Whenever my laptop gets slow I check task manager, and there are always processes with no description, like winlogon.exe, svchost.exe and csrss.exe (I checked online and apparently these three processes are part of Windows). Moreover, when I connect internet after a long time of being offline, I see an update.exe process (or even two) with no description, which usually disappears in seconds or a few minutes (it also disappears if I disconnect). Is it an automatic update of some program or a trojan? (it can't be Windows updates because my Windows update setting is set on "check for updates but let me choose whether to download and install them"). My Avast free and Avira free (both real time) are up to date and full scans find no malwares whatsoever.
A process with no description in task manager, legit or a trojan?
- Thread starter Marco2
- Start date
- May 7, 2014
- 172
Those are well known windows processes as far as I know. I have all 3 of them as well.
- Jul 12, 2014
- 1,143
Hi @Marco2 ,
When you see update.exe in Task Manager again then right-click on process name and choose Open file location. Then you can see where process file is located. It may belong to legitimate program but also to malware. Another thing is that when you open process file location then I suggest to upload update.exe file to VirusTotal service.
All other mentioned processes: winlogon, svchost and csrss should be clean (if located in System directory).
I hope it helps.
Regards,
Kardo
When you see update.exe in Task Manager again then right-click on process name and choose Open file location. Then you can see where process file is located. It may belong to legitimate program but also to malware. Another thing is that when you open process file location then I suggest to upload update.exe file to VirusTotal service.
All other mentioned processes: winlogon, svchost and csrss should be clean (if located in System directory).
I hope it helps.
Regards,
Kardo
- May 7, 2014
- 172
Agree with @Kardo KristalI am more worried about update.exe, it seems suspicious
- Aug 2, 2015
- 4,286
"winlogon.exe, svchost.exe and csrss.exe" all are legit processes. you may be clean it may be the amount of software running that may be the cause of the slowdown, but thats just a guess. PeAcE
- Jan 9, 2013
- 1,457
Use an alternative to Task Manager like System Explorer to see more details about the process.
Based on what you described, I don't think it's Windows Update, but to be totally sure you can follow @Kardo Kristal 's suggestion.
You can also try Everything and search for update.exe. I have only one and it belongs to Mobogenie.
Based on what you described, I don't think it's Windows Update, but to be totally sure you can follow @Kardo Kristal 's suggestion.
You can also try Everything and search for update.exe. I have only one and it belongs to Mobogenie.
- Mar 15, 2011
- 13,070
First of all in order to diagnose, recall everything as much as possible the apps you have.
Second the three crucial processes should go under of /System and not from user name therefore verify it that located on system32 directory.
So follow all the suggestions as provided and check for confirmation.
Second the three crucial processes should go under of /System and not from user name therefore verify it that located on system32 directory.
So follow all the suggestions as provided and check for confirmation.
- Jan 9, 2013
- 1,457
Windows Update is wuauclt.exe running under svchost.exe
Last edited:
It's definitely not Windows update, because Windows automatic update is turned off, and when I choose to update Windows it appears as wuauclt.exe indeed. This process appears after being offline for many hours (usually the first thing in the morning). It must be either autoupdating of my many chrome extensions (or other programs) or a trojan.
- Jan 9, 2013
- 1,457
For the mean time, you can temporarily block update.exe using this reg script. Also included is an unblocking script
Block
Unblock
Another question, when was the last time you did a Malware Scan?
Block
Code:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"DisallowRun"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"="update.exe"Unblock
Code:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"DisallowRun"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]
"1"=-Another question, when was the last time you did a Malware Scan?
- Mar 1, 2014
- 1,708
@Marco2, don't use two real-time antivirus. If update.exe is indeed a malware, the reason why it's not detected is probably because you have 2 conflicting real-time antivirus (Avast and Avira) installed.
Update.exe appeared in task manger as usual the first thing in the morning for a few minutes then disappeared, and when I tried to "open file location", I didn't get any response, no response when I tried to see "properties" either. I think/hope it's automatic updating of one of my google chrome extensions, I just added a new extension called "Extensions Update Notifier" to see if my google extensions update every day like this. @WinXPert @XhenEd I've been scanning my laptop for a week now, the last scan was an hour ago, Avast free is the only real-time AV for now, I turned off Avira's real-time protection, and uninstalled Qihoo after its scan. None of Avast free, Avira free, Qihoo 360TS, MBAM free and Emsisoft emergency kit found any malwares ! @WinXPert thank you again, but the process appears for only a few minutes a day and it isn't affecting Windows performance, I don't want to block it, that's not my goal. I just want to make sure it's not some apocalyptic trojan that doesn't exist in any AV's data (is this theoretically possible?)
! @WinXPert thank you again, but the process appears for only a few minutes a day and it isn't affecting Windows performance, I don't want to block it, that's not my goal. I just want to make sure it's not some apocalyptic trojan that doesn't exist in any AV's data (is this theoretically possible?)
- Mar 1, 2014
- 1,708
I believe that you have to uninstall all other AVs. You should only have one AV installed (well, companion AVs are an exemption). I think just disabling an AV won't solve the conflict since there's a reason why AVs have special uninstallers to locate their pieces of files that may conflict with other AVs.Update.exe appeared in task manger as usual the first thing in the morning for a few minutes then disappeared, and when I tried to "open file location", I didn't get any response, no response when I tried to see "properties" either. I think/hope it's automatic updating of one of my google chrome extensions, I just added a new extension called "Extensions Update Notifier" to see if my google extensions update every day like this. @WinXPert @XhenEd I've been scanning my laptop for a week now, the last scan was an hour ago, Avast free is the only real-time AV for now, I turned off Avira's real-time protection, and uninstalled Qihoo after its scan. None of Avast free, Avira free, Qihoo 360TS, MBAM free and Emsisoft emergency kit found any malwares
For now, use system explorer as what @WinXPert suggested.
- Jan 9, 2013
- 1,457
- Mar 1, 2014
- 1,708
To be sure, better report this to Malware Removal section. This way, an expert of MalwareTips can guide you well.
- Apr 3, 2014
- 1,460
use the run command and type regedit in the registry press ctrl+f and type the name of the process
you should find it there but do not delete anything just confirm where it is running from
you should find it there but do not delete anything just confirm where it is running from
Similar threads
