I have discovered a service running in my Services and Applications which I dont quite know the meaning of. The location is C:\WINDOWS\system32\YEDIEx.exe and there is no information on this service when I do a Google search. I cannot seem to get a definite answer on this. Anyone know what the file YEDIEx.exe does exactly? Thanks.

I couldn't find anything on it either. try exloring your program files and see if you can match it up to what program installed it if not, delete it and see what happens...... just don't empty ur trash so that it can be restored if need be. It really sounds like an adware that may be new to the market and any scans miss it because they search for KNOWN items mostly good luck though

I too searched the known universe and could not find a thing. Nothing! The name "YEDIE" makes me believe you have a nasty, but I've got no clue what. Please post back if you find out.

Hi zyxio, Go to http://www.tomcoyote.org/hjt/ and download HijackThis. After starting HijackThis, click the scan button which will change into a save log button. Save the logfile and also copy and paste the results back here in this thread. Most items reported by HijackThis are valid, so don’t fix anything yet.

Hi folks! Just found YEDIEx.exe on my Win XP Pro too and searched for it on the internet. The only place I found anything on it was here! Is there something new? Should I worry about it? So far I simply stopped the service and set it to start manual (which it keeps after a restart). Haven't seen anything working without it. (1 hr experience)

Like I said earlier post your HijackThis logfile. Why not? We may be able to help. There are spyware/maleware software that does generate a random 6-letter strings. Mark

Hi Mark! What also concerns me is: There is no version info. If you browse it with a hex-tool there is no link to a thinkable source of this software! This is the HijackThis.log (any idea what YEDIEx.exe is?): Logfile of HijackThis v1.96.0 Scan saved at 23:44:21, on 15.08.2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ComputerAssociates\ARCserve\msgeng.exe C:\Programme\ComputerAssociates\ARCserve\casmrtbk.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\LogWatNT.exe C:\oracle\ora92\bin\omtsreco.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SCARDS32.exe C:\Programme\ComputerAssociates\ARCserveITDS\asdscsvc.exe C:\Programme\ComputerAssociates\ARCserveITDS\Liccheck.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\PowerDesk8\PDeskNet.exe C:\Programme\CHIPDRIVE\WinLogon\WLAdmin.exe C:\Programme\Microsoft Hardware\Mouse\point32.exe C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.exe C:\WINDOWS\System\Inst.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\Messenger\MSMSGS.exe C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Programme\WinZip\WZQKPICK.exe C:\WINDOWS\System32\cidaemon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\YEDIEx.exe N:\DownLoads\HijackThis\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=ftpproxy.muenster.de:3128;gopher=wwwproxy.muenster.de:3128;http=wwwproxy.muenster.de:3128;https=wwwproxy.muenster.de:3128 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programme\WS_FTP Pro\wsbho2k0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Matrox PowerDesk 8] C:\WINDOWS\System32\PowerDesk8\PowerDesk.exe /silent O4 - HKLM\..\Run: [WinLogon] C:\Programme\CHIPDRIVE\WinLogon\WLAdmin.exe x O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.exe O4 - HKLM\..\Run: [Inst] C:\WINDOWS\System\Inst.exe install O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.exe" /background O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.exe O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (pixaco IE Drop-Upload) - http://217.17.197.101/scripts/iedropupload.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37778.1402893519 O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B112E2E-93E2-478B-900D-1342EA49E0FE}: NameServer = 192.168.100.9