When you run your PC, even if you have not started any applications, some executable (.exe) files will still run in the memory. These files run different processes that are required for your PC to run properly. Have you ever wondered from where a particularly EXE file is being run? The answer of this would be that an exe file runs from its actual location in the PC, i.e., from the folder where it is stored.

Let us suppose that there is a file named csrss.exe running on your computer. There is a legitimate system file in this name, a file that is stored in the System32 folder within your Windows® directory. However, only one instance of this file should run at a given time. If you have multiple instances of csrss.exe running on your PC, then chances are that one of the two files is a virus. However, the Windows® Task Manager will never show you the location of a file. You can find out whether the file is the legitimate one by applying a technique.

You can search for the file using standard Windows® Search, with the attributes for searching system files and hidden files checked. However, the problem with this is, if the file is a virus, the creator probably made it unsearchable anyway. So, what to do? Enter Process Explorer.

Process Explorer is a freely available tool that can best be described as a heavily bumped up version of the Windows® Task Manager. The utility allows you to see exactly where a process is being run from. Simply start the utility, and hover your mouse button over the process you want to view. You can also right-click the name of a process in the left panel, and select Properties from the pop up menu. This will help you to see the location from where a particular file is being run.