• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

What is WrtProc.exe?

#1
A couple of times I have received a message from ZoneAlarm that 'NsWrtProc
Microsoft Base Clase Application' wants to access the internet and it relates
to a file called WrtProc.exe which has another file called WrtMon.exe
associated with it. As there is a spelling mistake in the file description I
am suspicious of it.
Both files are located in C:\Windows\System32\spool\drivers\w32x86\3\.

Both files were created on 18/10/2007 but modified about one year earlier,
which does not make sense, although other files in this directory were also
modified before they were created!!!!!!!!!!

Are they genuine Microsoft files, or are they malware?

If the latter then how do I remove them from Vista Home Premium which does
not allow me to delete them, even though I have Administrator privileges?

All suggestions appreciated as searching on Google has not been any help.

Viv
 

My Computer

C

Cyberhash

#2
Have you tried scanning the files via www.virustotal.com ?????

"Viv" <Viv@xxxxxx> wrote in message
news:E99B759D-B8CB-46D1-92E9-4E219FFA8892@xxxxxx

>A couple of times I have received a message from ZoneAlarm that 'NsWrtProc
> Microsoft Base Clase Application' wants to access the internet and it
> relates
> to a file called WrtProc.exe which has another file called WrtMon.exe
> associated with it. As there is a spelling mistake in the file
> description I
> am suspicious of it.
> Both files are located in C:\Windows\System32\spool\drivers\w32x86\3\.
>
> Both files were created on 18/10/2007 but modified about one year earlier,
> which does not make sense, although other files in this directory were
> also
> modified before they were created!!!!!!!!!!
>
> Are they genuine Microsoft files, or are they malware?
>
> If the latter then how do I remove them from Vista Home Premium which does
> not allow me to delete them, even though I have Administrator privileges?
>
> All suggestions appreciated as searching on Google has not been any help.
>
> Viv
>
 

My Computer

N

netlink_blue

#3
This link shows it to be a printer driver -

http://www.pcpitstop.com/spycheck/SWDetail.asp?fn=WrtProc.exe

good luck,
- netlink



Viv wrote:

> A couple of times I have received a message from ZoneAlarm that 'NsWrtProc
> Microsoft Base Clase Application' wants to access the internet and it relates
> to a file called WrtProc.exe which has another file called WrtMon.exe
> associated with it. As there is a spelling mistake in the file description I
> am suspicious of it.
> Both files are located in C:\Windows\System32\spool\drivers\w32x86\3\.
>
> Both files were created on 18/10/2007 but modified about one year earlier,
> which does not make sense, although other files in this directory were also
> modified before they were created!!!!!!!!!!
>
> Are they genuine Microsoft files, or are they malware?
>
> If the latter then how do I remove them from Vista Home Premium which does
> not allow me to delete them, even though I have Administrator privileges?
>
> All suggestions appreciated as searching on Google has not been any help.
>
> Viv
 

My Computer

#4
Thanks to both for your help.

Viv

"netlink_blue" wrote:

> This link shows it to be a printer driver -
>
> http://www.pcpitstop.com/spycheck/SWDetail.asp?fn=WrtProc.exe
>
> good luck,
> - netlink
>
>
>
> Viv wrote:

> > A couple of times I have received a message from ZoneAlarm that 'NsWrtProc
> > Microsoft Base Clase Application' wants to access the internet and it relates
> > to a file called WrtProc.exe which has another file called WrtMon.exe
> > associated with it. As there is a spelling mistake in the file description I
> > am suspicious of it.
> > Both files are located in C:\Windows\System32\spool\drivers\w32x86\3\.
> >
> > Both files were created on 18/10/2007 but modified about one year earlier,
> > which does not make sense, although other files in this directory were also
> > modified before they were created!!!!!!!!!!
> >
> > Are they genuine Microsoft files, or are they malware?
> >
> > If the latter then how do I remove them from Vista Home Premium which does
> > not allow me to delete them, even though I have Administrator privileges?
> >
> > All suggestions appreciated as searching on Google has not been any help.
> >
> > Viv
>
 

My Computer

N

NooNoo

#5
This is installed by Presto PageManager which is bundled with Canon Scanners.
You can prevent it starting up by using (start, run) MSCONFIG and unchecking
WRTMON in the startup items tab. It may affect the printing in Presto
PageManager - I have yet to check that.

It has a side effect. If you are using the AT&T or BT Yahoo Browser and
WRTMON is allowed to start up, typing into any of the search boxes or web
email replies slows to a crawl.

It is safe to let ZoneAlarm to allow it providing you have Presto
PageManager installed. If you don't, you need to find out what installed it.

"Viv" wrote:

> A couple of times I have received a message from ZoneAlarm that 'NsWrtProc
> Microsoft Base Clase Application' wants to access the internet and it relates
> to a file called WrtProc.exe which has another file called WrtMon.exe
> associated with it. As there is a spelling mistake in the file description I
> am suspicious of it.
> Both files are located in C:\Windows\System32\spool\drivers\w32x86\3\.
>
> Both files were created on 18/10/2007 but modified about one year earlier,
> which does not make sense, although other files in this directory were also
> modified before they were created!!!!!!!!!!
>
> Are they genuine Microsoft files, or are they malware?
>
> If the latter then how do I remove them from Vista Home Premium which does
> not allow me to delete them, even though I have Administrator privileges?
>
> All suggestions appreciated as searching on Google has not been any help.
>
> Viv
 

My Computer