I have had a SSM pop up saying that I had hidden processes running on my computer. It has happened several times. What is SSM trying to tell me? How can I find out what the processes are? I have posted on the SSM forum but haven't had any answers. Thank you.

This is what Syssafety says on their site:
--
"Rootkit is a technique/tool to hide processes, files, registry keys other system objects from the system and third-party monitoring or scanning tools. Once a Trojan program or some other malware is hidden it can freely do bad things, like personal data stealing or system corruption staying invisible for users. SSM has a new Rootkit detection feature which allows revealing hidden processes for most known Rootkit techniques. NOTE: right now SSM Rootkit detector scope is limited by hidden processes only."
--
That's not to say that you're infected, but it's possible. I use SSM-free, but I think in the paid version you can also open the log (Options-tab-> under Log click the "View"-button). Maybe it makes things a bit clearer.

I checked the logs and couldn't find anything. I don't really feel that it is infected. I just feel there should be a way to find out what SSM is talking about.

-{ Quote: "I just feel there should be a way to find out what SSM is talking about." }-
Try these:

http://www.gmer.net/

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

Note that NOT all that's found/hidden is malware!

The hidden processes are shaded in red. I get those warning occasionally on log in. But once the system is logged in they are gone. I've checked my system thoroughly, so I assume it's something that when starting up appears hidden.

Pete

Thanks for the replies. As far as Root Kits ,I have Unhackme and ran it. I tried gmer once and couldn't get my head around it. Pete I think you are probably right. I have noticed that when I get the pop up if I go to learning mode then stop learning mode ,it will tell me that there is things that could be removed . After I ok it I don't get the Hidden Processes pop up.

-{ Quote: "Thanks for the replies. As far as Root Kits ,I have Unhackme and ran it. I tried gmer once and couldn't get my head around it. Pete I think you are probably right. I have noticed that when I get the pop up if I go to learning mode then stop learning mode ,it will tell me that there is things that could be removed . After I ok it I don't get the Hidden Processes pop up." }-

Hi William

That pop up about things being removed is some what different. I always answer that no. The reason I get it is I will plug in a USB mobile drive, and then I run an unlocking program. Once the drive is removed that process is hanging out there in SSM. By not removing it, it is there for the next time I plug in the drive.

Pete

Thanks Pete. From what you said it won't hurt to remove them. Correct? Have you ever tried gmer. I'm trying it again. I am pretty sure that I don't have a problem but I would like to be able to know how gmer is used. Can't find any info.

-{ Quote: "I would like to be able to know how gmer is used. Can't find any info." }-

http://www.gmer.net/faq.php

Thanks Get . I have read that, but it doesn't provide a lot of information.

If you really think there is a rootkit and want to do some checking

For gmer:
http://spyware-free.us/2006/07/gmer_07.html
That may help; abit old now

Go here for lots of useful info re how to
In particular there is a thread about how to use Icesword.
http://www.castlecops.com/f233-Rootkit_Revelations.html

Lots of stuff here:
http://www.antirootkit.com/index.htm
check the forums

Regards