I can find references to a "0day.exe" file almost ten years back. In all cases, it's a Trojan.
MsMpEng.exe just ran alongside another process named “0day.exe” (or something similar)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
OS: Win 7 x64 Ultimate
Just after waking up my computer from sleep and hearing the HDD being accessed repeatedly a few hours later (disk access sounds, 2 seconds of silence, repeat for about 10 seconds), I was curious to see what processes were running, even though I knew that it was likely Windows Update, svchost, or some combination of usually innocuous programs running for online updates or diagnostic purposes. As such, seeing MsMpEng.exe (Microsoft Windows Defender Antispyware) in the Task Manager with 6% CPU usage wasn't very surprising, but then I very briefly saw something closely named to "0day.exe" also running at the same time. I say "closely" because it was so briefly in the list that I couldn't see the precise name, but did catch that it seemed to contain all said characters in its name, which is suspicious.
I've never seen this process before and I regularly have checked and monitored the Task Manager over many years of using Win 7 in a very closed environment.
Has anyone seen a similarly named program running while Windows Defender is running or otherwise?
Possible ideas: ** Microsoft recently updated its security suite to scan for zero-day related stuff and "0day.exe" is a legitimate program scanning for anomalous behaviour. ** My PC is infected with malware and I should probably just throw the machine out because it will never be patched due to its age. ** Keep the PC and leave it disconnected from the internet and all new hardware. ** Try not to cry and then cry.
Windows for home | Previous Windows versions | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
6 answers
Sort by: Most helpful
-
Brian Tillman [Outlook MVP 2007-2019] 25,890 Reputation points Volunteer Moderator2018-05-22T21:47:09+00:00 -
Anonymous
2018-05-22T18:35:48+00:00 Looking forward to your report John.
-
bhringer-9380 4,350 Reputation points Volunteer Moderator2018-05-22T18:26:35+00:00 @Andre,
Did you note the OP indicates he is running Win 7?
~bhringer
-
Anonymous
2018-05-22T18:24:22+00:00 Understood. I'll see if anything comes up in scans, which I was already doing, along with monitoring Task Manager and Resource Monitor (Network) to see if it happens again.
-
Anonymous
2018-05-22T18:16:30+00:00 Never heard of it before, but what I recommend you do is the following:
Click Start > Settings > Apps > Apps & features
Look through the list for any entries for suspicious software installed
Select it then click uninstall
Reset all your web browsers to their original factors state
In Microsoft Edge - Click Start > Settings > Apps > Apps & features > Microsoft Edge
Select it, click Advanced options > Reset
Reset Chrome settings to default - Google Chrome Help
https://support.google.com/chrome/answer/329621...
Refresh Firefox - reset add-ons and settings - Mozilla Support
https://support.mozilla.org/en-US/kb/refresh-fi...
Use Malwarebytes to scan and clean the computer.
Also use ESET Sysrescue offline scanner to scan and clean the computer, see instructions in the following article:
https://www.groovypost.com/howto/clean-virus-in...
Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.