Groups

    Dodgy system process? Help!

    Hi. There's a process called GY50WEB2.exe running on my system (at times there's more than one instance of it)... can't find any info on what it is on the internet and I'm pretty sure its nothing I've installed

    Any ideas what it could be ?

    11 Comments

    if you haven't installed it delete it.
    Run search for the file first to make sure it isn't part of a program you are using.

    Banned

    That's a bit of spyware, try [url]www.malwarebytes.org[/url] in full scan and see if it can clear it off your system.

    Hope it helps

    or [url]www.superantispyware.com[/url]

    Original Poster

    I've run a couple of scans already, nothing comes up.

    I searched for the file and its in Windows/System32.... that doesn't automatically mean its a system file right? And also, under task manager, there's one instance running under my username and another instance running under SYSTEM. If I turn everything off and terminate it, it just comes back after a while

    No, malware often puts itself in system32 to make itself look more genuine.

    I'd try hijackthis and do a system scan as it should pick up the registry key which is calling this process.

    John

    Banned

    Johnmcl7;3383277

    No, malware often puts itself in system32 to make itself look more … No, malware often puts itself in system32 to make itself look more genuine.I'd try hijackthis and do a system scan as it should pick up the registry key which is calling this process.John



    Lol, was just going to mention hijackthis when I saw your post :thumbsup:

    Banned

    What even malwarebytes not seeing it?

    Yes, just because its in windows/system32 doesn't mean it is a legitimate proccess.

    hijackthis here:
    majorgeeks.com/dow…tml

    It will probably have a copy of itself somewhere else under a different name too.

    You may have to try to manually get rid of it.

    1. Boot in safe mode.
    2. Have a look in the registry: START, RUN,type "regedit" (without the "") and press ok.

    Look under:
    hkey_local_machine
    Software
    Microsoft
    Windows
    Current Version
    run

    Also look under:

    Hkey_Current_User
    Software
    Microsoft
    Windows
    Current Version
    run

    3. Delete any key calling *web2.exe. Maybe another name too.

    4. Exit regedit

    5. Delete everything in your Windows/prefetch folder.

    6. Delete any cookies and temporary internet files.

    7. Reboot and see if it is still re-installing itself.


    8.9.10 Would be happy to look at the hijackthis log file for you.

    Original Poster

    OK malware bytes picked it up, but it didn't actually delete the file from the System32 folder, so I did manually. If it tries reinstalling, I'll follow the above

    thanks!!!

    Original Poster

    lol 5 minutes later it's back!

    Original Poster

    paperclip;3387465

    lol 5 minutes later it's back!



    EDIT: just did all of the above, booted in safe mode and deleted all reg keys, emptied prefetch folder etc.

    fingers crossed!

    Original Poster

    ok I've tried all of the above. Malwarebytes removes it.... for about 2 minutes and then its back. any others ideas?

    Banned

    Try doing the hijackthis and look at the log file to see what is calling the proccess.
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. ❅☁☁❅ I want☼to talk☼about the☔WEATHER☔no politics☃no religion❅☁☁❅18846165
      2. Just heard this...2 ★★★★★★★★★★★★★★ congrats to all on 392k ★★★★★★★★★★★★★★7764205
      3. How dangerous is Donald trump?31136
      4. Microsoft Gamescom - Possibly more free games / Project Scorpio33

      See more discussions