YW9467.exe?

I found a process running by the name of YW9467.exe. I tried Googling it but Google did not match any documents. Anyone know what this is?

 

When I search for the exe on my hard drive, it's located in C:\Windows\Temp and when I right click to properties, it doesn't give me any property values whatsoever. The only bit of info I gained from checking is it's location on my hard drive, it's size (172 KB), it's last modification on Nov. 5, 2005 however it also says it was created and accessed on Jun 21, 2006, and it's icon is a little running olive green scotty type dog with a black collar.

 

Please follow the directions posted by Halo, this staps are necessary to provide you help. THe logs from the procedure will give us a clearer picture of what we are dealing with.

 

When I started my computer this morning I checked to see if the process was running. The name YW9467.exe doesn't appear in my processes log, however a different process named UMB3B1.exe was running. When I did a search for the latter process, it took me to the same location, same icon, the only difference is the name change. Another thing I've noticed is it's memory usage never changes. Never more, never less than 2,448K.

I don't know if this makes a difference, however this is my work computer, we're on a network, we have a network admin. etc. I know we have a firewall,Trend Micro is always running, I don't open email attachments from unknown sources and I don't download anything from the internet, so I'm not convinced this is something I picked up. I've always thought my employer has a running program that "spies" on our computers, maybe this is it?

It makes me a little nervous to follow your suggestions because I don't know if it will have any effect my computer and/or how it runs on the network? I don't know if that even makes sense to you, but what I'm trying to say is I don't want the "clean-up" process to do something to where I'd end up having to get network admin. involved. If you guys say it won't, then I'll go ahead and give it a shot.

 

Ok, just out of curiosity I restarted my computer to see if the process would change names, and it did. Now it's name is PLABEE.exe...nothing comes up from Googling it either.

 

Stop rebooting your computer.

Follow the instructions posted, and do not reboot your computer until your a told to do so.

Until you complete the instructions given and post the requireed logs; we do not know what we are dealing with.

 

So you're saying it's ok to do this considering my situation mentioned in my previous post?

 

We are trying to help you. Until you complete the instructions that were given we can not formulate a fix for you particular set of infections.

Once you have completed all the scans, in order, as stated in the instructions and reboot back to Normal Mode to run HijackThis do not reboot again until you are instructed to do so.

It does no good to tell you to delete a file, when all that will happen is it will respawn with a different name because we haven't removed the files and registry keys responsible for this behavior. I can't tell you what needs to be deleted and what cleaning procedures to use until you follow the instructions that were given and post the required logs.

EDIT: If this is a company computer than you need to contact your IT department for your employer. If your employer is running software to monitor their employees computer actvities, than that is their prerogative and completely legal.