[AKQJ10]

I'm latching onto this thread -- hopefully not a hijack -- because I've noticed a mysterious "C:\U.exe" that's shown up twice in my root directory. Googling seems to indicate that it's likely part of a keylogger, although there also appear to be legitimate apps with a U.exe. (Hard to believe they'd invite themselves in the root dir, though.)

My semi-expired McAfee firewall seemed to detect its attempts to access the internet so I'm hopeful that means that nothing malicious has happened yet. But I don't want to be naive -- everything I read says these things can hide themselves well.

Is there really no other course of action than to wipe it and start over? I'm allegedly an IT professional so I realize the philosophy of "better safe than sorry," which is probably what I'd tell my own clients. All the same, formatting seems like at least a 20-30 hour operation given all the junk I've got installed. Surely there's gotta be some way to find what's creating this U.exe, no? I'm trying to configure Filemon to watch my disk accesses.

I've certainly started changing my passwords on another computer. I'm pretty ignorant of keyloggers; if I enter a new password via copy/paste (e.g. from Password Safe), will they pick up the clipboard traffic?

Lately I've installed some poker-related software, and I'm worried that something like PAHUD free version has installed this U.exe. Please please please tell me there's some legitimate use for it.