Unloaded Module Viewer

Malware agents have a nasty way of concealing themselves within running processes in the hope of flying under the radar while they can perform unauthorized actions on your computer.

If you suspect this has happened to your PC, you can use Unloaded Module Viewer to monitor currently active processes, unload and analyze their PE modules. This way, you can catch malware activity in the act and take appropriate measures to eliminate the intrusion.

Unloaded Module Viewer is a fairly straightforward and easy-to-use app, best used in the hands of security specialists. Examples of PE modules are .dll, .cpl and .exe.

Both installer and portable editions are available and can be downloaded from this page. The main difference is that the portable version can be saved to a USB flash drive and quickly launched on any workstation to inspect process modules, without having to perform an installation.

There's only one window put at your disposal, and all active processes are autodetected and listed there at program startup. You can check out the name, ID and full file path of each process, then simply click an entry to view all its dynamically unloaded modules on the bottom part of the window.

Module properties include sequence, image, base, size, timedate stamp and checksum. These details can be copied to the clipboard as well as saved to a .log-formatted file anywhere on the disk. The full file path and ID of the corresponding process is included in the file, so there shouldn't be any confusion.

Taking everything into account, Unloaded Module Viewer is a nifty little tool that can make the difference between a clean and a malware-infected computer. It worked smoothly on the latest Windows edition in our tests.