Solved

Process abc123YImia.exe running -- virus or spyware?

Posted on 2007-03-28
3
163 Views
Last Modified: 2013-12-04
Today, I noticed a new icon in the system tray -- a red donut with a black hole.  When I hovered over it, a balloon popped up saying, "Your computer is infected."  Double-clicking or right-click had no effect.  So, I checked the process list and found an unknown entry, abc123YImia.exe.  I ended the process, but the red donut was still in the system tray.  I ran HiJack This, Ewido, AdAware, SpyBot S&D, and McAfee VirusScan, but found nothing except a couple of tracking cookies (which were deleted).  After rebooting, the process and donut icon are gone.  So, my question is...

Is this a new virus or adware program?  (Google searches found nothing.)  Is something hiding on my system?
0
Comment
Question by:photoartguy
3 Comments
 
LVL 3

Assisted Solution

by:TheTechGuysNYC
TheTechGuysNYC earned 60 total points
ID: 18813655
Yes, I would say so.

I've seen cases where companies have found a way to do what you described. In this way, the user clicks and says "oh hsit... I'm infected," downloads the program from the company, and presto, it is gone. In most cases, it is not malicious, just an easy way to make money off of unsuspecting PC users.

Get a mac :)
0
 
LVL 32

Accepted Solution

by:
r-k earned 65 total points
ID: 18813698
If you ran all those programs and they found nothing then probably your system is clean. To be complete about it, you may want to do a scan with RootkitRevealer:

  http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

0
 

Author Comment

by:photoartguy
ID: 18879116
I'm not sure what it was, but I couldn't find a registry entry.  But, I did find the EXE file as well as 'abc123.pid' in the  C:\Documents and Settings\Administrator\Local Settings\Temp  directory  and deleted them.  It hasn't come back, yet -- so, hopefully that takes care of it.

Thanks for your help!
Dale

0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
OfficeMate Freezes on login or does not load after login credentials are input.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now