3 copies of systray.exe

  • Thread starter Thread starter Peter Green
  • Start date Start date
P

Peter Green

Can anyone explain why I have 3 copies of the above file in :

c:\windows\temp 68KB
c:\windows\system32 3KB
c:\windows\system32\dllcache 3KB

I was alerted to this when the one in the temp file was identified as
trying to run on startup by my AV. I blocked it without any problems
with the system tray.

Thanks in advance.
 
Peter Green said:
Can anyone explain why I have 3 copies of the above file in :

c:\windows\temp 68KB
c:\windows\system32 3KB
c:\windows\system32\dllcache 3KB

I was alerted to this when the one in the temp file was identified as
trying to run on startup by my AV. I blocked it without any problems with
the system tray.

Thanks in advance.
Click to expand...

Your first hint should be that your AV told you there's something wrong.
Have you ever had a Nvidia video card, does your PC have a Nvidia chipset?
I have 2 instances of systray.exe; one in \system32 (3KB), and one in my
Nvidia updater folder (32KB).
My guess would be that the one in \temp may be malware of some sort. Is your
AV up to date? You might also want to run these two programs as a
double-check:
MalwareBytes http://www.malwarebytes.org/mbam.php and
SuperAntiSpyware http://www.superantispyware.com/download.html
 
Can anyone explain why I have 3 copies of the above file in :

c:\windows\temp                            68KB
c:\windows\system32                      3KB
c:\windows\system32\dllcache         3KB

I was alerted to this when the one in the temp file was identified as
trying to run on startup by my AV.  I blocked it without any problems
with the system tray.

Thanks in advance.
Click to expand...

systray.exe is one of the 3498 files that Windows considers protected
files. These are monitored by the Windows File Protection feature.
If ever one of the 3498 files is deleted, it will automatically be
replaced by a copy.

The files in system32 are the ones XP will normally want to use.

The ones in dllcache are the backup copies XP will use to replace the
one in system32 if they ever come up missing.

Try deleting the one from system32 and it will be quickly and silently
replaced by the one in dllcache - if WFP is working properly. An
event will show up in the System Event log showing what happened, then
you know your WFP is working.

You can delete the suspicious looking one in temp if you want, or use
your temporary files cleanup routine and it will clear the temp folder
for you.

SC Tom - you don't have one in dllcache?!?
 
Can anyone explain why I have 3 copies of the above file in :

c:\windows\temp 68KB
c:\windows\system32 3KB
c:\windows\system32\dllcache 3KB

I was alerted to this when the one in the temp file was identified as
trying to run on startup by my AV. I blocked it without any problems
with the system tray.

Thanks in advance.
Click to expand...
systray.exe is one of the 3498 files that Windows considers protected
files. These are monitored by the Windows File Protection feature.
If ever one of the 3498 files is deleted, it will automatically be
replaced by a copy.

The files in system32 are the ones XP will normally want to use.

The ones in dllcache are the backup copies XP will use to replace the
one in system32 if they ever come up missing.

Try deleting the one from system32 and it will be quickly and silently
replaced by the one in dllcache - if WFP is working properly. An
event will show up in the System Event log showing what happened, then
you know your WFP is working.

You can delete the suspicious looking one in temp if you want, or use
your temporary files cleanup routine and it will clear the temp folder
for you.

SC Tom - you don't have one in dllcache?!?
Click to expand...

Strangely enough, no, I don't. Go figure.
 
Back
Top