I have always run zone alarm and two app's just tried to access the "trusted
zone"

ayer.exe
ii\873374

Googled 'em both but saw no satisfactory answere from Microsoft or other
reliable sources...

Anyone here know what they are and how I can verify their authenticity?

Thanks for any help.

seems like they are part of windows media player files
have a look here

http://www.ocforums.com/showthread.php?t=547151

robin

"Mel_3" <(E-Mail Removed)> wrote in message
news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
>I have always run zone alarm and two app's just tried to access the
>"trusted
> zone"
>
> ayer.exe
> ii\873374
>
> Googled 'em both but saw no satisfactory answere from Microsoft or other
> reliable sources...
>
> Anyone here know what they are and how I can verify their authenticity?
>
> Thanks for any help.
>

I would not say that at all on that evidence.

This thread cites this:

C:\DOCUME~1\Manny\LOCALS~1\Temp\WERa896.dir00\wmpl ayer.exe.mdmp

I'm not much on media in general, but I don't see why a legit media player
executable is located in Temp.

And I don't know what that space--real or not--means in the name--but the
double extension .exe.mdmp is likely bad news, I suspect.

The fact is that nobody can tell you what a file is by the name alone,
unless it is signed and you exchange signature information with us. If you
can find either of these files on your system--look for hidden files, and
ignore the extension, I'd recommend submitting them to virustotal.com or
microsofts own submission mechanism--www.microsoft.com/security/portal

If they are located in the temp area, I'd simply clean out the temp area
rather than risk further issues.

873374 is the number of a Microsoft Security related patch. However, so
far, the executables I've found associated with that patch do not have that
name.

I would give the same advice with regard to that file. If you think you
might need a Microsoft Update, go to Windows Update and see what is offered.

"robinb" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> seems like they are part of windows media player files
> have a look here
>
> http://www.ocforums.com/showthread.php?t=547151
>
> robin
>
> "Mel_3" <(E-Mail Removed)> wrote in message
> news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
>>I have always run zone alarm and two app's just tried to access the
>>"trusted
>> zone"
>>
>> ayer.exe
>> ii\873374
>>
>> Googled 'em both but saw no satisfactory answere from Microsoft or other
>> reliable sources...
>>
>> Anyone here know what they are and how I can verify their authenticity?
>>
>> Thanks for any help.
>>
>

OK - 873374_eng.exe is apparently a legitimate name for a Microsoft
executable associated with a security issue.

However, that fact alone does not mean that a file with this name on your
system is legit.

In this case, see if you can find the file in Explorer on your system, right
click on it, and look at the details--see whether it is signed by Microsoft.
If it is, I'm willing to believe that it is legitimate.


"Bill Sanderson" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>I would not say that at all on that evidence.
>
> This thread cites this:
>
> C:\DOCUME~1\Manny\LOCALS~1\Temp\WERa896.dir00\wmpl ayer.exe.mdmp
>
> I'm not much on media in general, but I don't see why a legit media player
> executable is located in Temp.
>
> And I don't know what that space--real or not--means in the name--but the
> double extension .exe.mdmp is likely bad news, I suspect.
>
> The fact is that nobody can tell you what a file is by the name alone,
> unless it is signed and you exchange signature information with us. If
> you can find either of these files on your system--look for hidden files,
> and ignore the extension, I'd recommend submitting them to virustotal.com
> or microsofts own submission mechanism--www.microsoft.com/security/portal
>
> If they are located in the temp area, I'd simply clean out the temp area
> rather than risk further issues.
>
> 873374 is the number of a Microsoft Security related patch. However, so
> far, the executables I've found associated with that patch do not have
> that name.
>
> I would give the same advice with regard to that file. If you think you
> might need a Microsoft Update, go to Windows Update and see what is
> offered.
>
> "robinb" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> seems like they are part of windows media player files
>> have a look here
>>
>> http://www.ocforums.com/showthread.php?t=547151
>>
>> robin
>>
>> "Mel_3" <(E-Mail Removed)> wrote in message
>> news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
>>>I have always run zone alarm and two app's just tried to access the
>>>"trusted
>>> zone"
>>>
>>> ayer.exe
>>> ii\873374
>>>
>>> Googled 'em both but saw no satisfactory answere from Microsoft or other
>>> reliable sources...
>>>
>>> Anyone here know what they are and how I can verify their authenticity?
>>>
>>> Thanks for any help.
>>>
>>
>

Just out of interest, on seeing this post yesterday, I ran an Explorer search
on my system for ayer.exe and it flagged two instances on my system - both
relating to WMP. One located in Prog Files/ and the other Windows/Service
Pack/i386. However, when I investigate the folders (despite having show
hidden files and file extensions selected), I can find no reference to this
file in either folder. Properties from within Explorer indicates a Microsoft
file with no version info.

Stu

"Bill Sanderson" wrote:

> OK - 873374_eng.exe is apparently a legitimate name for a Microsoft
> executable associated with a security issue.
>
> However, that fact alone does not mean that a file with this name on your
> system is legit.
>
> In this case, see if you can find the file in Explorer on your system, right
> click on it, and look at the details--see whether it is signed by Microsoft.
> If it is, I'm willing to believe that it is legitimate.
>
>
> "Bill Sanderson" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
> >I would not say that at all on that evidence.
> >
> > This thread cites this:
> >
> > C:\DOCUME~1\Manny\LOCALS~1\Temp\WERa896.dir00\wmpl ayer.exe.mdmp
> >
> > I'm not much on media in general, but I don't see why a legit media player
> > executable is located in Temp.
> >
> > And I don't know what that space--real or not--means in the name--but the
> > double extension .exe.mdmp is likely bad news, I suspect.
> >
> > The fact is that nobody can tell you what a file is by the name alone,
> > unless it is signed and you exchange signature information with us. If
> > you can find either of these files on your system--look for hidden files,
> > and ignore the extension, I'd recommend submitting them to virustotal.com
> > or microsofts own submission mechanism--www.microsoft.com/security/portal
> >
> > If they are located in the temp area, I'd simply clean out the temp area
> > rather than risk further issues.
> >
> > 873374 is the number of a Microsoft Security related patch. However, so
> > far, the executables I've found associated with that patch do not have
> > that name.
> >
> > I would give the same advice with regard to that file. If you think you
> > might need a Microsoft Update, go to Windows Update and see what is
> > offered.
> >
> > "robinb" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> seems like they are part of windows media player files
> >> have a look here
> >>
> >> http://www.ocforums.com/showthread.php?t=547151
> >>
> >> robin
> >>
> >> "Mel_3" <(E-Mail Removed)> wrote in message
> >> news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
> >>>I have always run zone alarm and two app's just tried to access the
> >>>"trusted
> >>> zone"
> >>>
> >>> ayer.exe
> >>> ii\873374
> >>>
> >>> Googled 'em both but saw no satisfactory answere from Microsoft or other
> >>> reliable sources...
> >>>
> >>> Anyone here know what they are and how I can verify their authenticity?
> >>>
> >>> Thanks for any help.
> >>>
> >>
> >
>
>

the web reference Robin cited was odd too--it cited "wmpl ayer.exe.????" so
it was the space in what I would expect to be the real name of the
executable that gave rise to the Google hit.

So far, a cmd line search has found 0 instances of ayer.exe on my ancient
and dirty Vista ultimate system. A GUI search has yet to complete...

"Stu" <(E-Mail Removed)> wrote in message
news:045C43D0-FB37-4BEF-A81F-(E-Mail Removed)...
> Just out of interest, on seeing this post yesterday, I ran an Explorer
> search
> on my system for ayer.exe and it flagged two instances on my system -
> both
> relating to WMP. One located in Prog Files/ and the other Windows/Service
> Pack/i386. However, when I investigate the folders (despite having show
> hidden files and file extensions selected), I can find no reference to
> this
> file in either folder. Properties from within Explorer indicates a
> Microsoft
> file with no version info.
>
> Stu
>
> "Bill Sanderson" wrote:
>
>> OK - 873374_eng.exe is apparently a legitimate name for a Microsoft
>> executable associated with a security issue.
>>
>> However, that fact alone does not mean that a file with this name on your
>> system is legit.
>>
>> In this case, see if you can find the file in Explorer on your system,
>> right
>> click on it, and look at the details--see whether it is signed by
>> Microsoft.
>> If it is, I'm willing to believe that it is legitimate.
>>
>>
>> "Bill Sanderson" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>> >I would not say that at all on that evidence.
>> >
>> > This thread cites this:
>> >
>> > C:\DOCUME~1\Manny\LOCALS~1\Temp\WERa896.dir00\wmpl ayer.exe.mdmp
>> >
>> > I'm not much on media in general, but I don't see why a legit media
>> > player
>> > executable is located in Temp.
>> >
>> > And I don't know what that space--real or not--means in the name--but
>> > the
>> > double extension .exe.mdmp is likely bad news, I suspect.
>> >
>> > The fact is that nobody can tell you what a file is by the name alone,
>> > unless it is signed and you exchange signature information with us. If
>> > you can find either of these files on your system--look for hidden
>> > files,
>> > and ignore the extension, I'd recommend submitting them to
>> > virustotal.com
>> > or microsofts own submission
>> > mechanism--www.microsoft.com/security/portal
>> >
>> > If they are located in the temp area, I'd simply clean out the temp
>> > area
>> > rather than risk further issues.
>> >
>> > 873374 is the number of a Microsoft Security related patch. However,
>> > so
>> > far, the executables I've found associated with that patch do not have
>> > that name.
>> >
>> > I would give the same advice with regard to that file. If you think
>> > you
>> > might need a Microsoft Update, go to Windows Update and see what is
>> > offered.
>> >
>> > "robinb" <(E-Mail Removed)> wrote in message
>> > news:(E-Mail Removed)...
>> >> seems like they are part of windows media player files
>> >> have a look here
>> >>
>> >> http://www.ocforums.com/showthread.php?t=547151
>> >>
>> >> robin
>> >>
>> >> "Mel_3" <(E-Mail Removed)> wrote in message
>> >> news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
>> >>>I have always run zone alarm and two app's just tried to access the
>> >>>"trusted
>> >>> zone"
>> >>>
>> >>> ayer.exe
>> >>> ii\873374
>> >>>
>> >>> Googled 'em both but saw no satisfactory answere from Microsoft or
>> >>> other
>> >>> reliable sources...
>> >>>
>> >>> Anyone here know what they are and how I can verify their
>> >>> authenticity?
>> >>>
>> >>> Thanks for any help.
>> >>>
>> >>
>> >
>>
>>

Hmm. well spotted and point taken. I`d be interested in the outcome of your
`dirty Vista Ultimate system`. I scanned the file using the custom scan
option in WD ie by simply browsing to the file location quoted by Explorer.
For occasions like these it would have been nice to have a context menu
option available like many other scanners. I seem to recall this being
discussed many moons ago on here and some bright person had a solution but I
can`t find it now.
What I do seem to recall was, the general consensus of opinion being
Microsoft wouldn`t do that for XP customers because they were concentrating
their efforts on the launch of Vista, the integration of WD in One Care plus
a thousand and one other things at the time. For XP users, WD is very much a
`bolt on` application. Not that I`m complaining

Stu

"Bill Sanderson" wrote:

> the web reference Robin cited was odd too--it cited "wmpl ayer.exe.????" so
> it was the space in what I would expect to be the real name of the
> executable that gave rise to the Google hit.
>
> So far, a cmd line search has found 0 instances of ayer.exe on my ancient
> and dirty Vista ultimate system. A GUI search has yet to complete...
>
> "Stu" <(E-Mail Removed)> wrote in message
> news:045C43D0-FB37-4BEF-A81F-(E-Mail Removed)...
> > Just out of interest, on seeing this post yesterday, I ran an Explorer
> > search
> > on my system for ayer.exe and it flagged two instances on my system -
> > both
> > relating to WMP. One located in Prog Files/ and the other Windows/Service
> > Pack/i386. However, when I investigate the folders (despite having show
> > hidden files and file extensions selected), I can find no reference to
> > this
> > file in either folder. Properties from within Explorer indicates a
> > Microsoft
> > file with no version info.
> >
> > Stu
> >
> > "Bill Sanderson" wrote:
> >
> >> OK - 873374_eng.exe is apparently a legitimate name for a Microsoft
> >> executable associated with a security issue.
> >>
> >> However, that fact alone does not mean that a file with this name on your
> >> system is legit.
> >>
> >> In this case, see if you can find the file in Explorer on your system,
> >> right
> >> click on it, and look at the details--see whether it is signed by
> >> Microsoft.
> >> If it is, I'm willing to believe that it is legitimate.
> >>
> >>
> >> "Bill Sanderson" <(E-Mail Removed)> wrote in message
> >> news:(E-Mail Removed)...
> >> >I would not say that at all on that evidence.
> >> >
> >> > This thread cites this:
> >> >
> >> > C:\DOCUME~1\Manny\LOCALS~1\Temp\WERa896.dir00\wmpl ayer.exe.mdmp
> >> >
> >> > I'm not much on media in general, but I don't see why a legit media
> >> > player
> >> > executable is located in Temp.
> >> >
> >> > And I don't know what that space--real or not--means in the name--but
> >> > the
> >> > double extension .exe.mdmp is likely bad news, I suspect.
> >> >
> >> > The fact is that nobody can tell you what a file is by the name alone,
> >> > unless it is signed and you exchange signature information with us. If
> >> > you can find either of these files on your system--look for hidden
> >> > files,
> >> > and ignore the extension, I'd recommend submitting them to
> >> > virustotal.com
> >> > or microsofts own submission
> >> > mechanism--www.microsoft.com/security/portal
> >> >
> >> > If they are located in the temp area, I'd simply clean out the temp
> >> > area
> >> > rather than risk further issues.
> >> >
> >> > 873374 is the number of a Microsoft Security related patch. However,
> >> > so
> >> > far, the executables I've found associated with that patch do not have
> >> > that name.
> >> >
> >> > I would give the same advice with regard to that file. If you think
> >> > you
> >> > might need a Microsoft Update, go to Windows Update and see what is
> >> > offered.
> >> >
> >> > "robinb" <(E-Mail Removed)> wrote in message
> >> > news:(E-Mail Removed)...
> >> >> seems like they are part of windows media player files
> >> >> have a look here
> >> >>
> >> >> http://www.ocforums.com/showthread.php?t=547151
> >> >>
> >> >> robin
> >> >>
> >> >> "Mel_3" <(E-Mail Removed)> wrote in message
> >> >> news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
> >> >>>I have always run zone alarm and two app's just tried to access the
> >> >>>"trusted
> >> >>> zone"
> >> >>>
> >> >>> ayer.exe
> >> >>> ii\873374
> >> >>>
> >> >>> Googled 'em both but saw no satisfactory answere from Microsoft or
> >> >>> other
> >> >>> reliable sources...
> >> >>>
> >> >>> Anyone here know what they are and how I can verify their
> >> >>> authenticity?
> >> >>>
> >> >>> Thanks for any help.
> >> >>>
> >> >>
> >> >
> >>
> >>
>
>

I think WD had to be "bolt on" for XP. I don't know if there were
modifications made to Windows code to facilitate it in, say, sp3, but I
doubt it--maybe in terms of improving and tightening up the update and
patching process--that's a big issue entirely apart from Defender. It cost
a good bit of money, even given that Microsoft started by buying the initial
technology--to develop Windows Defender. Adding bucks to modify Windows in
a significant way probably would not be in the budget, I'd guess.

My GUI search still has not completed, but I don't expect it to find
anything--the original search was to go to an elevated command prompt and do
dir \ayer.exe /s

That one had no results. I could have done better to use attrib with the
same syntax, and gotten hidden ones, but I don't think they are really
there.

I'll see if I can remember to check this on an XP machine at some point--but
I don't think it will be different--I suspect detections of this string are
most likely going to relate to imperfections of search methods---but maybe
I'll be surprised?

"Stu" <(E-Mail Removed)> wrote in message
news:5F2F7E05-D446-4693-95FB-(E-Mail Removed)...
> Hmm. well spotted and point taken. I`d be interested in the outcome of
> your
> `dirty Vista Ultimate system`. I scanned the file using the custom scan
> option in WD ie by simply browsing to the file location quoted by
> Explorer.
> For occasions like these it would have been nice to have a context menu
> option available like many other scanners. I seem to recall this being
> discussed many moons ago on here and some bright person had a solution but
> I
> can`t find it now.
> What I do seem to recall was, the general consensus of opinion being
> Microsoft wouldn`t do that for XP customers because they were
> concentrating
> their efforts on the launch of Vista, the integration of WD in One Care
> plus
> a thousand and one other things at the time. For XP users, WD is very much
> a
> `bolt on` application. Not that I`m complaining
>
> Stu
>
> "Bill Sanderson" wrote:
>
>> the web reference Robin cited was odd too--it cited "wmpl ayer.exe.????"
>> so
>> it was the space in what I would expect to be the real name of the
>> executable that gave rise to the Google hit.
>>
>> So far, a cmd line search has found 0 instances of ayer.exe on my ancient
>> and dirty Vista ultimate system. A GUI search has yet to complete...
>>
>> "Stu" <(E-Mail Removed)> wrote in message
>> news:045C43D0-FB37-4BEF-A81F-(E-Mail Removed)...
>> > Just out of interest, on seeing this post yesterday, I ran an Explorer
>> > search
>> > on my system for ayer.exe and it flagged two instances on my system -
>> > both
>> > relating to WMP. One located in Prog Files/ and the other
>> > Windows/Service
>> > Pack/i386. However, when I investigate the folders (despite having show
>> > hidden files and file extensions selected), I can find no reference to
>> > this
>> > file in either folder. Properties from within Explorer indicates a
>> > Microsoft
>> > file with no version info.
>> >
>> > Stu
>> >
>> > "Bill Sanderson" wrote:
>> >
>> >> OK - 873374_eng.exe is apparently a legitimate name for a Microsoft
>> >> executable associated with a security issue.
>> >>
>> >> However, that fact alone does not mean that a file with this name on
>> >> your
>> >> system is legit.
>> >>
>> >> In this case, see if you can find the file in Explorer on your system,
>> >> right
>> >> click on it, and look at the details--see whether it is signed by
>> >> Microsoft.
>> >> If it is, I'm willing to believe that it is legitimate.
>> >>
>> >>
>> >> "Bill Sanderson" <(E-Mail Removed)> wrote in message
>> >> news:(E-Mail Removed)...
>> >> >I would not say that at all on that evidence.
>> >> >
>> >> > This thread cites this:
>> >> >
>> >> > C:\DOCUME~1\Manny\LOCALS~1\Temp\WERa896.dir00\wmpl ayer.exe.mdmp
>> >> >
>> >> > I'm not much on media in general, but I don't see why a legit media
>> >> > player
>> >> > executable is located in Temp.
>> >> >
>> >> > And I don't know what that space--real or not--means in the
>> >> > name--but
>> >> > the
>> >> > double extension .exe.mdmp is likely bad news, I suspect.
>> >> >
>> >> > The fact is that nobody can tell you what a file is by the name
>> >> > alone,
>> >> > unless it is signed and you exchange signature information with us.
>> >> > If
>> >> > you can find either of these files on your system--look for hidden
>> >> > files,
>> >> > and ignore the extension, I'd recommend submitting them to
>> >> > virustotal.com
>> >> > or microsofts own submission
>> >> > mechanism--www.microsoft.com/security/portal
>> >> >
>> >> > If they are located in the temp area, I'd simply clean out the temp
>> >> > area
>> >> > rather than risk further issues.
>> >> >
>> >> > 873374 is the number of a Microsoft Security related patch.
>> >> > However,
>> >> > so
>> >> > far, the executables I've found associated with that patch do not
>> >> > have
>> >> > that name.
>> >> >
>> >> > I would give the same advice with regard to that file. If you think
>> >> > you
>> >> > might need a Microsoft Update, go to Windows Update and see what is
>> >> > offered.
>> >> >
>> >> > "robinb" <(E-Mail Removed)> wrote in message
>> >> > news:(E-Mail Removed)...
>> >> >> seems like they are part of windows media player files
>> >> >> have a look here
>> >> >>
>> >> >> http://www.ocforums.com/showthread.php?t=547151
>> >> >>
>> >> >> robin
>> >> >>
>> >> >> "Mel_3" <(E-Mail Removed)> wrote in message
>> >> >> news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
>> >> >>>I have always run zone alarm and two app's just tried to access the
>> >> >>>"trusted
>> >> >>> zone"
>> >> >>>
>> >> >>> ayer.exe
>> >> >>> ii\873374
>> >> >>>
>> >> >>> Googled 'em both but saw no satisfactory answere from Microsoft or
>> >> >>> other
>> >> >>> reliable sources...
>> >> >>>
>> >> >>> Anyone here know what they are and how I can verify their
>> >> >>> authenticity?
>> >> >>>
>> >> >>> Thanks for any help.
>> >> >>>
>> >> >>
>> >> >
>> >>
>> >>
>>
>>

The gui search finally completed. The only references it found to ayer.exe
were in mail folders--this thread.

"Bill Sanderson" <(E-Mail Removed)> wrote in message
news:%23sKQnF%(E-Mail Removed)...
>I think WD had to be "bolt on" for XP. I don't know if there were
>modifications made to Windows code to facilitate it in, say, sp3, but I
>doubt it--maybe in terms of improving and tightening up the update and
>patching process--that's a big issue entirely apart from Defender. It cost
>a good bit of money, even given that Microsoft started by buying the
>initial technology--to develop Windows Defender. Adding bucks to modify
>Windows in a significant way probably would not be in the budget, I'd
>guess.
>
> My GUI search still has not completed, but I don't expect it to find
> anything--the original search was to go to an elevated command prompt and
> do dir \ayer.exe /s
>
> That one had no results. I could have done better to use attrib with the
> same syntax, and gotten hidden ones, but I don't think they are really
> there.
>
> I'll see if I can remember to check this on an XP machine at some
> point--but I don't think it will be different--I suspect detections of
> this string are most likely going to relate to imperfections of search
> methods---but maybe I'll be surprised?
>
> "Stu" <(E-Mail Removed)> wrote in message
> news:5F2F7E05-D446-4693-95FB-(E-Mail Removed)...
>> Hmm. well spotted and point taken. I`d be interested in the outcome of
>> your
>> `dirty Vista Ultimate system`. I scanned the file using the custom scan
>> option in WD ie by simply browsing to the file location quoted by
>> Explorer.
>> For occasions like these it would have been nice to have a context menu
>> option available like many other scanners. I seem to recall this being
>> discussed many moons ago on here and some bright person had a solution
>> but I
>> can`t find it now.
>> What I do seem to recall was, the general consensus of opinion being
>> Microsoft wouldn`t do that for XP customers because they were
>> concentrating
>> their efforts on the launch of Vista, the integration of WD in One Care
>> plus
>> a thousand and one other things at the time. For XP users, WD is very
>> much a
>> `bolt on` application. Not that I`m complaining
>>
>> Stu
>>
>> "Bill Sanderson" wrote:
>>
>>> the web reference Robin cited was odd too--it cited "wmpl ayer.exe.????"
>>> so
>>> it was the space in what I would expect to be the real name of the
>>> executable that gave rise to the Google hit.
>>>
>>> So far, a cmd line search has found 0 instances of ayer.exe on my
>>> ancient
>>> and dirty Vista ultimate system. A GUI search has yet to complete...
>>>
>>> "Stu" <(E-Mail Removed)> wrote in message
>>> news:045C43D0-FB37-4BEF-A81F-(E-Mail Removed)...
>>> > Just out of interest, on seeing this post yesterday, I ran an Explorer
>>> > search
>>> > on my system for ayer.exe and it flagged two instances on my system -
>>> > both
>>> > relating to WMP. One located in Prog Files/ and the other
>>> > Windows/Service
>>> > Pack/i386. However, when I investigate the folders (despite having
>>> > show
>>> > hidden files and file extensions selected), I can find no reference to
>>> > this
>>> > file in either folder. Properties from within Explorer indicates a
>>> > Microsoft
>>> > file with no version info.
>>> >
>>> > Stu
>>> >
>>> > "Bill Sanderson" wrote:
>>> >
>>> >> OK - 873374_eng.exe is apparently a legitimate name for a Microsoft
>>> >> executable associated with a security issue.
>>> >>
>>> >> However, that fact alone does not mean that a file with this name on
>>> >> your
>>> >> system is legit.
>>> >>
>>> >> In this case, see if you can find the file in Explorer on your
>>> >> system,
>>> >> right
>>> >> click on it, and look at the details--see whether it is signed by
>>> >> Microsoft.
>>> >> If it is, I'm willing to believe that it is legitimate.
>>> >>
>>> >>
>>> >> "Bill Sanderson" <(E-Mail Removed)> wrote in message
>>> >> news:(E-Mail Removed)...
>>> >> >I would not say that at all on that evidence.
>>> >> >
>>> >> > This thread cites this:
>>> >> >
>>> >> > C:\DOCUME~1\Manny\LOCALS~1\Temp\WERa896.dir00\wmpl ayer.exe.mdmp
>>> >> >
>>> >> > I'm not much on media in general, but I don't see why a legit media
>>> >> > player
>>> >> > executable is located in Temp.
>>> >> >
>>> >> > And I don't know what that space--real or not--means in the
>>> >> > name--but
>>> >> > the
>>> >> > double extension .exe.mdmp is likely bad news, I suspect.
>>> >> >
>>> >> > The fact is that nobody can tell you what a file is by the name
>>> >> > alone,
>>> >> > unless it is signed and you exchange signature information with us.
>>> >> > If
>>> >> > you can find either of these files on your system--look for hidden
>>> >> > files,
>>> >> > and ignore the extension, I'd recommend submitting them to
>>> >> > virustotal.com
>>> >> > or microsofts own submission
>>> >> > mechanism--www.microsoft.com/security/portal
>>> >> >
>>> >> > If they are located in the temp area, I'd simply clean out the temp
>>> >> > area
>>> >> > rather than risk further issues.
>>> >> >
>>> >> > 873374 is the number of a Microsoft Security related patch.
>>> >> > However,
>>> >> > so
>>> >> > far, the executables I've found associated with that patch do not
>>> >> > have
>>> >> > that name.
>>> >> >
>>> >> > I would give the same advice with regard to that file. If you
>>> >> > think
>>> >> > you
>>> >> > might need a Microsoft Update, go to Windows Update and see what is
>>> >> > offered.
>>> >> >
>>> >> > "robinb" <(E-Mail Removed)> wrote in message
>>> >> > news:(E-Mail Removed)...
>>> >> >> seems like they are part of windows media player files
>>> >> >> have a look here
>>> >> >>
>>> >> >> http://www.ocforums.com/showthread.php?t=547151
>>> >> >>
>>> >> >> robin
>>> >> >>
>>> >> >> "Mel_3" <(E-Mail Removed)> wrote in message
>>> >> >> news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
>>> >> >>>I have always run zone alarm and two app's just tried to access
>>> >> >>>the
>>> >> >>>"trusted
>>> >> >>> zone"
>>> >> >>>
>>> >> >>> ayer.exe
>>> >> >>> ii\873374
>>> >> >>>
>>> >> >>> Googled 'em both but saw no satisfactory answere from Microsoft
>>> >> >>> or
>>> >> >>> other
>>> >> >>> reliable sources...
>>> >> >>>
>>> >> >>> Anyone here know what they are and how I can verify their
>>> >> >>> authenticity?
>>> >> >>>
>>> >> >>> Thanks for any help.
>>> >> >>>
>>> >> >>
>>> >> >
>>> >>
>>> >>
>>>
>>>
>

OK. Many thanks for your efforts

Stu

"Bill Sanderson" wrote:

> The gui search finally completed. The only references it found to ayer.exe
> were in mail folders--this thread.
>
> "Bill Sanderson" <(E-Mail Removed)> wrote in message
> news:%23sKQnF%(E-Mail Removed)...
> >I think WD had to be "bolt on" for XP. I don't know if there were
> >modifications made to Windows code to facilitate it in, say, sp3, but I
> >doubt it--maybe in terms of improving and tightening up the update and
> >patching process--that's a big issue entirely apart from Defender. It cost
> >a good bit of money, even given that Microsoft started by buying the
> >initial technology--to develop Windows Defender. Adding bucks to modify
> >Windows in a significant way probably would not be in the budget, I'd
> >guess.
> >
> > My GUI search still has not completed, but I don't expect it to find
> > anything--the original search was to go to an elevated command prompt and
> > do dir \ayer.exe /s
> >
> > That one had no results. I could have done better to use attrib with the
> > same syntax, and gotten hidden ones, but I don't think they are really
> > there.
> >
> > I'll see if I can remember to check this on an XP machine at some
> > point--but I don't think it will be different--I suspect detections of
> > this string are most likely going to relate to imperfections of search
> > methods---but maybe I'll be surprised?
> >
> > "Stu" <(E-Mail Removed)> wrote in message
> > news:5F2F7E05-D446-4693-95FB-(E-Mail Removed)...
> >> Hmm. well spotted and point taken. I`d be interested in the outcome of
> >> your
> >> `dirty Vista Ultimate system`. I scanned the file using the custom scan
> >> option in WD ie by simply browsing to the file location quoted by
> >> Explorer.
> >> For occasions like these it would have been nice to have a context menu
> >> option available like many other scanners. I seem to recall this being
> >> discussed many moons ago on here and some bright person had a solution
> >> but I
> >> can`t find it now.
> >> What I do seem to recall was, the general consensus of opinion being
> >> Microsoft wouldn`t do that for XP customers because they were
> >> concentrating
> >> their efforts on the launch of Vista, the integration of WD in One Care
> >> plus
> >> a thousand and one other things at the time. For XP users, WD is very
> >> much a
> >> `bolt on` application. Not that I`m complaining
> >>
> >> Stu
> >>
> >> "Bill Sanderson" wrote:
> >>
> >>> the web reference Robin cited was odd too--it cited "wmpl ayer.exe.????"
> >>> so
> >>> it was the space in what I would expect to be the real name of the
> >>> executable that gave rise to the Google hit.
> >>>
> >>> So far, a cmd line search has found 0 instances of ayer.exe on my
> >>> ancient
> >>> and dirty Vista ultimate system. A GUI search has yet to complete...
> >>>
> >>> "Stu" <(E-Mail Removed)> wrote in message
> >>> news:045C43D0-FB37-4BEF-A81F-(E-Mail Removed)...
> >>> > Just out of interest, on seeing this post yesterday, I ran an Explorer
> >>> > search
> >>> > on my system for ayer.exe and it flagged two instances on my system -
> >>> > both
> >>> > relating to WMP. One located in Prog Files/ and the other
> >>> > Windows/Service
> >>> > Pack/i386. However, when I investigate the folders (despite having
> >>> > show
> >>> > hidden files and file extensions selected), I can find no reference to
> >>> > this
> >>> > file in either folder. Properties from within Explorer indicates a
> >>> > Microsoft
> >>> > file with no version info.
> >>> >
> >>> > Stu
> >>> >
> >>> > "Bill Sanderson" wrote:
> >>> >
> >>> >> OK - 873374_eng.exe is apparently a legitimate name for a Microsoft
> >>> >> executable associated with a security issue.
> >>> >>
> >>> >> However, that fact alone does not mean that a file with this name on
> >>> >> your
> >>> >> system is legit.
> >>> >>
> >>> >> In this case, see if you can find the file in Explorer on your
> >>> >> system,
> >>> >> right
> >>> >> click on it, and look at the details--see whether it is signed by
> >>> >> Microsoft.
> >>> >> If it is, I'm willing to believe that it is legitimate.
> >>> >>
> >>> >>
> >>> >> "Bill Sanderson" <(E-Mail Removed)> wrote in message
> >>> >> news:(E-Mail Removed)...
> >>> >> >I would not say that at all on that evidence.
> >>> >> >
> >>> >> > This thread cites this:
> >>> >> >
> >>> >> > C:\DOCUME~1\Manny\LOCALS~1\Temp\WERa896.dir00\wmpl ayer.exe.mdmp
> >>> >> >
> >>> >> > I'm not much on media in general, but I don't see why a legit media
> >>> >> > player
> >>> >> > executable is located in Temp.
> >>> >> >
> >>> >> > And I don't know what that space--real or not--means in the
> >>> >> > name--but
> >>> >> > the
> >>> >> > double extension .exe.mdmp is likely bad news, I suspect.
> >>> >> >
> >>> >> > The fact is that nobody can tell you what a file is by the name
> >>> >> > alone,
> >>> >> > unless it is signed and you exchange signature information with us.
> >>> >> > If
> >>> >> > you can find either of these files on your system--look for hidden
> >>> >> > files,
> >>> >> > and ignore the extension, I'd recommend submitting them to
> >>> >> > virustotal.com
> >>> >> > or microsofts own submission
> >>> >> > mechanism--www.microsoft.com/security/portal
> >>> >> >
> >>> >> > If they are located in the temp area, I'd simply clean out the temp
> >>> >> > area
> >>> >> > rather than risk further issues.
> >>> >> >
> >>> >> > 873374 is the number of a Microsoft Security related patch.
> >>> >> > However,
> >>> >> > so
> >>> >> > far, the executables I've found associated with that patch do not
> >>> >> > have
> >>> >> > that name.
> >>> >> >
> >>> >> > I would give the same advice with regard to that file. If you
> >>> >> > think
> >>> >> > you
> >>> >> > might need a Microsoft Update, go to Windows Update and see what is
> >>> >> > offered.
> >>> >> >
> >>> >> > "robinb" <(E-Mail Removed)> wrote in message
> >>> >> > news:(E-Mail Removed)...
> >>> >> >> seems like they are part of windows media player files
> >>> >> >> have a look here
> >>> >> >>
> >>> >> >> http://www.ocforums.com/showthread.php?t=547151
> >>> >> >>
> >>> >> >> robin
> >>> >> >>
> >>> >> >> "Mel_3" <(E-Mail Removed)> wrote in message
> >>> >> >> news:A4BE6AC9-230E-4DDF-AB82-(E-Mail Removed)...
> >>> >> >>>I have always run zone alarm and two app's just tried to access
> >>> >> >>>the
> >>> >> >>>"trusted
> >>> >> >>> zone"
> >>> >> >>>
> >>> >> >>> ayer.exe
> >>> >> >>> ii\873374
> >>> >> >>>
> >>> >> >>> Googled 'em both but saw no satisfactory answere from Microsoft
> >>> >> >>> or
> >>> >> >>> other
> >>> >> >>> reliable sources...
> >>> >> >>>
> >>> >> >>> Anyone here know what they are and how I can verify their
> >>> >> >>> authenticity?
> >>> >> >>>
> >>> >> >>> Thanks for any help.
> >>> >> >>>
> >>> >> >>
> >>> >> >
> >>> >>
> >>> >>
> >>>
> >>>
> >
>
>