Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

What programs should be in Task Manager?

Today’s article comes from a question I’ve been asked a couple of times recently, which was, “what should be showing (as running) when I open Task Manager?”

(A brief aside: this demonstrates a little something about human nature; what they were really asking me was, “how do I look at this list and detect something that should not be there?” They were concerned about malware [viruses and spyware], which was why they had opened Task Manager!)

Tip of the day: Understand and use the Task Manager.
Task Manager is the tool which shows what programs are running, which Users are running them, how much resources (CPU and RAM) the programs are using up, and is the place where you can terminate “Not responding” problem programs.

To open Task Manager and see what is going on on your PC, right-click on a blank area on your Task Bar and select (click) “Task Manager”; or give your machine the “three-fingered salute” — hit the Ctrl+Alt+Del keys. (Ctrl+Shift+Esc in Vista/Win7)

By default Task Manager opens to the Applications tab, which shows “foreground” programs that you’ve launched (these are the ‘big’ programs which will open windows, and appear as tabs on your Task Bar.. such as Word and IE). When you have a “frozen” program that will not close, let you type, or do anything else, open TM and select (click on) the program which says “Not responding” and then click the “End Task” button.

endtsk.JPG

A small window will open telling you that this program is not responding (yes.. I know. That’s why I opened TM..); click “End Now”. This attempts to force the misbehaving (“stuck”) program to close, and you can then re-open it and resume working… in essence rebooting the program.

To return to the original question, it must be understood that all the programs which are running are not listed on the Applications tab. There are ‘mini-programs’ (applets) and Services, and processes going on, in the “background”, at all times on your machine that are necessary for smooth functioning, but don’t demand any attention from the User (you) — such as the print spooler, or the automatic updating function of your antivirus. Microsoft calls these “processes” and you can see them listed on the Processes tab.
processes.JPG

The first time someone looks at this (typically), they are surprised by 1) how many things are listed, and 2) the words make no sense. On my little testbed machine, which only has a few programs installed, I have (at this moment) 38 processes running; on my Vista Swiss Army knife computer, which has many dozens of programs and games installed, I often have as many as 60 processes running. (Note: this list isn’t “fixed”, it changes as you open and close things.)
This brings us to the question: how can you look at that strange list and tell which one of those things is a keylogger or trojan horse or virus?

The short answer is, with practice and experience, you can learn to recognize the file names of the various applications and services and get a better understanding of the list, but… do you really want to? If you do, I suggest you Google the name exactly as it appears — this will tell you the program and what it does.
If you do not want to spend your time doing this learning, you can still look for some indications ofbackdoors“, whether your machine is being remotely monitored, and other malware, by simply checking the User column — the only names which should appear here are: your User Account (which may be “Administrator”), SYSTEM, LOCAL SERVICE, or NETWORK SERVICE. Anything else can be a good indicator that something’s not right.
Click on the User tab: you should only see yourself listed here.
user1.JPG

This is only a brief and incomplete primer on Task Manager, and on combating malware. I readily admit that. But it gives you an idea of where to start. Today’s free program link is a more informative and helpful version of Task Manager, that will translate those arcane-looking names into a more easy-to-understand format– which will help you identify things that shouldn’t be there.

Today’s free link: Security Task Manager. From site: “Security Task Manager displays detailed information about all running processes (applications, DLL’s, BHO’s and services). For each Windows process, it improves on Windows Task Manager, providing: file name and directory path, security risk rating, description,..”

[update: another free tool for analyzing your running services id the MBSA, to find out more on the Microsoft Baseline Security Analyzer, click here.]

Copyright 2007 © Tech Paul. All rights reserved.

Share this post :

September 27, 2007 - Posted by | advice, computers, how to, PC, security, Task Manager, tech, Vista, Windows, XP

22 Comments »

  1. Why do I see as many as 8 IEXPLORE.EXE in my Task Manager

    John Hart

    Comment by John Hart | July 10, 2008 | Reply

    • I had a virus and it allowed me to open iexplorer, but as soon as i closed it, it would just disappear but keep running in background. In order to identify this specific case

      1. open Taskmanager and count iexplorer running (8 in this case)
      2. open internet explorer twice and confirm no. of instances remain same (8) or increase to 10

      if it does increase,u r infected. close alll of them using TM

      Comment by Zak | July 6, 2012 | Reply

      • Zak,
        If you suspect your PC may be infected, and can open a web browser, I would recommend, as a first step, visiting an online virus scanner right away. My favorite of these is Housecall.

        (And if that page does not load, and other online scanners are ‘blocked’ too, then yes, you are infected and should start a full malware removal process [or, reinstall Windows] or contract a professional to do it for you [such as myself]. Today’s viruses are no joke. They’re military grade.)

        Comment by techpaul | July 7, 2012 | Reply

  2. Folks–
    Proper etiquette when posting questions on the Web is to include:
    1) Make/Model of your computer (Yes, some answers are brand-specific)
    2) OS (the answer for Windows ME and Windows Vista are different)
    3) Describe any protection programs you have installed (do you even have an antivirus? If not, you’re going to get a different answer..)

    Mr Hart–
    Without any of the information listed above, my first answer is that you have been infected with a downloader that is using IE in “hidden mode” to go out and download more malware onto your machine, visit various websites to artificially boost their visit count, and other bad things.
    (You really should see only iexplore.exe, and maybe ieuser.exe in Task Manager.. unless you have IE’s tabs behavior set to launch a new instance every time you click a link and a misconfigured browser plug-in.. http://techpaul.wordpress.com/2008/07/10/browser-tabs-quick-tip/)
    Depending on your “geek” proficiency level, to remove the malware you might try..
    1) hunting down suspicious entries in your Registry, and deleting keys and files, or
    2) Download Hijack This! http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis and post the result on a Hijack This! forum, and then follow the advice you receive from a experienced malware expert
    3) Use an online scanner to detect and remove the trojan.. such as Housecall, or Microscan.
    4) Take your machine to a real professional tech support/repair shop (not the big chains’ tech support dept, because all they’ll do is..)
    5) wipe your drive and install a fresh copy of Windows (aka “restoring factory defaults”)

    Of course.. it may be something different.. but with the info you gave me..

    Comment by techpaul | July 10, 2008 | Reply

  3. When I tried to download Security Task Manager on my computer, WinZip extractor popped up saying, “The required operation requires elevation.” What exactly does that mean? I’ve never seen this message before. Truthfully, I am using a copied version of WinZip which I downloaded via BitComet, if that helps.

    The computer I’m using is a Sony Vaio VGN-NR360D which is running Windows Vista. In addition to that, I use AVG Free Edition and Windows Defender to protect my computer.

    Comment by Maggan | September 17, 2008 | Reply

  4. Maggan–
    I am fairly certain there is no issue with WinZip, but that Vista is attempting to protect you.. and you need to tell Vista that you know what you’re doing and it’s OK to proceed… and that you have the “authority” to override the protection feature.
    This is done by invoking the “Run as Administrator” option.

    (Note, it easiest to do this if you click on “Save” and not “Run” or “Open” when downloading.. Save the download to your Desktop, and then execute it. You can trash the installer package after you’re done.)
    The steps for this are here, http://techpaul.wordpress.com/2007/11/03/tell-vista-you-are-an-administrator-repost/, but instead of doing it to the Command Prompt, you’ll be doing it to winzip.exe. Which you’ll find in Computer > Local Disk C:\ > Program Files > WinZip.

    Comment by techpaul | September 17, 2008 | Reply

  5. Yea… I’m having another issue, and it seems that this time, there’s no way to save this file. Also, I have neglected to give you some important information, I’m currently using Mozilla Firefox as my default browser so all downloads are kept in a neat little box labelled “Downloads” however, it won’t allow WinZip to open this file, for whatever reason.

    Comment by Maggan | September 18, 2008 | Reply

  6. I followed your advice and changed WinZip’s properties to “Run as Administrator”, but this did pretty much nothing when it comes to installing the file.

    Comment by Maggan | September 18, 2008 | Reply

  7. Maggan–
    Downloading files, unzipping files, and launching Setup.exe packages are three different issues, and I’m not exactly sure where your issue lies.
    If you went into C:\Program Files\WinZip and found winzip.exe and changed the Properties to Run as Administrator, that should solve your original question, so let’s look at downloading.
    Often the problem occurs when people elect to “Open” (or “Run”), and not “Save” when they first request the download. Return to the download page, and click the link, and Save the download to your desktop. When finished, double-click on the new icon, and extract/un-zip the folder to the Desktop.
    (When you select “Open”, the browser will be running the show, and when it’s on the Desktop, Windows will be running the show.
    If you are saying that once downloaded, you try to launch the .msi file, or setup.exe, it won’t execute.. try setting it to Run as Administrator.

    Other than that I’d have to watch what is happening, but I can suggest further — use IE to download the installer, and maybe uninstalling the bootleg WinZip (Windows can zip and un-zip natively).

    Comment by techpaul | September 18, 2008 | Reply

  8. Why do I have a 2 on my user ID??

    Comment by Keith | February 23, 2012 | Reply

    • Keith,
      I have to assume you are referring to the “Users” tab in Task Manager.

      Seeing a “2” in the ID column is generally OK (and routine) as long as your User account is the only one showing in the “User” column.

      For a bit more detailed answer, click here.

      Comment by techpaul | February 23, 2012 | Reply

  9. “foreground” programs that I have launched are not appearing under the “application tab” in task manager. How do I repair, thus not allowing me to “end a task”. How do I repair this dilemma?

    Comment by Alfredo | October 27, 2012 | Reply

    • Alfredo,
      The only times I have ever seen that, was on “bootleg” copies of Windows (illegal), so the fix was to re-Install a legal copy of Windows. I hope that doesn’t apply to you. You did not tell me which version you are using either.

      The ‘workaround’ is to go to the “processes” tab, and find the application there, and “End task”.

      You might fix it by running sfc /scannow from an elevated command prompt.

      Also, if you have turned off (disabled) some Services recently, try turning them on again.

      Comment by techpaul | October 27, 2012 | Reply

      • I can confirm that I am not using an illegal copy of Windows. I purchased my laptop from Dell, and it came with Windows Vista Home Premium. Up to a couple of days ago, the programs running would appear under the “Application Tab”, then all of a sudden it stopped displaying anything. I will be trying your recommended fix.

        Many thanks for the suggestion.

        Comment by Alfredo | October 27, 2012 | Reply

        • Alfredo,
          I do hope that clears up the glitch!

          Comment by techpaul | October 27, 2012 | Reply

          • Hello Techpaul, I am still having the same problem as previously described. Was not able to effect running sfc /scannow command. Being the only user/administrator of my laptop, I do not understand why the system is telling me that I do not have System Administrator privilege…. Further suggestions?

            Comment by Alfredo | October 31, 2012 | Reply

            • Alfredo,
              If I am understanding you correctly, the short answer is, that’s just how Vista/Win7/Win8 are. The solution is to open an “elevated” command prompt.
              http://blogs.msdn.com/b/tims/archive/2006/11/02/windows-vista-secret-10-open-an-elevated-command-prompt-in-six-keystrokes.aspx

              I create an icon on my Desktop, as it comes up often enough..
              http://techpaul.wordpress.com/2007/09/14/quick-tipovercome-access-denied-in-vistas-command-prompt/

              Comment by techpaul | October 31, 2012 | Reply

              • Good Morning Techpaul, thank you very much for the instructions re access-denied-in-vistas-command-prompt. The recommendation was very helpful. I was able to run the sfc /scannow command, and then rebooted the system. However, foreground running are still not appearing in the application tab of windows task manager. Any other suggestions?

                Comment by Alfredo | November 1, 2012 | Reply

                • Alfredo,
                  Well, you have a range of options.. from living with it (do nothing) on the one end, to reinstalling Windows (a full ‘refresh’) on the other.
                  * You might try using System Restore to go back to a point before the Task Manager changed..
                  and/or undo any changes you made around that time.
                  * You might also try searching Vista User Forums for a solution (it may be a value in a Registry key..)
                  * You might create a new User, and see if the Task Manager behaves normally in it.
                  * restore your most recent system backup (if you made one).

                  Comment by techpaul | November 1, 2012 | Reply

                  • Good afternoon Techpaul. Many thanks for the very valuable suggestions. Will move forward with your suggestions. Have a great afternoon.

                    Comment by Alfredo | November 1, 2012 | Reply

  10. Why does the blue circle keep going around, it is driving me mad

    Comment by Glo | March 19, 2013 | Reply

    • Glo,
      Seriously? I thought every Windows PC user was familiar with the ‘blue circle’. It means your computer is “thinking”. Or more accurately, ‘trying to process‘ (your requests).

      The blue spinning circle usually goes away fairly quickly, but if it stays around long enough to make you crazy, you might try googling the following term, “ending programs with Task Manager”, and reading. (Basically, select the “Not responding” program, and click “End task”.)

      And if it really is showing a lot, and staying visible for long periods — it could be a symptom of a real problem, and you’ll want to have a technician look at your machine.

      Comment by techpaul | March 19, 2013 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 235 other followers

%d bloggers like this: