40 instances of powershell.exe in Task Manager

M

mantosof

Member
I always see many instances of powershell.exe. Anywhere from 5-50 iterations listed in Task Manager.
I ran Malwarebytes and came out clean.

It seems to originate in syswow64/WindowsPowerShell/V1.0
There is a powershell.exe and a powershell_ise.exe application in that folder.
These folders are dated 2009 from when i bought my PC so they arent new.

I use Vista 64. SP2
The attached screen print shows what i see.
is this normal?

Thanks.
 

Attachments

  • powershell.doc
    195.5 KB · Views: 0

My Computer

System One

I see no attachment.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
I would try AutoRuns to see where it is starting from.

For a utility with a simpler interface WinPatrol free version has an AutoStart section that may pick it up. If it does you can just select it and click Remove. It just removes the startup command.

My gut feeling is that whatever is running it thinks it is important enough to keep retrying on error. But that's just a guess. PowerShell is the shell that runs scripts similar to bash in Linux. It can be used to run nearly anything.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
I noticed that powershell.exe *32 did not run on startup, but began running after an hour or so of PC use. There were 4 instances. I was able to right click and select "end process" on 3 of them - which removed them, but the last one, said "access denied".

Can i just delete the powershell executable from
C:\Windows\SysWOW64\WINDOWSPOWERSHELL\v1.0\POWERSHELL.EXE

Cant i live without powershell on my pc? its just causing problems.

I downloaded winpatrol. Powershell isnt listed as a startup item.

Thanks.
 

My Computer

System One

Run a full scan with your anti virus
Download and run a full scan with Malwarebytes
Scan with the online Eset, use the free scan
Free Virus Scan | Online Virus Scanner from ESET
I have seen this with other processes and it is usually a virus or worse
 

My Computer

System One

  • Manufacturer/Model
    Dell XPS420
    Memory
    6 gig
    Graphics Card(s)
    ATI Radeon HD3650 256 MB
    Sound Card
    Intergrated 7.1 Channel Audio
    Monitor(s) Displays
    Dell SP2009W 20 inch Flat Panel w Webcam
    Hard Drives
    640 gb
    Cooling
    Fan
    Keyboard
    Dell USB
    Mouse
    Dell USB 4 button optical
    Other Info
    DSL provided by ATT
One thing you can do is download Process Explorer and see what is launching it. If it won't let you delete it then it is probably being run by a 32 bit service. If you can find the name of the service then we can tell if you need it running or not.

In the Process Explorer list of processes the Tree View will show the parent process of each one. IOW what ran it.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
I wanted to update those who took the time to reply:
I ran a program called "combofix" as recommended in another website.
That did the trick. It removed the virus - and it was a virus/malware.
No one was helping there, I just saw others using it and tried it.
After running it , I read all these warnings about running it without guidance...I guess I got lucky.
 
Last edited:

My Computer

System One

Glad you got it worked out. It did seem weird. I don't have a single instance of PowerShell running on my system. Anyway, you got it back on track.

b0212.gif
 

My Computer

System One

  • Manufacturer/Model
    HP Pavilion m9515y
    CPU
    Phenom X4 9850
    Memory
    8 GB
    Graphics Card(s)
    Some Radeon Cheapie with 512 MB Ram
    Monitor(s) Displays
    CRT
    Screen Resolution
    1280x1024
    Hard Drives
    750 GB SATA 3G
    2 SIIG Superspeed docks w/WD Caviar Black Sata II or III
You must log in or register to reply here.
Back
Top