Dodgy system process? Help! - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

Dodgy system process? Help!

paperclip Avatar
8y, 2m agoPosted 8 years, 2 months ago
Hi. There's a process called GY50WEB2.exe running on my system (at times there's more than one instance of it)... can't find any info on what it is on the internet and I'm pretty sure its nothing I've installed

Any ideas what it could be ?
paperclip Avatar
8y, 2m agoPosted 8 years, 2 months ago
Options

All Comments

(11) Jump to unreadPost a comment
Comments/page:
#1
if you haven't installed it delete it.
Run search for the file first to make sure it isn't part of a program you are using.
banned#2
That's a bit of spyware, try [url]www.malwarebytes.org[/url] in full scan and see if it can clear it off your system.

Hope it helps :)

or [url]www.superantispyware.com[/url]
#3
I've run a couple of scans already, nothing comes up.

I searched for the file and its in Windows/System32.... that doesn't automatically mean its a system file right? And also, under task manager, there's one instance running under my username and another instance running under SYSTEM. If I turn everything off and terminate it, it just comes back after a while
#4
No, malware often puts itself in system32 to make itself look more genuine.

I'd try hijackthis and do a system scan as it should pick up the registry key which is calling this process.

John
banned#5
Johnmcl7
No, malware often puts itself in system32 to make itself look more genuine.

I'd try hijackthis and do a system scan as it should pick up the registry key which is calling this process.

John


Lol, was just going to mention hijackthis when I saw your post :thumbsup:
banned#6
What even malwarebytes not seeing it?

Yes, just because its in windows/system32 doesn't mean it is a legitimate proccess.

hijackthis here:
http://majorgeeks.com/download3155.html

It will probably have a copy of itself somewhere else under a different name too.

You may have to try to manually get rid of it.

1. Boot in safe mode.
2. Have a look in the registry: START, RUN,type "regedit" (without the "") and press ok.

Look under:
hkey_local_machine
Software
Microsoft
Windows
Current Version
run

Also look under:

Hkey_Current_User
Software
Microsoft
Windows
Current Version
run

3. Delete any key calling *web2.exe. Maybe another name too.

4. Exit regedit

5. Delete everything in your Windows/prefetch folder.

6. Delete any cookies and temporary internet files.

7. Reboot and see if it is still re-installing itself.


8.9.10 Would be happy to look at the hijackthis log file for you.
#7
OK malware bytes picked it up, but it didn't actually delete the file from the System32 folder, so I did manually. If it tries reinstalling, I'll follow the above

thanks!!!
#8
lol 5 minutes later it's back!
#9
paperclip
lol 5 minutes later it's back!


EDIT: just did all of the above, booted in safe mode and deleted all reg keys, emptied prefetch folder etc.

fingers crossed!
#10
ok I've tried all of the above. Malwarebytes removes it.... for about 2 minutes and then its back. any others ideas?
banned#11
Try doing the hijackthis and look at the log file to see what is calling the proccess.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!