CrowdInspect : Detect Active Malware on Your PC

CrowdInspect is a freeware tool developed by the CrowdStrike security experts team. This  small tool aims to detect the active malware that has been accessing network on your Windows computer. It analyzes any programs or services trying to connect through the TCP or UDP protocols with the help of different online services like VirusTotal, Team Cymru’s Malware Hash Registry (MHR) and Web of Trust (WoT). Using CrowdInspect you can easily identify an active malicious program that is connecting to the internet. Malware that rely on active internet connection like botnets, trojans, rogue antivirus etc., can easily be detected with the help of CrowdInspect.

You can get the CrowdInspect from the CrowdStrike website. The download is a very small portable application of less than 300KB in size. The same application can be run on both the 32-bit and 64-bit editions of Windows.

As you launch the CrowdInspect program, it starts to analyze all the programs and services that have an open network port. The GUI is in a list view format. All the programs with active network connection are displayed along with their PID (process ID), code injection possibility, VirusTotal result, MHR result, and WoT results. The connection type (TCP or UDP), connection state, local and remote ports and IP addresses are also displayed.

The Inject column displayed the code injection possibility for that program which can be related to malware activity but not always. The VT, MHR and WoT results can indicate whether the running program is flagged malicious on these online databases. The WoT results are for the remote domain name that program is accessing and could be attack site. The VT, MHR and WoT columns show green circle for safe programs, yellow circle for possibility of malicious program or domain and red circle for confirmed malware activity.


If you see some malware activity for a program or service, then you can right-click on choose to end that process, close the connection or view the application properties. You can also view the VirusTotal results from the right-click context menu for a program. This opens a small window listing the results from 10 different anti-virus engines. For some reason, it does not display the results from all the 40+ antivirus engines supported by VirusTotal.


The CrowdInspect program can only indicate the possibility of malware infection on your Windows PC. It can terminate the malicious processes but it cannot disinfect or remove the malware from your PC. If CrowdInspect shows malicious activity on your PC, then you should install a standard antivirus program like avast! on your system, update it and run a full system scan. You can also choose to scan your system with the free ESET Online Scanner that can detect and remove malware from your PC.

Conclusion: CrowdInspect makes use of the various online services like VirusTotal, Team Cymru’s malware hash registry and Web of Trust, in order to detect malicious activity on your PC. It offers to terminate the malicious processes but cannot disinfect your system on its own.

You can download CrowdInspect from