Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Process abc123YImia.exe running -- virus or spyware?

Posted on 2007-03-28
3
Medium Priority
?
171 Views
Last Modified: 2013-12-04
Today, I noticed a new icon in the system tray -- a red donut with a black hole.  When I hovered over it, a balloon popped up saying, "Your computer is infected."  Double-clicking or right-click had no effect.  So, I checked the process list and found an unknown entry, abc123YImia.exe.  I ended the process, but the red donut was still in the system tray.  I ran HiJack This, Ewido, AdAware, SpyBot S&D, and McAfee VirusScan, but found nothing except a couple of tracking cookies (which were deleted).  After rebooting, the process and donut icon are gone.  So, my question is...

Is this a new virus or adware program?  (Google searches found nothing.)  Is something hiding on my system?
0
Comment
Question by:photoartguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Assisted Solution

by:TheTechGuysNYC
TheTechGuysNYC earned 240 total points
ID: 18813655
Yes, I would say so.

I've seen cases where companies have found a way to do what you described. In this way, the user clicks and says "oh hsit... I'm infected," downloads the program from the company, and presto, it is gone. In most cases, it is not malicious, just an easy way to make money off of unsuspecting PC users.

Get a mac :)
0
 
LVL 32

Accepted Solution

by:
r-k earned 260 total points
ID: 18813698
If you ran all those programs and they found nothing then probably your system is clean. To be complete about it, you may want to do a scan with RootkitRevealer:

  http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

0
 

Author Comment

by:photoartguy
ID: 18879116
I'm not sure what it was, but I couldn't find a registry entry.  But, I did find the EXE file as well as 'abc123.pid' in the  C:\Documents and Settings\Administrator\Local Settings\Temp  directory  and deleted them.  It hasn't come back, yet -- so, hopefully that takes care of it.

Thanks for your help!
Dale

0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question