What Is Spawn.exe?

Discussion in 'Acronis True Image Product Line' started by bulldog356, Jul 18, 2006.

Thread Status:
Not open for further replies.
  1. bulldog356

    bulldog356 Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    137
    No problems, no complaints, just wondering...

    I am experimenting with a batch file I wrote to execute before a backup task begins. While my batch file is executing my firewall pops up a message asking if spawn.exe may "gain access to privileged resources". I think that the "privileged resources" may be the Windows XP command interpreter.

    In any case, I'm not concerned because I know that spawn.exe is part of True Image. But I am wondering: What does spawn.exe do?
     
  2. Tabvla

    Tabvla Registered Member

    Joined:
    Apr 21, 2006
    Posts:
    649
    Location:
    London, England
    I cannot help you with what the Acronis version of spawn.exe does.... hopefully Acronis Support will respond to that question soon..:D

    The problem with file names is that writers of malware often use legitimate filenames to hide their code. What you need to do is ensure that the version of spawn.exe on your PC is the genuine file from Acronis and not the malware version. This is some info on the malware version of spawn.exe :

    Spawn.exe installs with Troj/Nawps-A. This Trojan downloads and installs other malicious files including Troj/Backdoor-FK. More information on Troj/Nawps-A can be found at :

    http://www.sophos.com/virusinfo/analyses/trojnawpsa.html.

    More information on Troj/Backdoor-FK can be found at :

    http://www.sophos.com/virusinfo/analyses/trojbdoorfk.html.

    Spawn.exe also installs with a remote access tool called Infiltrator (some sources classify this as backdoor.SkyDance). If this file is running on your system, a remote user may be able to gain access. More information can be found at :

    http://research.sunbelt-software.com/threat_display.cfm?name=Infiltrator&threatid=7061.
     
  3. shieber

    shieber Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    3,710
    I believe it runs child processes like post commands that require loading a command processer like cmd.exe.

    But I'm just guessing.:doubt:
     
  4. bulldog356

    bulldog356 Registered Member

    Joined:
    Feb 8, 2005
    Posts:
    137
    Thank you for reminding me about this. While doing my research I came across information on malware versions of spawn.exe. These malware versions are installed into the Windows folder. I checked with my firewall (Zone Alarm Internet Security Suite) and the version of spawn.exe it was asking about is installed in the True Image folder.
     
  5. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello all,

    Thank you for choosing Acronis Disk Backup Software.

    I am sorry for the delayed response.

    I have to contact Acronis Develpment Team on this question. As this can take a few days, I apologize in advance for any delay with the response. I will reply as soon as possible.

    Thank you.
    --
    Aleksandr Isakov
     
  6. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello all,

    Thank you for choosing Acronis Disk Backup Software.

    Please accept our apologies for the delay with the response.

    I have contacted Acronis Develpment Team and got a response. And would like to say that shieber was quite right. The spawn.exe uses to interact between Acronis True Image and command processer like cmd.exe or chkdsk to capture its input/output. It uses for example when you use pre/post commands.

    Thank you.
    --
    Aleksandr Isakov
     
Thread Status:
Not open for further replies.