Find what process started another process

5

1

Say I have process explorer showing me that I have an app called EvilAppsRUs.exe running.

I kill it, but it just starts up again. I have checked to make sure it does not have a service (by right clicking->Properties on it in Process Explorer).

So, I am fairly sure there is another process out there (maybe called something benign like DisplayDriver.exe) that is starting (and restarting) EvilAppsRUs.exe.

How can I find out what the name of the process that is restarting the evil process is?

Vaccano

Posted 2013-01-24T17:25:41.573

Reputation: 5 977

2

Try this SO question: http://stackoverflow.com/questions/7486717/finding-parent-process-id-on-windows

– Zac B – 2013-01-24T17:58:28.677

have you tried process monitor it's an utility that show in detail everything in relation with process, something like ps auxf in linux, if you try and it works please tell me to post this as an answer! – poz2k4444 – 2013-01-24T18:36:28.263

Answers

3

On Windows, Using process monitor may help you. There, the Process tree tool shows relationship between processes

You can give it a quick try In the Official Page ..

A very usefull real time. Process Monitor...

Hope it helps you

AAlvz

Posted 2013-01-24T17:25:41.573

Reputation: 649

1Turns out Process Explorer has it as well. It is on the "Image" page of the properties of the process. – Vaccano – 2013-01-25T17:23:52.767

Asked: 2013-01-24T17:25:41.573

Viewed: 5 965 times

Active: 2013-01-24T19:10:10.817