CNNIC, had improperly given a reseller enough power to create verifiable certificates for any domain in the world.With a verifiable certificate, any seemingly secured web connection can be intercepted by a party that can insert a tap into a network point between the browser and the server. It's bad.I'll break down the details later in this article, but the critical fact is that this was apparently discovered and contained quickly. New mechanisms that have slowly been put in place to assure the integrity of secured Web sessions (and secured email and some other services) are--well, they're actually working!Mac and iOS users can take advantage of these easily with Safari and any major browser. If you're lucky, you'll never see an error that indicates a security connection has been redirected and hijacked. But if you do, this article will help.Who's in charge here?If you want the full rundown on the CA system and how digital certificates work, you can consult my 2011 Macworld article "Keep your Mac safe from Web security flaws." After nearly four years, the basic infrastructure remains the same, but all the advice has changed. Some potential future improvements disappeared or stalled, while others have moved rapidly to deployment.The tl;dr summary is that all secure web connections rely on a handshake between a browser and a server. The browser receives a digital certificate from the server, which contains its public encryption key, details of to whom it was assigned including a domain name or names, and a cryptographic signature that's used to validate that none of the information in the certificate has been tampered with. The public key is used to protect an encryption key used for the current connection--a "session"--without requiring any other coordination between browser and server.Several hundred entities around the world--companies, nonprofits, and some government agencies or companies closely affiliated with governments--act as certificate authorities, any one of which can sign a web server's certificate on request (almost always for a fee). A CA provides another layer of trust and verification that the security document was provided by a party that controls the domain name that corresponds with the certificate.CAs also need to be verified, and that involves baking some of their cryptographic data into operating systems, like OS X, Android, and Windows. Many browsers consult the OS list of CAs; some browsers do not and contain their own unique CA list. You can review Apple's list of built-in CAs in OS X by launching Keychain Access (Applications Utilities) and clicking System Roots in the Keychain list at left.When a browser receives a certificate that can't be verified, the connection fails and a user is warned. That's one category of problem which you may have seen. It usually comes up accidentally, when a server is misconfigured or a certificate wasn't created that includes all the domain names being handled by a given server.But the other scenario, which I talked about in 2011, occurs when a legitimate, verifiable certificate is issued by a CA or one of its affiliates inappropriately. (Most CAs have reseller programs and allow third parties to sell certificates that are processed through a connection to the CA's back-end systems.) Sometimes it's an error, sometimes it's a bad judgment, and sometimes it's due to an attack on the CA or its affiliate.In the case highlighted by Google Security, the root CA gave its reseller the keys to its kingdom: a private key that allowed the creation of a certificate that would work for any domain. This affiliate installed this into a data inspection device, often used in corporations and by governments to sniff secure data that passes across or between networks.The legitimate use of this is in companies or agencies that disclose the behavior to employees because they have a need to scan for misuse of information or security leaks. A proper configuration involves configuring individual machines before they can use the network with a local certificate or proxy settings that allows this inspection.What CA's reseller did is now banned by all OS and browser makers as of a few years ago: installing a generic matches-everything certificate that can intercept all data, because that same certificate could be used anywhere in the world.We don't know precisely what triggered Google's alert, and the company didn't reply in time for this column to a query for more details. But based on its report, it was likely that users in the affected company or location who used Chrome received errors and reported those to Google. This will soon be a much more widespread option for more domains, and the warnings now appear in almost all modern browsers.Pin the tail on the certificateWhen a bad certificate is issued by any means, CAs should be able to issue a revocation--an automated "statement" of badness that's sent out and consulted by any browser or other software before it accepts a certificate from any server.In Keychain Access, in Preferences under the Certificates tab you can see (and set) the ways in which revocations are handled. Without getting into the weeds, the process isn't considered reliable. Revocation servers aren't always available, and if they aren't, the lookup either locks your browser up or times out and accepts the certificate whether it's revoked or not! (There's a new way to manage revocations that's gaining ground, but it's not widespread enough to rely on yet.)Instead, OS and browser makers release warnings and push micro-updates, often as automatic fixes, either to disable a particular certificate or a set of certificates, or to block an "intermediate" root certificate assigned from a CA to another party, like a reseller.Two approaches have risen to the fore in providing sites and users with notification, though, one of which I mentioned in passing in 2011.On the client side, "pinning" is a partial panacea for illegitimate certificates. Before pinning, any CA in the world, and any party they authorized, could issue a certificate that was valid for any domain in the world. Terrifying. It's like letting a guy in an office in Brazil (or Kenya or Ukraine or Utah) make and sell keys to your apartment in Barcelona.Pinning provides an explicit list of which CAs out of the hundreds that exist are entitled to issue a certificate for a domain. If a certificate appears that was signed by any other CA, bells and alarms go off. Google pioneered this and it's now being expanded. Google pinned its domains inside of its Chrome browser starting in 2011, and let Chrome users enter local pins as well, useful for companies that installed Chrome in large numbers.Mozilla (Firefox's maker) added pinning in 2014 with version 32 for a set of domains, including its own and Twitter's. It expanded those over subsequent releases to add Google and others.That's fine for these special cases, but shouldn't this tool be available for all secure sites? I've used just a couple of CAs (though resellers) for the last few years for my web certificates, and it would be delightful to lock off any theoretical attacks against users fooled into thinking they've connected to one of my sites -- much less a small credit union's banking site or a major retailer.A generic way to let any site publish via its web server which certificate authorities are valid has been in the works for a few years, and is now heavily deployed. HTTPS Strict Transport Security (HSTS) is the moniker, and Apple added it in Safari 7.1 (in Mavericks) and mobile Safari in iOS 8.1. Firefox, Chrome, Opera (desktop), the Android browser and Chrome for Android all support it as well. (Opera Mini and Internet Explorer do not, but IE 12 will.)I can see right through this exploitA second bit of help is coming from certificate transparency (CT), which Google is promoting and is still in the process of rolling out. With CT, every CA will have to publish information in a central log whenever (or even some number of hours before) a new certificate is issued. This allows Google and any other entity around the world to keep track of all legitimate certificates while also noting any that are issued by an authority without the authority to do so, based on pinning.When CT is fully implemented in browsers and operating systems alongside pinning, a certificate that doesn't appear in the corresponding CA's certificate-issuing list or that fails a pinning test will give a user a chance to react. CT will also be used by companies like Google and independent security organizations to monitor actively for problematic security documents.Pinning, and soon certificate transparency, absolutely do not solve all problems related to misuse of certificates. But on their own and together, they reduce the area of potential of harm by making it far harder for a sniffer to obtain a certificate and insert themselves into a secure connection without being immediately caught.The alerts that browsers will provide will allow users quite legitimately to feel as if they are part of the effort to provide integrity to the Internet's plumbing.


March 26, 2015 6:02:00 PM CET

Tech companies call on US to end bulk collection of metadata – A slew of tech companies have joined privacy groups in calling for the U.S. government to reform its surveillance practices.An open letter from the tech industry and privacy organizations urges the government to not renew the provision in the Patriot Act that allows for the bulk collection of metadata. That provision, called Section 215, expires in June."There must be a clear, strong, and effective end to bulk collection practices," reads the letter, which was signed by the industry group Reform Government Surveillance, whose members include including Apple, Facebook, Google, Evernote, Twitter and Microsoft. Any data collection efforts need to protect user rights and privacy, the letter said.The issue stems from the bulk collection of metadata, like the length and time of phone calls, by U.S. intelligence groups including the National Security Agency. In 2013 former NSA contractor Edward Snowden released documents that showed the NSA was gathering this information from millions of phone calls."Nearly two years after government surveillance revelations came to light, the U.S. Government still has unfinished business to reduce the technology trust deficit it has created," said Fred Humphries, Microsoft's vice president of U.S. government affairs, in a blog post.Attempts by Congress to reform the country's surveillance programs have so far failed. In November, the Senate voted against a bill that would have reined in the NSA's ability to collect telephone records in bulk.On Monday, a spokesman for President Barack Obama's National Security Council told Reuters that the administration will stop the bulk data collection if Congress fails to reauthorize it. The administration, however, wants Congress to enact legislation allowing the collection to continue, saying that Section 215 is "a critical national security tool" that has uses besides bulk data collection.Fred O'Connor writes about IT careers and health IT for The IDG News Service. Follow Fred on Twitter at @fredjoconnor. Fred's e-mail address is fred_o'connor@idg.com


March 26, 2015 4:05:30 PM CET

VU#930956: Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem – ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple models and firmware versions of the InnGate has been shown to allow read/write access to remote unauthenticated users via a misconfigured rsync instance.


March 26, 2015 2:31:00 PM CET

Survey: 75 percent of firms would take hours or longer to spot breach – Although 68 percent of companies said they are prepared for a breach, 75 percent estimated it would take hours, days, or weeks for them to notice that one had occurred, according to a new survey released this morning.Osterman Research conducted interviews with 225 mid-sized and large organizations on behalf of Sunnyvale, Calif.-based security vendor Proofpoint, Inc. to assess attitudes and processes around data breaches and data loss prevention.Only 6 percent of respondents said they were "very well prepared" to deal with data breaches, 27 percent said they were "well prepared," and 35 percent said they were "prepared." Another 18 percent said they were "somewhat prepared" and the remaining 14 percent were either not well prepared, poorly prepared, or not prepared at all.However, only 4 percent of respondents said they could detect a potential breach within seconds, and 20 percent said it would take them several minutes.For 37 percent of respondents, detection would take hours. For 21 percent, it would take days. The remaining 17 percent said that detection could take weeks or longer, or they did not know how long it would take."That's not even remediation, or stopping the exfiltration," said Kevin Epstein, Proofpoint's vice president, advanced security and governance. "That's just realizing that the remediation is happening. And given how fast data can be moved these days, that's the crown jewels leaving the company. There's a hole in the bucket and data is flowing out of it."And companies were probably being overly optimistic in their estimates of how long it would take them to detect a breach, given the recent experience of high-profile victims.Part of the reason is that many company still use manual methods to detect data breaches, said Epstein.Although 80 percent of survey respondents rated their use of technology as 4 or higher on a 1 to 7 scale from "no technology used" to "we use technology extensively," 68 percent also rated their use of manual methods at 4 or higher.Then, once a threat has been detected, many companies are still relying heavily on manual mitigation, he added.While 76 percent of companies rated their use of technology as 4 or above when it comes to responding to data breaches, 71 percent rated their use of manual methods as 4 or higher."Organizations are still relying significantly on analysts sitting there looking through alerts," said Epstein. "And, based on the headlines, that's not working."And he's not surprised, he added."If you're an analyst getting 30,000 alerts a day from your system, its hard to keep up with the crucial information," he said. "Attackers are succeeding because there are too few firemen and a lot of fire alarms going off."The firemen are wasting their time responding to too many false alarms, he added.Companies should be looking at technologies that allow them to prioritize the alerts, he added, to sort out the false positives, and the cases where an employee installed an ad toolbar on their laptop, and focus on the instances where an attacker is trying to get data out of the company.Proofpoint is one of the companies that offers this kind of technology.According to the survey, organizations put a median of 4.3 IT and related staff members per 1,000 employes to work dealing with the immediate aftermath of a breach, and increase that to 4.4 employees in the follow-up.However, only 31 percent of organizations had a budget in place for data breach mitigation, and only 45 percent had data breach insurance in place.Just over half of the organization that have a budget in place plan to increase it next year, while the rest plan to keep it the same. Only 1 percent of companies plan to decrease their breach mitigation budgets.


Navigate through library of processes alphabeticaly by first letter: