List Windows XP Running Process And ProcessID in VBScript

One of my reason why I hate Windows XP is because it is prone to virus. However, I can't escape from using it because there are instruments which I use that can only communicate with it's own proprietary windows program.


Love it or not, I still need these proprietary programs to run in the windows box on site because they don't have linux version of it nor even going to have it.


Leaving the windows box like that. I believe in some way, it will get infected when some user access the box to grab some data with their infected USB drive or there is virus in the network. It simply happened last two weeks on the site box where this virus prevent me to open the Windows Task Manager to show what process is running in the box.


Thanks to VBScript which allows me to view the running process and investigate.



So, after getting frustated and cursing the virus prone OS for some time, I just open Notepad program and begin writing this script:


'==========================================================='
' showproc.vbs
' Author: M. Fauzilkamil Zainuddin http://coderstalk.blogspot.com
' October 2009
'==========================================================='


Option Explicit

Dim oProc, oWMIServ, colProc
Dim strPC, strList
Dim StrSpace

strPC = "."

Set oWMIServ = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strPC & "\root\cimv2")

Set colProc = oWMIServ.ExecQuery("Select * from Win32_Process")

strSpace = string(20," ")
strList = "ProcName" & strSpace & vbTab & "ProcID" & vbCrLf & string(45,"-")

For Each oProc In colProc
strSpace = string(28 - len(oProc.Name)," ")
strList = strList & vbCrLf & oProc.Name & strSpace & vbTab & oProc.ProcessId
Next

WScript.Echo strList
WScript.Quit


And then, I can see the suspicious process. They can't hide from me anymore. I can even kill the process by simply adding if statement which check for the suspicious process Name or ProcessID in specific and kill it. Here's a snippet to terminate specific ProcessID:

' just add this code below 'WScript.Echo strList'
For Each oProc In colProc
' the 3008 is the ProcessID that I want to kill.
' your process id may be different

If oProc.ProcessID = 3008 Then
oProc.Terminate()
End If
Next

That's all for now. Happy coding!!

Comments

Dan said…
Hi!

That's quite smart! There are some proper fixes in the Windows registry though that you can make to get your real task manager back. Try a quick Google search. I had to do it a few weeks back on a friends computer and it worked out fine.

Nice hack though ;)

Popular posts from this blog

How to Create Hyperlink on Blogger Post

How to Add a Sudo User on AlmaLinux 9.2 (Turquoise Kodkod): A Step-by-Step Guide

How to Check AlmaLinux Version on the Command Line: A Quick Guide