Solve : Process ImageWin3.exe?

1.	Solve : Process ImageWin3.exe?
Answer» I'm using WinXP SP2, and this process is running at 50-51% constantly. It's ImageWin3.exe, and I don't want to terminate it if it's supposed to be running, but some of my other applications aren't working correctly. Does anyone know what imagewin3.exe is or what software uses it? It doesn't come up on Google. Thanks!It SOUNDS like a part of many scanning/imaging/OCR applications. It may be legitimate or it may be infected, that is, you may have a trojan. 50-51% cpu usage is suspicious. You could have got it by visiting a malicious website, or by installing dubious software. Nothing came up when I Googled for imagewin3.exe, but when I chopped off the figure 3 I found this... Quote File C:\Program Files\TextBridge Classic\Bin\IMAGEWIN.EXE infected by "Virus.Win32.Tenga.a" Virus! have you got TextBridge scanning/OCR software installed? Did you get it from a legitimate source? Imagewin seems to be a component of many Windows imaging software packages, so it could be ANOTHER SIMILAR program. You should do a virus check pronto! HijackThis! is a good program to try as well as your normal anti virus software. (You do have some, and it is up to DATE?) How up to date are your security patches? You could try (1) stopping the process and see if it comes back after a reboot. (2) finding the executable imagewin3.exe by a Windows Search (enable find hidden files) and run a virus check on that folder. You may need to reinstall any software that was in that folder. (3) Run a complete virus check as a matter of urgency. Quote Tenga infects PE exe files. The virus can also act as a Network-Worm on machines with an unpatched DCOM RPC vulnerability. Microsoft Security Bulletin MX03-026 details the vulnerability. After launch, Tenga checks if the domain vx9.users.freebsd is available and attempts to dowload Trojan-Downloader.Win32.Small.bdc from http://*nt.lycos.it/v**/dl.exe Tenga is a classic appending virus that increases the size of infected files by 3 KB. Quote also known as: W32/Gael, W32.Licum, Win32.Gael.3666, W32/Stanit (H+BEDV), and you can also upload the file to Virustotal and post a report backIt could be a legitimate file which has got stuck in a loop because something is wrong or corrupted. You could try stopping it and seeing what happens. What protection do you have? I'm not sure if you actually do have Tenga/Gael, but as a general rule of thumb...if a filename gets no results on Castlecops or Google, then it is most likely an infection. Even if the file isn't malicious, it's not vital, so you can end the process. But before you do that... Scan the file with VirusTotal like unlovedwarrior suggests (follow contrex's #2). Search for the file with Process Explorer and see what program the file is tied to. Download HijackThis to its own special folder and post a log here. Many of the files are safe and even vital, so don't make any changes until instructed to do so.

Answer»

I'm using WinXP SP2, and this process is running at 50-51% constantly. It's ImageWin3.exe, and I don't want to terminate it if it's supposed to be running, but some of my other applications aren't working correctly. Does anyone know what imagewin3.exe is or what software uses it? It doesn't come up on Google.

Thanks!It SOUNDS like a part of many scanning/imaging/OCR applications. It may be legitimate or it may be infected, that is, you may have a trojan. 50-51% cpu usage is suspicious. You could have got it by visiting a malicious website, or by installing dubious software.

Nothing came up when I Googled for imagewin3.exe, but when I chopped off the figure 3 I found this...

Quote

File C:\Program Files\TextBridge Classic\Bin\IMAGEWIN.EXE infected by "Virus.Win32.Tenga.a" Virus!

have you got TextBridge scanning/OCR software installed? Did you get it from a legitimate source? Imagewin seems to be a component of many Windows imaging software packages, so it could be ANOTHER SIMILAR program. You should do a virus check pronto! HijackThis! is a good program to try as well as your normal anti virus software. (You do have some, and it is up to DATE?)

How up to date are your security patches?

You could try

(1) stopping the process and see if it comes back after a reboot.
(2) finding the executable imagewin3.exe by a Windows Search (enable find hidden files) and run a virus check on that folder. You may need to reinstall any software that was in that folder.
(3) Run a complete virus check as a matter of urgency.

Quote

Tenga infects PE exe files. The virus can also act as a Network-Worm on machines with an unpatched DCOM RPC vulnerability. Microsoft Security Bulletin MX03-026 details the vulnerability. After launch, Tenga checks if the domain vx9.users.freebsd is available and attempts to dowload Trojan-Downloader.Win32.Small.bdc from http://**nt*.lycos.it/v**/dl.exe Tenga is a classic appending virus that increases the size of infected files by 3 KB.

Quote

also known as: W32/Gael, W32.Licum, Win32.Gael.3666, W32/Stanit (H+BEDV),

and you can also upload the file to Virustotal and post a report backIt could be a legitimate file which has got stuck in a loop because something is wrong or corrupted. You could try stopping it and seeing what happens.
What protection do you have?

I'm not sure if you actually do have Tenga/Gael, but as a general rule of thumb...if a filename gets no results on Castlecops or Google, then it is most likely an infection. Even if the file isn't malicious, it's not vital, so you can end the process. But before you do that...

Scan the file with VirusTotal like unlovedwarrior suggests (follow contrex's #2).

Search for the file with Process Explorer and see what program the file is tied to.

Download HijackThis to its own special folder and post a log here. Many of the files are safe and even vital, so don't make any changes until instructed to do so.

Solve : Process ImageWin3.exe?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment