Strange Processes(Worms/Trojans) in Task Manager Windows

[rose tamang]

Hi, All,

kn u explain what are these process in my system's Task Manager windows.
Is there any virus dwelling in my system?
Please provide me solutions to wipe them away. I've installed e-scan trial version that was offered in one of the Digit DVD.

1. SPOOLER.EXE
2. MAILDISP.EXE
3. ctfmon.exe
4. TRAYICOS.EXE
5. igfxpers.exe
6. wscntfy.exe
7. alg.exe
8. CONSCTL.EXE
9. MWASER.EXE
10. TRAYSSER.EXE
11. econceal.exe
12. econser.exe
13. spoolsv.exe
14. lass.exe
15. csrss.exe
16. smss.exe
17. wuauclt.exe
18. System

 

[Krow]

System should be only one. otherwise looks fine.

 

[comp@ddict]

It's all okay.

If u are still unxure. Format ur HDD>

Even then if u are not sure, dip it in the Holy Ganges.

 

[abhijangda]

everything is fine friend.
no need to worry
also update ur anti virus regularly

 

[rhitwick]

please use processlibrary.com and threatexpert.com for such queries.
U'll get more specific answers.

 

[krishnandu.sarkar]

Out of these processes no1 is virus

 

[rose tamang]

What sort of virus is spooler.exe?

What is it up to?

How to get rid of it?

Can we removed it manually?

How?

rose

 

[Cool G5]

Spooler.exe isn't a virus. Its the printer spool service running.

 

[Amir.php]

According to the Processlibrary.com spooler,exe is a worm(WIN32.RBOT Worm).

 

[rose tamang]

FYI,

I haven't installed any printer.

rose

 

[Cool G5]

Even though printer might not be installed but the service may be started.

 

[RaghuKL]

the printer rpc server is named as spoolsv.exe (not spooler.exe). Further Reading.

Use either of hijackthis , kill box, Autoruns can be used to check the successful removal of the file.

 

[Cool G5]

Sorry, I misunderstood it.

 

[rose tamang]

What's a handy solution for this?
I've installed e-scan that was available in the Digit DVD. And if it's confirmed to be a virus then the anti virus didn't detect it.

Any other idea?

rose

 

[fieldgunner]

Try an online scan...

Are there any suspicious files or only the process? enable 'view hidden files' in folder options and see.

 

[Disc_Junkie]

Try using Comodo Internet Security or Zone Alarm to scan and block the suspicious processes. I would personally recommend using Comodo as Zone Alarm is a memory hog. You can also try anti malwares such as Trojan Remover...

 

[RaghuKL]

First try killing the process by using the task manager. then delete the file (usuallyy located at %windir%\system32 or %windir%). Arrange files by modified to help easy location of file. remove the autorun entry using the autoruns. If the file is locked up or undeletable use killbox to delete file. It will try deleting the file, if not possible, will delete it at reboot.

Also check for the following files.

%System%\Cnfgldr.exe
%System%\cthelp.exe
%System%\Sysmon16.exe
%System%\Sys3f2.exe
%System%\Syscfg32.exe
%System%\Mssql.exe
%System%\Aim95.exe
%System%\Svchosts.exe
%System%\FB_PNU.EXE
%System%\Cmd32.exe
%System%\Sys32.exe
%System%\Explorer.exe
%System%\IEXPL0RE.EXE
%System%\iexplore.exe
%System%\sock32.exe
%System%\MSTasks.exe
%System%\service.exe
%System%\Regrun.exe
%System%\ipcl32.exe
%System%\syswin32.exe
%System%\CMagesta.exe
%System%\YahooMsgr.exe
%System%\vcvw.exe
%System%\spooler.exe
%System%\MSsrvs32.exe
%System%\svhost.exe
%System%\winupdate32.exe
%System%\quicktimeprom.exe
if they are present ,delete those too.

Always be on the watchout for misspelled files in system , system32 and windows folders. (now, How can i know the original filenames for differentiating?
Simple, after installation of Windows .generate a file list using dir /b /s at root drive i.e c:\ or d:\ etc. and redirect output to a file. sample: c:\dir /b /s >>filelist.txt)

 

[rose tamang]

Thanks everyone for your help!!

 

[Aspire]

Hi, All,

kn u explain what are these process in my system's Task Manager windows.
Is there any virus dwelling in my system?
Please provide me solutions to wipe them away. I've installed e-scan trial version that was offered in one of the Digit DVD.

1. SPOOLER.EXE
2. MAILDISP.EXE
3. ctfmon.exe
4. TRAYICOS.EXE
5. igfxpers.exe
6. wscntfy.exe
7. alg.exe
8. CONSCTL.EXE
9. MWASER.EXE
10. TRAYSSER.EXE
11. econceal.exe
12. econser.exe
13. spoolsv.exe
14. lass.exe
15. csrss.exe
16. smss.exe
17. wuauclt.exe
18. System

They're normal


spooler.exe =>The process spooler belongs to the software eScan Internet Security for by MicroWorld Technologies Inc.

Description: spooler.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 277506 bytes (50% of all occurrence), 93887 bytes.
The process has no file description. Program is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run). File spooler.exe is not a Windows system file. Therefore the technical security rating is 34% dangerous, however also read the users reviews.