Error message dialog boxes usually have title bar text containing the application or process name that generated the error. However, you may sometimes encounter a pop-up window with no text in the title bar, making you guess which program has caused the error.
Let’s say 100+ processes are showing up in the Task Manager. Terminating each one at a time to narrow down the process is cumbersome. To track down the respective app easily, use Process Explorer. Use Process Explorer’s “Find Windows’ Process” button (with the crosshair icon) to know a currently open window’s process name.
Find Which Program Owns a Window or Dialog
Using Process Explorer – “Find Windows’ Process” button
- Download Process Explorer and run it as administrator. If Process Explorer is already running unelevated, elevate it by clicking on the File menu and then click “Show Details for All Processes“. This relaunches the program as administrator.
- Restore down the Process Explorer window size. Or keep the error message window and Process Explorer side by side.
- Drag the Window finder (crosshair icon) button in the toolbar area and drop it on the target window — i.e., the error message dialog or the application window you want to track.
Process Explorer will select the corresponding Process name in the list.
- Double-click it and look at the “Image” tab to learn more about that process.
Check VirusTotal.com if suspicious
If the executable file name is suspicious, you can submit the hashes to VirusTotal.com (VT) using the “Check VirusTotal.com” context menu for that process.
Right-click on the offending process and click “Check VirusTotal.com”.
Enable the VirusTotal column if it’s not already enabled. You’ll see the hyperlink to the VT results, as in the screenshot below.
Clicking on the hyperlink leads you to the VirusTotal analysis page which contains details about the binary — Here’s a sample link.
(1/70) in the above example means 1 scanner (out of the total 70 scanners) has classified the executable as malware. FYI, 1/70 is usually a false-positive, but please exercise caution anyway.
Now you know which application had raised that error message.
You can also use Window Inspector and Spy++ to track the application that created the window or dialog.
One small request: If you liked this post, please share this?
One "tiny" share from you would seriously help a lot with the growth of this blog. Some great suggestions:- Pin it!
- Share it to your favorite blog + Facebook, Reddit
- Tweet it!
Oh, yeah. The lovely Process Explorer, of course. This freeware system program is certainly #1 in its class.
By the way, Process Explorer is not the only program that can do it. Spy++, a component of Visual C++ can also do this.
This will be very practical, especially for computer repair technicians.
Oh my god. Ive been using process explorer for years, but never knew this. Ive been so annoyed with error windows that I have no idea where come from. Thanks to you (and google).
This is some new info for me! Real helpful.
If the error message is visible in the task bar, you should also be able to go into Task Manager (ctrl+alt+del) and find it listed under the “Applications” tab, then right-click on its entry and hit “Go to Process” and it will tell you the name of the EXE that’s running.
Unfortunately, Windows versions earlier than 6 (Vista) don’t have the option of showing the full path or command line to the process… If you have Vista or later though it comes in handy once in a while.
Thank you, thank you, thank you! I had a dialog box that kept raising itself but even a Google search couldn’t determine which application it was.
Thank you. This helped me out. I had a window pop up announcing an error from and unknown source. I was concerned that it was evil. However, it was from a Samsung utility. Not friendly of Samsung.