Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

11,5,0,0228 8.33%
11,5,0,0152 8.33%
11,0,0,1751 8.33%
10,0,0,1102 8.33%
10,0,0,525 8.33%
9,0,0,2160 16.67%
9,0,0,2152 8.33%
9,0,0,2128 8.33%
9,0,0,2034 8.33%
9,0,0,797 8.33%
8,1,0,244 8.33%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, ReportEventA, DeregisterEventSource, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyW, RegEnumKeyExW, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegisterEventSourceA
comctl32.dll
ImageList_Draw, CreateToolbarEx, CreateStatusWindowW, ImageList_GetIconSize, ImageList_EndDrag, ImageList_DragMove, ImageList_DragEnter, ImageList_DragLeave, ImageList_GetImageCount, ImageList_AddMasked, ImageList_ReplaceIcon, _TrackMouseEvent, InitCommonControlsEx, ImageList_Create, ImageList_Add, ImageList_Destroy, ImageList_BeginDrag
comdlg32.dll
ChooseFontW, GetOpenFileNameW, GetSaveFileNameW, PrintDlgW, ChooseColorW
crypt32.dll
CryptMsgClose, CertCloseStore, CertFreeCertificateContext, CertGetNameStringW, CertGetEnhancedKeyUsage, CertFindCertificateInStore, CryptMsgGetParam, CryptQueryObject
gdi32.dll
SaveDC, CreateBitmap, PatBlt, SetBkColor, MoveToEx, LineTo, CreatePen, SetTextColor, GetStockObject, GetObjectW, CreateSolidBrush, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, SelectObject, DeleteDC, GetDeviceCaps, DeleteObject, CreateRoundRectRgn, EnumFontFamiliesExW, RoundRect, SetROP2, LPtoDP, GetTextExtentPoint32W, GetTextFaceW, GetTextMetricsW, CreateFontIndirectW, SetBkMode, ExtTextOutW, TextOutW, CreatePatternBrush, GetBkColor, GetBkMode, Rectangle, FillRgn, CombineRgn, CreateRectRgn, StretchBlt, CreateFontW, EndDoc, EndPage, StartPage, StartDocW, GetTextExtentPointW, FrameRgn, RestoreDC, SelectClipRgn, CreatePolygonRgn
imm32.dll
ImmReleaseContext, ImmGetContext, ImmAssociateContext, ImmGetCompositionStringW
kernel32.dll
GetLocaleInfoA, VirtualAlloc, GetThreadLocale, IsProcessorFeaturePresent, GetProcessHeap, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, SetFileTime, IsDebuggerPresent, QueryPerformanceCounter, FlushConsoleInputBuffer, GetStdHandle, GetFileType, GetVersion, InitializeCriticalSectionAndSpinCount, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, HeapDestroy, HeapCreate, WritePrivateProfileStringA, Beep, CreateMutexW, ReleaseMutex, GetCurrentProcessId, WritePrivateProfileSectionW, GetSystemTimeAsFileTime, GetPrivateProfileStringA, GetSystemTime, GetCPInfoExW, GetACP, GetVersionExA, SetErrorMode, CreateProcessW, GetExitCodeProcess, TerminateProcess, LoadLibraryA, lstrcpyW, GetTimeFormatW, GetDateFormatW, lstrcmpA, GetTempFileNameW, CompareFileTime, MoveFileW, RemoveDirectoryW, GetSystemDirectoryW, GetWindowsDirectoryW, GetSystemWindowsDirectoryW, GetFileAttributesExW, CreateFileA, DosDateTimeToFileTime, LocalFileTimeToFileTime, LoadLibraryW, CreateSemaphoreW, LoadLibraryExW, FreeLibrary, InterlockedExchange, ResumeThread, OutputDebugStringW, CreateThread, WaitForMultipleObjects, ExitThread, TerminateThread, WritePrivateProfileStringW, InterlockedCompareExchange, FormatMessageW, WaitForSingleObject, InterlockedIncrement, GetLocalTime, SetEvent, ResetEvent, GlobalDeleteAtom, GlobalAddAtomW, GetTickCount, FindFirstFileW, FindNextFileW, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, lstrcmpiW, EnterCriticalSection, LeaveCriticalSection, GetLastError, SetLastError, lstrlenW, FlushInstructionCache, GetCurrentProcess, lstrcmpW, MulDiv, GetModuleFileNameW, GlobalUnlock, GlobalLock, GlobalAlloc, RaiseException, GetCurrentThreadId, MultiByteToWideChar, InterlockedDecrement, DeleteCriticalSection, lstrlenA, InitializeCriticalSection, CreateDirectoryA, GetFileAttributesA, FileTimeToDosDateTime, FileTimeToLocalFileTime, GetTempFileNameA, GetTempPathA, SetFileAttributesA, WideCharToMultiByte, GetShortPathNameW, GlobalMemoryStatus, CloseHandle, CreateFileW, lstrcpynW, GetPrivateProfileStringW, GlobalFree, GlobalHandle, WriteFile, SetFilePointer, SetEndOfFile, lstrcpynA, DeleteFileW, SetFileAttributesW, GetFileAttributesW, CreateDirectoryW, GetComputerNameW, LocalFree, LocalAlloc, CopyFileW, GetProcAddress, GetModuleHandleW, GetPrivateProfileIntW, GetTempPathW, GetVersionExW, GetSystemInfo, ReadFile, GetFileSize, FileTimeToSystemTime, GetFileTime, Sleep, CreateEventW, FindClose
msimg32.dll
AlphaBlend, GradientFill
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoCreateInstance, CLSIDFromString, CoTaskMemAlloc, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, StringFromCLSID, CoReleaseMarshalData, CoMarshalInterface, CoUnmarshalInterface, CoUninitialize, CoInitialize, CoRevokeClassObject, CoRegisterClassObject, CoCreateGuid, OleRun, DoDragDrop, ReleaseStgMedium, CoGetMalloc, RegisterDragDrop, RevokeDragDrop, CoSetProxyBlanket, CoInitializeSecurity, OleGetClipboard, CLSIDFromProgID, CoGetClassObject, OleLockRunning, CoTaskMemFree, StringFromGUID2, CoTaskMemRealloc
secur32.dll
GetUserNameExW
shell32.dll
SHGetFileInfoW, ShellExecuteExW, SHGetPathFromIDListW, DragQueryFileW, DragAcceptFiles, SHFileOperationW, SHAppBarMessage, ShellExecuteW, Shell_NotifyIconW, SHGetMalloc, SHBrowseForFolderW, SHGetFolderPathW
shlwapi.dll
UrlCreateFromPathW, PathRemoveExtensionW, PathFileExistsW, StrToIntW, PathIsURLW, PathFindExtensionW, PathCanonicalizeW, PathAppendW, PathIsRelativeW, UrlIsW, SHDeleteKeyW, PathFindFileNameW, wnsprintfW, PathCombineW, StrCpyNW, UrlEscapeW, StrCmpNIW, StrCmpNA, StrCmpNW, PathStripPathW
urlmon.dll
CreateURLMonikerEx
user32.dll
DllMain
version.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
wininet.dll
InternetSetOptionW, InternetGetCookieW, InternetCloseHandle, HttpQueryInfoW, HttpSendRequestW, HttpOpenRequestW, InternetConnectW, InternetOpenW, InternetCrackUrlW, InternetSetCookieW, InternetGetConnectedStateExW
winmm.dll
PlaySoundW, timeGetTime
wintrust.dll
WinVerifyTrust
ylog.dll
ylog_debug

yahoomessenger.exe

Yahoo! Messenger by Yahoo! Inc. (Signed)

Remove yahoomessenger.exe
Version:   9,0,0,2034
MD5:   bf7f70a930ceff0124cb70bfb0055e8f
SHA1:   6eebcda6fed30d88a728f472d6578eee6b743c62
SHA256:   5742a5438d643b607694c8ac145229e19e05e37d9eac397f1a53dc8a65f10320

Overview

yahoomessenger.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This is typically installed with the program Yahoo! Messenger published by Yahoo! Inc.. The file is digitally signed by Yahoo! Inc. which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:yahoomessenger.exe
Publisher:Yahoo! Inc.
Product name:Yahoo! Messenger
Typical file path:C:\Program Files\yahoo!\messenger\yahoomessenger.exe
File version:9,0,0,2034
Size:4.15 MB (4,347,120 bytes)
Certificate
Issued to:Yahoo! Inc.
Authority (CA):VeriSign
Expiration date:Thursday, September 3, 2009
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Yahoo! Messenger
 Yahoo! Inc.
7% remove
Yahoo! Messenger (YIM) is an ad-supported instant messaging client and protocol by Yahoo!. Yahoo! Messenger is provided free of charge and can be downloaded and used with a generic "Yahoo! ID" which also allows access to other Yahoo! services, such as Yahoo! Mail, where users can be automatically notified when they receive new email.

BehaviorsBehaviors

Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Yahoo! Pager' → "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
  • 'Messenger (Yahoo!)' → "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe'
Network connections
Access through an approved Windows firewall exception
  • [TCP] sip108.voice.ne1.yahoo.com (98.138.26.48:443)
  • [UDP] listens on port 1314

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.00300684%
    0.028634%
    Kernel CPU:0.00139036%
    0.013761%
    User CPU:0.00161648%
    0.014873%
    Kernel CPU time:72,765 ms/min
    100,923,805ms/min
    Context switches:122/sec
    284/sec
    Memory
    Private memory:46.89 MB
    21.59 MB
    Private (maximum):49.18 MB
    Private (minimum):5.69 MB
    Non-paged memory:46.89 MB
    21.59 MB
    Virtual memory:189 MB
    140.96 MB
    Virtual memory (peak):209.02 MB
    169.69 MB
    Working set:11.93 MB
    18.61 MB
    Working set (peak):49.55 MB
    37.95 MB
    Page faults:32,393/min
    2,039/min
    I/O
    I/O read transfer:7 KB/sec
    1.02 MB/min
    I/O read operations:5/sec
    343/min
    I/O write transfer:2 KB/sec
    274.99 KB/min
    I/O write operations:13/sec
    227/min
    I/O other transfer:24.51 KB/sec
    448.09 KB/min
    I/O other operations:704/sec
    1,671/min
    Resource allocations
    Threads:26
    12
    Handles:755
    600
    GUI GDI count:500
    103
    GUI USER count:183
    49

    BehaviorsProcess properties

    Tray notification:Yes
    Integrety level:Undefined
    Platform:32-bit
    Command line:"C:\Program Files\yahoo!\messenger\yahoomessenger.exe"
    Owner:User
    Parent process:Explorer.EXE (Windows Explorer by Microsoft)

    ResourcesThreads

    Averages
     
    YahooMessenger.exe (main module)
    Total CPU:0.29908719%
    0.272967%
    Kernel CPU:0.12859440%
    0.107585%
    User CPU:0.17049279%
    0.165382%
    Context switches:93/sec
    79/sec
    Memory:4.23 MB
    1.16 MB
    MSVCR80.dll
    Total CPU:0.00206300%
    Kernel CPU:0.00056028%
    User CPU:0.00150272%
    Context switches:3/sec
    Memory:620 KB
    WININET.dll
    Total CPU:0.00028076%
    Kernel CPU:0.00014974%
    User CPU:0.00013102%
    Memory:920 KB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Ultimate 41.67%
    Microsoft Windows XP 25.00%
    Windows Vista Home Basic 8.33%
    Windows 8 Single Language 8.33%
    Windows 7 Starter 8.33%
    Windows Vista Home Premium 8.33%

    Distribution by countryDistribution by country

    United States installs about 33.33% of Yahoo! Messenger.

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Dell 40.00%
    Sony 13.33%
    Toshiba 13.33%
    Gateway 13.33%
    GIGABYTE 6.67%
    Hewlett-Packard 6.67%
    American Megatrends 6.67%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE