NoVirusThanks Process Lister Portable is a free, advanced task management utility for Windows designed to view, analyze, and manipulate active system processes. Developed by the Italian cybersecurity firm NoVirusThanks, it acts as a lightweight, portable alternative to the default Windows Task Manager, tailored specifically for system administrators, power users, and malware analysts. Critical Overview & Review
The utility stands out for its high forensic utility but compromises heavily on user interface fluidness. The Pros (Strengths)
High Information Density: The tool extracts and displays details the native Windows Task Manager hides. This includes the process ID (PID), exact command lines, integrity levels, parent processes, file descriptions, digital signers, and user domains.
No Installation Required: As a portable application, it leaves no traces in the Windows Registry. You can run it directly from a USB flash drive on compromised endpoints.
Advanced Controls: Beyond basic process termination, it lets you traverse handle tables, enumerate loaded modules, inject custom modules, suspend/resume processes, and execute memory dumps.
Malware Hunting Utility: Features like “Terminate and delete on reboot” and file hash viewing make it useful for identifying and neutralizing persistent malware. The Cons (Limitations)
Cluttered Interface: The application lists full file paths by default, causing a crowded display that can cut off actual executable names.
Poor Navigation Quality: Early legacy versions lacked the ability to click column headers to sort, hide, or reorder data columns.
No Process Trees: Unlike competitor tools like Sysinternals Process Explorer, it does not naturally organize processes into parent-child visual trees. Step-by-Step Practical Guide 1. Launching the Tool
Because the tool relies on accessing deep kernel-level resources to pull handle tables and handle injection, you must run it with elevated permissions.
Download the executable file from a trusted software repository or the official NoVirusThanks Website.
Right-click ProcessLister.exe (or the portable variant package). Select Run as Administrator. 2. Analyzing a Process
Look through the main dashboard. Columns like Command-Line and Parent PID show exactly what triggered a specific file to open.
Pay close attention to the Signer column. Legitimately signed software lists its vendor, while unsigned executables masquerading as system files will appear blank. 3. Handling Unresponsive or Malicious Apps
Right-click on the target process line to reveal the action menu.
To halt a process without losing its state: Select Suspend. (Use Resume to reactivate it).
For persistent threats: Select Terminate and Delete on Reboot. This flags the Windows file system to erase the file before its startup routine can fire up during the next boot cycle. 4. Forensic Investigation
Right-click the process and choose Dump Process Memory. This exports the process’s RAM allocation into a .dmp file, allowing you to extract hardcoded strings, hidden URLs, or keys using a text editor.
Select View Modules or View Handles to map exactly what files, directories, and registry hives that specific process is actively locking or modifying. Verdict: How it Compares
If you need a quick, no-install tool to grab a memory dump or force-kill an aggressive piece of software on a client’s computer, NoVirusThanks Process Lister Portable does the job efficiently. However, if you are looking for long-term daily system monitoring with clean sorting and process tree grouping, Sysinternals Process Explorer remains the superior choice.
Are you planning to use this software for malware analysis, or are you just troubleshooting an unresponsive system? Let me know, and I can provide advanced steps on tracking down hidden registry or process behaviors!
Leave a Reply