Solved

Process abc123YImia.exe running -- virus or spyware?

Posted on 2007-03-28
3
168 Views
Last Modified: 2013-12-04
Today, I noticed a new icon in the system tray -- a red donut with a black hole.  When I hovered over it, a balloon popped up saying, "Your computer is infected."  Double-clicking or right-click had no effect.  So, I checked the process list and found an unknown entry, abc123YImia.exe.  I ended the process, but the red donut was still in the system tray.  I ran HiJack This, Ewido, AdAware, SpyBot S&D, and McAfee VirusScan, but found nothing except a couple of tracking cookies (which were deleted).  After rebooting, the process and donut icon are gone.  So, my question is...

Is this a new virus or adware program?  (Google searches found nothing.)  Is something hiding on my system?
0
Comment
Question by:photoartguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Assisted Solution

by:TheTechGuysNYC
TheTechGuysNYC earned 60 total points
ID: 18813655
Yes, I would say so.

I've seen cases where companies have found a way to do what you described. In this way, the user clicks and says "oh hsit... I'm infected," downloads the program from the company, and presto, it is gone. In most cases, it is not malicious, just an easy way to make money off of unsuspecting PC users.

Get a mac :)
0
 
LVL 32

Accepted Solution

by:
r-k earned 65 total points
ID: 18813698
If you ran all those programs and they found nothing then probably your system is clean. To be complete about it, you may want to do a scan with RootkitRevealer:

  http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

0
 

Author Comment

by:photoartguy
ID: 18879116
I'm not sure what it was, but I couldn't find a registry entry.  But, I did find the EXE file as well as 'abc123.pid' in the  C:\Documents and Settings\Administrator\Local Settings\Temp  directory  and deleted them.  It hasn't come back, yet -- so, hopefully that takes care of it.

Thanks for your help!
Dale

0

Featured Post

SuperAntiSpyware Licenses Discounted by 25% !

Exclusive offer to Experts Exchange Members!
Buy SuperAntiSpyware License(s) from us and save 25% on the regular purchase price.
- Includes Full SuperAntiSpyware Vendor Support Entitlements
- Your Subscription does not begin until you activate your license
- Buy for your friends

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Propagate Applocker rules to all laptops/PCs in the domain 10 64
xss alert in domino url 9 84
Top honey pots & reviews of canary 7 90
SMTP log file for IMSVA 5 75
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question