Skip main navigation

System processes/services

Article detailing the mechanisms of malware persistence by use of running processes or services.
© PA Knowledge Ltd | 7Safe Training

System processes/services

Running processes or services can also execute programs or load files as part of their function. This can therefore load files containing malicious code.

Additional information…

Complex malware may well have a minder program or service running monitoring it. Should the malware process be terminated, the minder process or service will restart the malware to maintain the infection.

One example is the Dark Comet remote access Trojan (RAT). This malware has a minder program running which will restart the malware in the event it’s process is unexpectedly terminated whilst the computer is running. Information about Dark Comet is readily available on the World Wide Web.

Dark Comet Graphic

© PA Knowledge Ltd | 7Safe Training
This article is from the free online

Introduction to Digital Forensics: Malware Analysis and Investigations

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education