What Is Spawn.exe?

No problems, no complaints, just wondering...

I am experimenting with a batch file I wrote to execute before a backup task begins. While my batch file is executing my firewall pops up a message asking if spawn.exe may "gain access to privileged resources". I think that the "privileged resources" may be the Windows XP command interpreter.

In any case, I'm not concerned because I know that spawn.exe is part of True Image. But I am wondering: What does spawn.exe do?

 

I cannot help you with what the Acronis version of spawn.exe does.... hopefully Acronis Support will respond to that question soon..

The problem with file names is that writers of malware often use legitimate filenames to hide their code. What you need to do is ensure that the version of spawn.exe on your PC is the genuine file from Acronis and not the malware version. This is some info on the malware version of spawn.exe :

Spawn.exe installs with Troj/Nawps-A. This Trojan downloads and installs other malicious files including Troj/Backdoor-FK. More information on Troj/Nawps-A can be found at :

http://www.sophos.com/virusinfo/analyses/trojnawpsa.html.

More information on Troj/Backdoor-FK can be found at :

http://www.sophos.com/virusinfo/analyses/trojbdoorfk.html.

Spawn.exe also installs with a remote access tool called Infiltrator (some sources classify this as backdoor.SkyDance). If this file is running on your system, a remote user may be able to gain access. More information can be found at :

http://research.sunbelt-software.com/threat_display.cfm?name=Infiltrator&threatid=7061.

 

I believe it runs child processes like post commands that require loading a command processer like cmd.exe.

But I'm just guessing.

 

Thank you for reminding me about this. While doing my research I came across information on malware versions of spawn.exe. These malware versions are installed into the Windows folder. I checked with my firewall (Zone Alarm Internet Security Suite) and the version of spawn.exe it was asking about is installed in the True Image folder.

 

Hello all,

Thank you for choosing Acronis Disk Backup Software.

I am sorry for the delayed response.

I have to contact Acronis Develpment Team on this question. As this can take a few days, I apologize in advance for any delay with the response. I will reply as soon as possible.

Thank you.
--
Aleksandr Isakov

 

Hello all,

Thank you for choosing Acronis Disk Backup Software.

Please accept our apologies for the delay with the response.

I have contacted Acronis Develpment Team and got a response. And would like to say that shieber was quite right. The spawn.exe uses to interact between Acronis True Image and command processer like cmd.exe or chkdsk to capture its input/output. It uses for example when you use pre/post commands.

Thank you.
--
Aleksandr Isakov