Welcome to Process-info.org library

Process-info.org is an online library of Computer Operating System's Processes, which helps you to identify processes running at background of computer operating system or at remote computers on your network.

Process-info.org contains a growing database of executable processes (mostly with .EXE extension) and DLL libraries. You can search for processes through search box or navigate alphabeticaly by starting letter of process name.

It is assumed that users are familiar with computer operating system they're using and agree with suggested changes. Process-info.org will not be held responsible, if changes you make cause a system failure.

The Latest News

15 latest global news related to computer security

December 20, 2014 3:09:00 AM CET

Rootkit:W32/ZAccess – Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.


December 20, 2014 3:09:00 AM CET

Trojan-Spy:W32/FinSpy.A – Trojan-Spy:W32/FinSpy.A is a component of a commercial surveillance product that monitors user activity.


December 20, 2014 3:07:06 AM CET

Bloodhound.Flash.29 – Risk Level: Very Low. Type: Trojan.


December 20, 2014 3:07:06 AM CET

BBOS.Lastacloud – Risk Level: Very Low. Type: Trojan.


December 20, 2014 1:59:01 AM CET

Vulnerabilities Identified in Network Time Protocol Daemon – Original release date: December 19, 2014 NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code.US-CERT encourages users and administrators to review Vulnerability Note VU#852879 and update to NTP 4.2.8 if necessary. This product is provided subject to this Notification and this Privacy & Use policy.


December 20, 2014 12:10:07 AM CET

VU#852879: Network Time Protocol daemon (ntpd) contains multiple vulnerabilities – The Network Time Protocol(NTP)provides networked systems with a way to synchronize time for various services and applications. ntpd version 4.2.7 and pervious versions allow attackers to overflow several buffers in a way that may allow malicious code to be executed. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys.


December 20, 2014 12:01:46 AM CET

FTC Releases "Package Delivery" Themed Scam Alert – Original release date: December 19, 2014 The Federal Trade Commission (FTC) has released a Scam Alert addressing a "Package Delivery" themed phishing campaign regarding package delivery notifications from the U.S. Postal Service.  Scam operators often use false information linked to reputable organizations to imply the email is legitimate.Users are encouraged to review the FTC Scam Alert for details, and refer to the Recognizing and Avoiding Email Scams Publication for information on email scams. This product is provided subject to this Notification and this Privacy & Use policy.


December 19, 2014 11:28:08 PM CET

VU#561444: Multiple broadband routers use vulnerable versions of Allegro RomPager – Multiple broadband routers use vulnerable versions of Allegro RomPager in current firmware releases.


December 19, 2014 8:40:07 PM CET

VU#264212: Recursive DNS resolver implementations may follow referrals infinitely – Recursive DNS resolvers may become stuck following an infinite chain of referrals due to a malicious authoritative server.


December 19, 2014 7:13:00 PM CET

Trojan program based on ZeuS targets 150 banks, can hijack webcams – A new computer Trojan based on the infamous ZeuS banking malware is targeting users of over 150 banks and payment systems from around the world, security researchers warn.The new threat, dubbed Chthonic, is based on ZeusVM, a Trojan program discovered in February that is itself a modification of the much older ZeuS Trojan."The Trojan is apparently an evolution of ZeusVM, although it has undergone a number of significant changes," security researchers from antivirus vendor Kaspersky Lab said in a blog post. "Chthonic uses the same encryptor as Andromeda bots, the same encryption scheme as Zeus AES and Zeus V2 Trojans, and a virtual machine similar to that used in ZeusVM and KINS malware."Like ZeuS, Chthonic's main feature is the ability to surreptitiously modify banking websites when opened by victims on their computers. This technique, commonly known as Web injection, is used to add rogue Web forms on banking websites that ask victims for sensitive information, like credit card details or second-factor authorization codes.However, Chthonic has a modular architecture that allows cybercriminals to extend the Trojan's functionality. The Kaspersky Lab researchers found Chthonic modules designed to collect system information, steal locally stored passwords, log keystrokes, allow remote connections to the computer through VNC, use the infected computer as a proxy server and record video and sound through the computer's webcam and microphone.According to Kaspersky Lab, there are several Chthonic-based botnets with different configurations, suggesting the malware is being used by different groups."Overall, the botnets we are aware of target online banking systems of over 150 different banks and 20 payment systems in 15 countries," the company's researchers said. "The cybercriminals seem most interested in banks in the UK, Spain, the US, Russia, Japan and Italy."The new Trojan is primarily distributed in two ways: downloaded by another malware program called Andromeda or through rogue emails that contain specially crafted RTF documents which exploit a Microsoft Word vulnerability patched in March.Chthonic is the next stage in the evolution of ZeuS, which has become a development framework for malware creators, the Kaspersky researchers said.Launched in 2007, ZeuS quickly became one of the most popular tools used by cybercriminals, primarily because its was being sold on underground forums. Over the years it was used by many gangs to steal online banking credentials from consumers and businesses that were then used to empty their accounts.In 2011 the ZeuS source code was leaked online some time after its main developer stopped working on it and gave the code to others. This allowed other malware developers to easily modify ZeuS and create custom threats based on it, including Trojan programs like Citadel, Ice IX, ZeusVM and Gameover Zeus.


December 19, 2014 6:24:07 PM CET

VU#1680209: AppsGeyser generates Android applications that fail to properly validate SSL certificates – AppsGeyser generates applications that fail to properly validate SSL certificates.


December 19, 2014 6:02:00 PM CET

FBI concludes North Korea 'responsible' for Sony hack – North Korea was responsible for the devastating cyberattack on Sony Pictures, the U.S. Federal Bureau of Investigation said Friday after a two-week investigation.The attack on Sony occurred in late November and resulted in the theft of thousands of files that, after being leaked online, proved highly embarrassing for the company. Financial documents, legal and business agreements, confidential information on employees and, perhaps most embarrassing of all, the entire email boxes of several senior executives."The FBI now has enough information to conclude that the North Korean government is responsible for these actions," it said in a statement.The FBI said its conclusion was based in part on similarities between malware used in the Sony attack and that used in attacks attributed to North Korea in the past. It said the infrastructure used to launch the attacks shared a "significant overlap" with that directly linked with North Korea and that the tools used against Sony were similar to those used against South Korean TV stations and banks last year. Those attacks were suspected to be the work of North Korea."We are deeply concerned about the destructive nature of this attack on a private sector entity and the ordinary citizens who worked there," it said. "Though the FBI has seen a wide variety and increasing number of cyber intrusions, the destructive nature of this attack, coupled with its coercive nature, sets is apart."North Korea country had been a prime suspect in public opinion for several days, although Friday's announcement marks the first time the U.S. government has officially commented on the case. It's also one of the few times that it has publically accused any country of conducting a cyberattack.North Korea has previously denied involvement in the incident and it's unlikely to change that assertion. North Korea typically responds to such allegations through its official media channels in the days following the accusations.Martyn Williams covers mobile telecoms, Silicon Valley and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams@idg.com


December 19, 2014 5:30:00 PM CET

Three security-boosting steps to perform on every router – The computer industry has worked hard to make sure that a lot of the gadgets we use are mostly plug-and-play. In other words, you just fire up the device, login and you're ready to go--no configuration necessary. One device you should never consider "plug-and-play," however, is your home's network and wireless router.After the technician leaves your house there are a few important things everyone should do.Log in to your router and change the admin detailsThe first thing you should always do when you have a new router is log into its control panel. You want to do this so you understand where to change the Wi-Fi access password, change the type of security protocol your router is using, change the router name, et cetera. Most importantly, however, you need to login to your router so you can change the admin name and password.Alas, some routers won't let you change the admin user name, but changing the admin password is the crucial part. If you don't do this and a bad actor is able to get onto your home network, they can easily log in to your control panel and own your router using the device's default settings.You don't want that.If you don't know how to login to your router check the manual that came with it, ask your Internet service provider, or try to find a user manual for your model online.Use WPA2Now that you've logged in to your router, it's time to make sure you are using WPA2 (Wi-Fi Protected Access II) as the encryption standard for connecting to your router.Right now, WPA2 is considered the best way to secure your router connection. This standard works by encrypting all traffic between devices and the router, making it much harder for anyone to nab your data as it travels through the air.One thing you'll also want to do is make sure that Wi-Fi Protected Access (WPA) is disabled. This feature allows a weakness in your router that could be exploited by a determined attacker.Your router's encryption protocol settings are often found under the Security heading or something similar.Use an uncomfortably long passwordNow don't go too nuts with this one. I'm not suggesting you use a 100-character password or something like that, but a 20-30 character password with randomly generated letters, numbers, and special symbols (if allowed) is a pretty solid idea. The point is to make it as hard as possible for an attacker to figure out your password. One easy way to do that is to make this password a little longer than most passwords you use online.It does mean you should probably use a password manager to remember it, and the occasional need to log new devices onto the network can be a pain. But the extra effort pays off with a more secure password that keeps the bad guys off your network.Those are just three basic things, but once you're inside your router there's all kinds of other settings you could tweak such as changing the Wi-Fi broadcast channel, change the channel width, adjust your NAT settings, and configure port forwarding. PCWorld's guide to speeding up your router can point you in the right performance-boosting direction.


December 19, 2014 5:20:00 PM CET

Major Chinese smartphone manufacturer installed backdoor on up to 10 million devices – Coolpad, the world's sixth largest smartphone manufacturer, installed a back door that allows the company to install applications, send alerts, and monitor communications without user knowledge or approval.According to Palo Alto Networks, which discovered the security flaw, the "CoolReaper" backdoor has been found on 24 Coolpad phone models sold in China, adding up to over 10 million devices."The malware was deliberately pre-installed with the default operating system that comes with these phones," said Ryan Olson, intelligence director of Palo Alto Networks' Unit 42."This is the first time we've ever seen a manufacturer install a back door like this."Olson said that their security researchers were originally tipped off by user complaints on forums, and then discovered the backdoor built into the ROM in such a way that it would not show up for antivirus detection programs.To control access to this backdoor, Coolpad set up a Website that was actually accessible by the public."The functionality in that interface matched up exactly by CoolReaper, and it was on the open Internet, and it let anyone log into it," Olson said."The back door that they had created, maybe for what they thought was legitimate purposes, could have been in the hands of a bad guy."As of deadline, Coolpad's Asia-based spokespeople did not respond to requests for comment by CSO Online, and the company's US-based representatives could not be reached.However, the company told the Wall Street Journal that Google had notified it of the Palo Alto report, but denied that the download function amounted to a back door.According to Coolpad, the downloads were enabled by users and were designed to improve the user experience. Coolpad told Bloomberg it issued a software update, but the update was designed to address Android compatibility issues and were not related to illegal software or a "backdoor.""There are some capabilities that we expect manufacturers to have, like the ability to install over-the-air updates," said Olson."And Coolpad has a completely separate application for those updates. And we expect manufacturers to grab statistical data and diagnostic information about the phone -- not personal information, but how the phone is performing."But the CoolReaper application went far beyond, he said.For example, CoolReaper can be used to send notification to the smartphones. Normally, when users receive notifications, they can touch the notification an extra long time and see which application generated the notification, and turn off the notification if they wish. This "long press" function was disabled on CoolReaper notifications.Similarly the built-in API for installed applications was modified so that CoolReaper did not show up in the list of apps.CoolReaper can also see or delete SMS messages, send messages, delete user data, uninstall or disable applications, and even make phone calls to any number."This kind of complete control, hidden control, this is new," Olson said.So far, the CoolReaper application has only been found on Chinese versions of the Coolpad smartphones, he added."They're also selling in other parts of Asia and Europe," he said. "But they have different models in different regions."Olson added that it's never a good idea for a manufacturer to install a back door on a device."When you create a backdoor, you think it's only going to be used by you," he said. "But you've purposefully made the system less secure."


December 19, 2014 5:18:00 PM CET

Clean up your Wordpress plugins to avoid SoakSoak and other malware threats – Watch out for SoakSoak, a new malware threat that has compromised more than 100,000 Wordpress websites and led to more than 11,000 domains' being blacklisted by Google. Wordpress is a hugely popular and widely used Web publishing platform, so it's important to understand how the SoakSoak malware works, and what you can do to prevent your own Wordpress site from being compromised.Approximately one in six websites--or about 60 million worldwide--are hosted through Wordpress, so the damage could be, or may still get, much worse. In a blog post on Tripwire's State of Security, David Bisson explains that once a Wordpress site is infected, it may unexpectedly redirect users to the SoakSoak.ru domain, and/or download malicious files to the users' computers to further propagate the attack.The short answer to the question "What can I do to prevent my Wordpress site from being compromised?" is to make sure you keep Wordpress itself and any plugins you use up to date. You should also remove any plugins you aren't actually using. Attackers are apparently exploiting critical vulnerabilities in Wordpress plugins as an easier, stealthier way of spreading malware through Wordpress sites. Many plugins are not actively maintained by the developers, and not monitored by the users who have them installed, so they're an easy back door for compromising a website.Matt Johansen, senior manager of the Threat Research Center for WhiteHat Security, pointed out that this is just the latest in a string of serious vulnerabilities affecting Wordpress sites over the last few months, and that SoakSoak is just the latest malware to take advantage of one of these critical flaws to worm its way through Wordpress sites.Johansen cautions, "As is the case with many WordPress security events, the culprit is plugins which are inherently more insecure and harder to keep up to date as opposed to WordPress core. Users of WordPress should update to latest versions of all plugins used immediately in order to avoid this or other malware attacks."While the concept may seem new to average users publishing Wordpress sites, the idea of updating or removing add-ons or plugins is a proven security best practice. Security experts have long recommended that users keep all software and drivers updated, and network administrators know that it's best to avoid installing or enabling services that aren't going to be used, because they just expose the server to unnecessary risk.Vulnerable plugins is only one part of the problem. Robert Hansen, VP of WhiteHat Labs at WhiteHat Security, noted that allowing plugins to update automatically is another danger. "This shows not only that plugins are inherently more dangerous than WordPress core code, but also that the design of allowing code to update itself without any warning to the administrator is a common flaw in web-design."Just as attackers have compromised smaller, less secure third parties as a means of attacking larger victims like Target, malware developers know that it's much easier to discover and exploit vulnerabilities in third-party plugins. The fact that SoakSoak has been able to spread to more than 100,000 Wordpress sites is evidence of the risk you're exposing yourself to by leaving out of date or unused plugins active on your website.Hansen summed up, "Companies like WordPress.com and WPEngine.com do reduce the damage by quickly identifying and fixing the problems for the clients, but it's best to keep the fewest plugins possible installed."


Navigate through library of processes alphabeticaly by first letter: