# Clipbook Srvc seen suddenly as a new service?



## wguru (Apr 13, 2007)

Hi everybody,

Just a bit concerned that my TrendMicro's Venus Spy Trap alerting me of a 'new' service starting (asking if I want to allow it).

Does anyone know why this %SystemRoot%\systen32\clipsrv.exe would be popping up supposedlty as a new service? Hard to grasp why my AS sees this as new especially since I've been using cut and paste forever.

Haven't yet decided to allow/disallow this 'new' service because I can't figure out why my anti-spyware is seein gthis as a new service when clearly it should not be new.

My concern is that the service is described as supporting "Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks" and I have avoided enabling any remote capabilities for my OS, except for known rootkitted progs like my AV, etc.

The only thing that I did (precededing this alert) was to Control>Alt>Print Screen while I hovered one of my AV's popup's (so as to make note of an oddly seen AV updating download regarding "DNS name resolved 67.159.42.23") because I've not seen this series of numbers before, nor has my AV ever mentioned DNS when listing it's download files.

I've checked my current clipsrv.exe, listing as present at C:\WINDOWS\ServicePackFiles\i386 and C:\WINDOWS\system32. Both properly seem to bear dates (created) May 14, 2004 and (modified) Aug 04, 2004 properties with 33,864 k on disc.

Again I'm spooked by it being prompted as a new service and it relating to "being seen by remote ClipBooks".

Any comments appreciated.


----------



## johnwill (Sep 26, 2002)

http://www.file.net/process/clipsrv.exe.html


----------



## wguru (Apr 13, 2007)

Thanks for the reply. Do you have any sense as to why it seems this thing all of a sudden wants to (I guess) install itself in a 'root directory' and (I guess) have or necessitate 'running that service even when I am not logged in and sometimes w/supervisory access to the computer'?

Seems if I don't allow it to be added as a new Windows service (through my AS's Venus Spy Trap), it'll be difficult to undo that without opening pandora's box (the only way I believe TMAS users can allow a denied service to run).

And if I do allow it to run as a new service, I suspect it to be something malicious (given what all I can gather about where it's supposed to be run from).

I supppose if I'm unable to ask the right questions or get a direct answer, I'm leaning towards disallowing the thing and hoping that cut and paste isn't disabled (and I have to risk opening the Venus Spy Trap, which I believe is a TMAS bug that users are confronted with (in that once the trap is opened all that was in it is now free to attempt running again at least until I opt them all as disallowed once more).


----------



## johnwill (Sep 26, 2002)

It could be malware, which is mentioned on that page.

I'd disallow it and see if things still work. You can always register it as a service later if it's really the genuine article. :smile:


----------



## wguru (Apr 13, 2007)

Thanks for the reply.

I disallowed it and nothing seems broken.


----------



## johnwill (Sep 26, 2002)

Strange! :grin:


----------

