Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

What program is displaying this window?

There’s a window on my screen, and I can’t tell what program it’s from. Is there a way?


And it’s useful about 80% of the time.

I’ll show you how, and explain why getting the answer isn’t always helpful.

Become a Patron of Ask Leo! and go ad-free!

Process Explorer

The utility we’ll use is Microsoft’s free Process Explorer. Download, unzip, and run that.

It’s a utility I use so often, I have a shortcut to it on every Windows machine I run.

Once running, what I’ll call a “sonar” or “target” icon appears in its menu bar.

Target icon

Right-click and hold on that icon.

Now drag and drop that icon on top of the window whose owner you’re trying to identify.

Process Explorer will highlight the process that owns that window in its list of running processes.

Highlighted Process

That’s all it takes to determine what program running on your computer is responsible for displaying the window you’re interested in.


Process Explorer Target Demo

Click for larger version.

Not always helpful

For many running programs, Process Explorer will tell you exactly what you need to know. Admittedly, most programs are supposed to identify themselves in their title bars, so you shouldn’t need to jump through this hoop, but not all are obvious.

The problem is when you drop the target onto a window or message box, and Process Explorer highlights svchost.exe.

Service Host

As we’ve discussed before, svchost.exe, or “Service Host”, is a general purpose program Windows uses internally to run any number of different (and possibly unrelated) services. That a message might be displayed by svchost.exe is interesting, perhaps, but it doesn’t tell you which service actually caused that message to appear.

Knowing that it’s svchost, and using Process Explorer to at least identify the services that are being provided, might be enough of a clue. If not, then the next step would be to search the internet for any identifying text in the message or window that you’re trying to identify, along with the keyword “svchost”.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio


11 comments on “What program is displaying this window?”

  1. Hello,I have a friend that gets a strange(to me anyway) message.when she goes to certain websites the message starts saying ” if you are hearing this message your machine has been compromised with malware and a laundry list of other then says please call this number(provided) to fix the problem.we called and it is a sales pitch to drop $120 to let someone access and ”fix” the machine.I don’t think so!not on my watch anyway.question is how do I get rid of this annoyance for her?she has MSE and Malwarebytes as well as Ccleaner.I suspect it could be a startup program but I admit I could be wrong.
    is there any help out there available so when next I go there Perhaps I can rid her machine of this con?
    Thanks ahead of time.

    • That’s a very common scam. If it happens occasionally, that can simply be a deceptive add on that website. Websites often don’t have much control over who advertises on their pages. If it happens regularly, then I’d suspect “foistware”, a form of adware or other malware that usually gets onto your system when you install some other software (though it can happen in other ways as well).

      To remove it I’ll start you here:

      • I was by her place and computer just yesterday when it happened again,IF I knew what to look for in programs it might be helpful as stated she has both MBAM and Ccleaner.I put revo on too so if I find or know what I’m looking for I can actually remove every bit of it. been using revo for years. pup’s I’m familiar with foistware no so much.I know to uncheck things but wonder if she does since I am the only one she will let touch her machine. she just uses email and often I suspect Facebook,I told her never click anything on it and doubt she has or will. so basically back to square one unless Leo does answer and yes I have used his search in upper right but to no avail.process explorer if I could find it does not seem an option unless I know what to look for. : (

        • You could go through the trouble of blocking the site or root of the URL but it’s going to probably be phony, come up from multiple angles and you won’t know where exactly without some hard thinking or knowledge of how it works. Sometimes you can duplicate the exploit by going through the browsing list and you’ll find the trigger, sometimes you won’t. Can you either train your virus/malware scanner to recognized this type of exploit, are there updates that might cover the problem? Do you know how to submit it to the company that made it?

          The problem is going to be that some fairly legitimate sites could be inadvertently hosting bad code and not know it and some of these exploits are stored in the cache so just clearing it regularly helps and when you see these things take over you will need to shut them down (even though it will probably mean that IE with close and restart, leaving you to reopen some sites.

          But no, you have no virus to fix, never call that number or click and they’ll practically get you to give them remote control of your computer and maybe extort you for the full use of your computer.

          The GOOD part of this is that Task Manager will open up most of the time and you can close the offenders down in your running processes. the bad part is that you may just lose valuable date you were using. You can probably live with that somewhat. They may call then DRIVE-BY exploits but you will find them saved to your cache. If you know that going to a certain site seems to trigger the attacks, let the site owner/administrator know about it. If they don’t find it on their server it could be sneaking in with ads or a specific feature.

          REPORT the issue to admin(s) and if it recurs, what triggered can help if you see the need. For now they are just messages that lock the browser up..

          • ah ha Thanks Steve ,task manager! or better put the one that got away.I’ll check into the next time there. and look up adw cleaner too to see what’s up there.

          • Have you tried formating, reinstalling apps and restoring files?
            When i find something that even remotely smells like malware, if i can’t fix it with basic tools in a couple of hours, i’ve found that’s ussually the fastest, easyiest and most effctive solution… unless you don’t have a backup.
            And stop going to that same website… no matter what av you have

  2. The animation used in this article is very good. It clearly shows what one has to do and what should happen.
    What tool did you use to create the animation?

    • In my case: quicktime to capture the video, and then finalcut pro to generate the gif. I believe the same can be done on Windows using Camtasia.

  3. and for the record I have no idea if MSE has the option to scan for exploints. I wish it gave up a URL so I could hunt it down. MBAM comes up empty as is just plain screwy.

  4. Barcillo question: Have you tried formating, reinstalling apps and restoring files? in a word NO as that would mean her losing ALL her,email, et. al and she does and has not backed anything up but will give task manager and maybe adw a shot.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.