Trojan problem or no trojan problem? igfxtray.exe

[Skybird]

I have Windows XP and Avira Premium (payware) in use.

Today when surfing, a sudden popup caused the hd to spin, but the popup content seemed to have been prevented from proper functioning.

After that, whenever the system is booting, after appearance of the desktop, I get an MSDOS execution box, 16 Bit headline, and then an error message saying that the NTVDM-CPU has discovered an invalid command:

CS:070aIP:fef00P:ffffffff00

I was alarmed, and started to investigate.

I found a file in my C:/documents/myname/Startmenu/Programs/Autostart/

name is

igfxtray.exe

Google said that there is a necessary file by NVidia of this title, however, in other forums opinions seem to have been split on whether this file was garmless or not, a necessary system file or a trojan.

I never was aware of this file before.

Opening the task manger and process list, this exe was there, too.

It could not be manually deleted at that adress, since it was in use, computer said.

I opened config editor and processes, found it there, and deactivated the ticked box, then rebooted again. This time, no error message and no DOS box. No entry in the process list and no present file in Autostart folder.

I started a full system scan with Avira Premium Suite, at maximum search options, two hours later the result said that no problem was found.

Now what should I make of this? A file named igfxtray.exe still is present in C:/Windows/pss.

System file? Then why jumped it to "on" and caused that DOS box and error message? Trojan? Why then is not not found?

[Gerald]

Quote:

Originally Posted by Skybird

I have Windows XP and Avira Premium (payware) in use.

Today when surfing, a sudden popup caused the hd to spin, but the popup content seemed to have been prevented from proper functioning.

After that, whenever the system is booting, after appearance of the desktop, I get an MSDOS execution box, 16 Bit headline, and then an error message saying that the NTVDM-CPU has discovered an invalid command:

CS:070aIP:fef00P:ffffffff00

I was alarmed, and started to investigate.

I found a file in my C:/documents/myname/Startmenu/Programs/Autostart/

name is

igfxtray.exe

Google said that there is a necessary file by NVidia of this title, however, in other forums opinions seem to have been split on whether this file was garmless or not, a necessary system file or a trojan.

I never was aware of this file before.

Opening the task manger and process list, this exe was there, too.

It could not be manually deleted at that adress, since it was in use, computer said.

I opened config editor and processes, found it there, and deactivated the ticked box, then rebooted again. This time, no error message and no DOS box. No entry in the process list and no present file in Autostart folder.

I started a full system scan with Avira Premium Suite, at maximum search options, two hours later the result said that no problem was found.

Now what should I make of this? A file named igfxtray.exe still is present in C:/Windows/pss.

System file? Then why jumped it to "on" and caused that DOS box and error message? Trojan? Why then is not not found?

Read plz,
http://www.what-is-exe.com/filenames/igfxtray-exe.html

[Skybird]

Thanks, but that reads still leaves me uncertain over the file I have, since it is not stored in c/windows/system32, but c/windows/pss. I also wonder why it was triggered and then moved into the autostart folder.

Google information only increases my uncertainty.

How to find out whether or not the file is what it colaims to be, or is a trojan, if even the name even can be used by other files without any signal for that?

Edit:
Some info says it is part of the driver for graphics chips. But other info says it could be the trojan Troj/PAdmin-A.

[Gerald]

I say no trojan,99% sure

[the_tyrant]

upload it to http://vscan.novirusthanks.org/
so you can get multiple opinions on the file

[Feuer Frei!]

igfxtray.exe isn’t a malware at all. In fact, it doesn’t even make any attempt to connect to the Internet like other malware that steals personal information requires. There is no replication involved and is usually recognizable with the little monitor on the system tray. The tool may be helpful for some wanting to change their display settings right away or take advantage of special hotkeys. Because of its spelling, some malware may come in the form of slightly altered spellings which are actual malware. Pay close attention to spelling of the file running and understand how it is really spelt. If you check the file’s property, it should also say “Intel” on the descriptions.
It is really rare for a problem involving igfxtray.exe to arise since it stays idle most of the time unless the user interacts with it. If ever problems do arise, it is best to make sure you update your drivers to the latest version. Some driver updates may also have updates to that tray application fixing bugs and adding new features. This problem may occur too if you install this on a computer that isn’t using the Intel graphics processor. Intel has a chip identifier utility to help with that so no time is wasted when installing.
There are two main common Trojans that are used to disguise in the form of the igfxtray.exe executable file, the first drops an infected executable file holding the same name of the igfxtray.exe executable file of the Windows operating system and this infected executable file spreads widely through your system causing severe huge harm to it. The other Trojan horse worm spreads through the RPC DCOM in Windows XP.
I wouldn't worry about it Skybird, it's not a trojan,
another good link to check is:
http://www.processlibrary.com/

Auf Wiedersehen Kaleun.

[Gerald]

Quote:

Originally Posted by Feuer Frei!

igfxtray.exe isn’t a malware at all. In fact, it doesn’t even make any attempt to connect to the Internet like other malware that steals personal information requires. There is no replication involved and is usually recognizable with the little monitor on the system tray. The tool may be helpful for some wanting to change their display settings right away or take advantage of special hotkeys. Because of its spelling, some malware may come in the form of slightly altered spellings which are actual malware. Pay close attention to spelling of the file running and understand how it is really spelt. If you check the file’s property, it should also say “Intel” on the descriptions.
It is really rare for a problem involving igfxtray.exe to arise since it stays idle most of the time unless the user interacts with it. If ever problems do arise, it is best to make sure you update your drivers to the latest version. Some driver updates may also have updates to that tray application fixing bugs and adding new features. This problem may occur too if you install this on a computer that isn’t using the Intel graphics processor. Intel has a chip identifier utility to help with that so no time is wasted when installing.
There are two main common Trojans that are used to disguise in the form of the igfxtray.exe executable file, the first drops an infected executable file holding the same name of the igfxtray.exe executable file of the Windows operating system and this infected executable file spreads widely through your system causing severe huge harm to it. The other Trojan horse worm spreads through the RPC DCOM in Windows XP.
I wouldn't worry about it Skybird, it's not a trojan,
another good link to check is:
http://www.processlibrary.com/

Auf Wiedersehen Kaleun.

God morning Kaleun!

[Skybird]

Thank you everybody. Most people say it is harmless, but some disagreed, saying that it could be a troijan that uses exactly that name to hide under. so I was investigating this. The process is now deactivated in the startup list. Let'S see.

Do I need to assume that if it triggers an error message now when activated, that I have a broken graphics chip there? I have never gotten said error message before. Or is it the driver of the chip that got screwed? And are we talking about the graphics board, or any chips on the mainboard?

In this Avira forum I have also posted the logfiles of the system scans via Avira Premium Secuirty Suite and Hijack this:

http://forum.avira.com/wbb/index.php...53#post1053053

[Feuer Frei!]

Quote:

Originally Posted by Skybird

Thank you everybody. Most people say it is harmless, but some disagreed, saying that it could be a troijan that uses exactly that name to hide under. so I was investigating this. The process is now deactivated in the startup list. Let'S see.

Do I need to assume that if it triggers an error message now when activated, that I have a broken graphics chip there? I have never gotten said error message before. Or is it the driver of the chip that got screwed? And are we talking about the graphics board, or any chips on the mainboard?

In this Avira forum I have also posted the logfiles of the system scans via Avira Premium Secuirty Suite and Hijack this:

http://forum.avira.com/wbb/index.php...53#post1053053

igfxtray.exe is a process which allows you to access the Intel Graphics configuration and diagnostic application for the Intel 810 series graphics chipset. This program is a non-essential system process, and is installed for ease of use via the desktop tray.
Download the graphics adapter from your motherboard makers site. Get rid of the graphics accelerator and download the same driver from Intel and the problem will be gone. Third party download can be the problem, windows may not be able to authenticate it every time it starts.

[Skybird]

I fear I do not understand. Do we talk chips on the mainboard or chips on the graphics board here? My mainboard is by Asus, my graphicsboard is an Nvidia-based one by <don't know right know who build it>.

For the graphcis board drivers I use to go neither to intel nor to Asus, but nVidia, of course - or not?

My sims and games still run without visible faults, btw.

[Skybird]

I meanwhile have done addtional scans with Malwarebyte'S Anti-Malware in Qucik scan Mode, and an onlince scan via Bit-Defender, both also marking the file as a trojan. So I decided for the kill-solution and deleted it. Follow-up scans by Avira now found nothing anymore.

I also do maintenance for the notebook of my Mom, and have just installed a new one for a friend of my parents, chekcing out his old one first. On all these, and my system as well, Avira Free AntiVir was installed plus free firewalls by Zonealarm or Comodo. No scanning results. I learned the lesson to switch all systems, inclduing mine, to payware Avira Premium Security Suite after learning that tzhe free scanners for example to not guard email traffic (didn't know that before). And immediately on all systems malware was detected, and crtiical internet traffic was blocked and reported.

The difference between the free versions of Virus-Scanners and Firewalls, and payware suites, obviously has been underestimated by me. I would recommend now to everybody to walk on the safe side of the road and always run full versions of according security software, not just free solutions.

I also learned that the Comodo firewall, whcih once was rated as very good, in the recent 12 months or so has found to be extremely leaky (German PC magazine reporting this in a test, I think it was c't). The Comodo firewall, and their scanner as well, was found to be sensationally unsafe.