One of the oldest and very clever tricks used by the malicious software is to inject their code in legitimate processes running in Windows. For example, a malware can inject the malicious code inside the “explorer.exe” to infect all the files that you open. When you check the processes running in your PC through the Task Manager, you will not find anything suspicious. This is why a simple cursory observation of the running processes is not enough to find some of the generic malware. In order to find these malware, you can use the PhrozenSoft RunPE Detector.
RunPE Detector relies on the differences between the original PE header of the legitimate process and that of the hijacked process. By finding the differences in the PE header, it can tell you which of the processes are being hijacked. In the RunPE Detector, you can click on the Run Scan button to run a scan of all the processes and find the possible hijacked processes.
You can also select one of the processes and click on the PE Control Selected to see the differences in all the PE control values of the selected process loaded in the memory and the original program file on the disk. Any different values are displayed in the red color.
RunPE Detector is a simple tool to check the possible hijacked processes using the code injection method. It is meant for the advanced users, but if it tells you about any suspicious files, then it is time that you install a security software like avast! antivirus or Bitdefender Antivirus.
You can download PhrozenSoft RunPe Detector from https://www.phrozensoft.com/.