Say I have process explorer showing me that I have an app called EvilAppsRUs.exe running.
I kill it, but it just starts up again. I have checked to make sure it does not have a service (by right clicking->Properties on it in Process Explorer).
So, I am fairly sure there is another process out there (maybe called something benign like DisplayDriver.exe) that is starting (and restarting) EvilAppsRUs.exe.
How can I find out what the name of the process that is restarting the evil process is?
Best Answer
On Windows, Using
process monitormay help you. There, the Process tree tool shows relationship between processesYou can give it a quick try In the Official Page ..
A very usefull real time. Process Monitor...
Hope it helps you