Is Yahelite.exe really this dangerous or is this a false positive?

https://www.virustotal.com/file/d36907bb392286518f9a3b2ace9a39643507aa9b7d97ad6d0778f016c823b7a6/analysis/1337090898/

6/42 but almost all of them seem so generic that it might be a false positive my Avast has never reacted to it.

Hi EmoHobo,

Difficult the give the final answer on this file. The file is not digitally signed. Automatic start up location = 001 Running Processes
It comes flagged as a generic Win32 trojan XEMA or unclassified malware or backdoor, probably because of the UPX packer protection that triggers keylogger/spyware-like activity.
The name proactive detection is also denoting the generic and problematic nature of this detection.
File it up to avast for a definitive answer, but I think the detection could fall in the realm of PUP or riskware whenever
you have not deliberately installed it yourself. Verdict 50/50 some versions are secure like that come from the author’s download site,
scanned with DrWeb url checker and found OK,

polonus

Avast calls it clean and as far as I know always has, but Yeah looking into it more, the creator of the program said the problem was due to the UPX compression and further updates won’t use it.

“YAHELITE BUILD 331
YAWN
o- Yahelite rises after an 18 month snooze.
o- captcha fixed.
o- distributed without UPX compression.”

Of course the program has been abandoned for awhile now, no updates in almost two years, I’ve used it since about 2007-2008 with no issues, but if it was found to be legitimately risky, I would stop using it in a heartbeart. It’s just a third party chat client used to access yahoo chat rooms.

I think this falls under the same category as mIRC, while held by some as a PUP if installed without your permission due to a trojan or whatever, if installed by you and operated by you, it seems safe but can you explain the “Automatic start up location = 001 Running Processes” I don’t understand that does it mean I’m just currently using it, because yes I am.

Hi EmoHobo,

Nothing to fear just where the service executable is started up from…

Location.001 is genuinely a system process belonging to the Microsoft Windows Operating System. It is used by many different software on your computer. Many programs you are familiar with run as stand-alone executable, like Location.001. However, most services that are executed cannot run independently. Hence, Location.001 loads those files and runs them itself. That's why you'll often find several copies of Location.001 running on Windows Task Manager.

Basically, the functionality of the system is intimately associated with the Location.001 application and any damage in the registry will ruin it and result with an error.

quote from Info Advanced PC Advisor,

polonus

So of course like most things online you can’t be 100% certain of the safety of programs like this, but since I installed it myself years ago, never had any issues with it, never had it flagged by avast and if I did it must of been for a very short time as I don’t remember it being an issue, and am using it now with no issues. Should I assume it’s as safe as it can be?

Wait thinking about it now, I do remember a few flags, called it a generic trojan a few years back when it was actually popular, I was told it was a false positive then, I can’t believe I forgot that.

Don’t know if this is super useful but wanted to share: http://yahelite.our4m.com/forum/index.php?topic=5443.0

I just noticed I have both Yahelite and mIRC in my File System Sheilds Exclusion list, I might of added yahelite myself years ago but I don’t remember adding mIRC can programs add themselves to that list? I just want to do something so I know they are safe, sorry if that sounds overly paranoid but I removed them and scanned them and found nothing and then I readded them to the exclusions list.

Sigcheck

publisher…: David J. Binette
product…: YahELite
description…: YahELite chat client
file version…: 331
comments…: Yahoo_ compatible chat
copyright…: Copyright 1999-2009 David J. Binette

First seen by VirusTotal
2011-11-21 10:27:16 UTC ( 5 måneder, 3 uker ago )

i say FP. :wink:

Thanks, but I still got rid of it because I never use it anymore, but find that and mIRC two things I’ve used forever being flagged by some items, really scared me.

In the last few years I’ve become really paranoid about safety on the internet. Thanks to Avast it’s really helped keep me inline, although when the update to 7 happened and it messed up my Avast for a bit, I got that “Welcome to Avast” screen everytime I started it up, so many of you where so quick to help with that .ini fix, it really gave me confidence on how good the community is on the forums and once again you didn’t disappoint me, so thank you.