Solved

"tscd_win32.exe" virus or not?

Posted on 2007-03-27
12
5,568 Views
Last Modified: 2013-12-04
When I shutdown my WinXP SP2 system I get a failure or crash of a service called "tscd_win32.exe".  When I try to Google this service, all I get is that it's some sort of crypto software but I have no idea if it's a virus or otherwise?

Can anyone tell me if this is some sort of trojan, worm or other?

Thanks
0
Comment
Question by:dcxmancan
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 22

Accepted Solution

by:
orangutang earned 50 total points
ID: 18801188
Well, I would think it's safe to remove since you have no idea what it is and it's not a Microsoft service.
0
 
LVL 5

Assisted Solution

by:rulirahmadi
rulirahmadi earned 50 total points
ID: 18801333
Try to use Windows Defender to disable/remove the process/spyware.

More info:
http://www.experts-exchange.com/Security/Win_Security/Q_22122938.html
http://www.experts-exchange.com/Miscellaneous/Q_22119162.html
-----------------------------------------------------------------------------------------------------------

Download hijackthis
http://www.download.com/HijackThis/3000-8022_4-10379544.html
paste your log here and hit analize
http://www.hijackthis.de and hit analyle and you should be able to see what needs to be fixed
then run hijackthis again and remove those entries
0
 
LVL 22

Expert Comment

by:orangutang
ID: 18801374
Well, if it's just a service, you can search for the exe in:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
and delete the key that value it's in
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:dcxmancan
ID: 18801409
how can i remove it if i can't even find it on the system.  I've done a complete search from top level (my computer) and no results found.

the only way i know it exists is when i shutdown and it crashes with that pop up window error.  i can also see it under the task manager/processes tab.  I can stop the service there but it will start up again when i reboot.

I've checked the regedit as well without luck.

has anyone come accross this?

i know my next step is to reformat but i just don't want to do it only to find out later it is a hidden service that is needed or non-harmful.

thanks for help on this
0
 

Author Comment

by:dcxmancan
ID: 18801429
rulirahmadi, i've got pc-cillin installed with the latest pattern.  is windows defender better?

can anyone confirm if it's a virus or not?

thanks
0
 
LVL 22

Expert Comment

by:orangutang
ID: 18801440
That's weird. you should be able to open regedit, goto:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
,click on the "Services" key, press Ctrl+F, only select "Data", and search for "tscd_win32"
0
 
LVL 27

Assisted Solution

by:Tolomir
Tolomir earned 25 total points
ID: 18801815
You can try http://superantispyware.com/

# Quick, Complete and Custom Scanning of Hard Drives, Removable Drives, Memory, Registry, Individual Folders and More! Includes Trusting Items and Excluding Folders for complete customization of scanning!
 
# Detect and Remove Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits and many other types of threats.

Go it myself. Quite good with fast customer support.

Tolomir
0
 
LVL 5

Expert Comment

by:rulirahmadi
ID: 18802508
I use Windows Defender to monitor unknown process (Publisher not available) and network connected program (where spywares doing their action). It's very usefull. We even can disable/enable and remove any unwanted process.
0
 

Author Comment

by:dcxmancan
ID: 18803412
orangutang,  yes i did do the "ctrl-f" in regedit and nothing showed up.

tolomir/rulirahmadi, i'll see which one suits me best or try both and let you know

but if anyone knows if "tscd_win32.exe" is harmful, that would be great.

thanks again
0
 
LVL 5

Expert Comment

by:rulirahmadi
ID: 18803481
For quick result (harmful or not), better try HijackThis.
0
 

Author Comment

by:dcxmancan
ID: 18803573
i found out what it is.

it's actually part of the TPM software package (Embassy Suite) that Dell gives out with their biometric scanners.

but its just funny it started acting up now.  sufficed to say i did an uninstall with a reg clean and a re-install of the latest version and the crash seems to have gone away.

who wants the points on this?
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question