Help - Search - Members - Calendar
Full Version: Is This A Virus-and How To Get Rid Of It
BleepingComputer.com > Security > AntiVirus, Firewall and Privacy Products and Protection Methods
   
zevelation
Aug 25 2008, 10:22 AM
sgcxcxxaspf080819.exe
found this on a sys yesterday.
webroot,avg,spybot, and various others could not control-or kill


no info on this new threat when searched

any help? suggestions?
stupidhomer
Aug 25 2008, 10:41 AM
if you think this may be a virus, look for file assassin by MalwareBytes, use it on that file, just hope the file isn't something you need.
garmanma
Aug 25 2008, 12:10 PM
I'm going to move this to a forum where I think you'll do better
AntiVirus, Firewall and Privacy Products and Protection Methods

http://www.bleepingcomputer.com/forums/forum25.html

If this is a machine that you are sitting down and working on this specific machine, I can move you to Am I Infected?
Simargl
Aug 25 2008, 12:23 PM
Zip it or Rar it and then upload on http://www.virustotal.com/
Animal
Aug 25 2008, 12:50 PM
Doesn't look good: http://spywarefiles.prevx.com/RRDBHI044981...080819.EXE.html

Safety Rating: Uncertain
First seen: Aug 20 2008 (GMT)

Antivirus Detection: No third party antivirus detection observed

Anti-Spyware Detection: No third party anti-spyware detection observed

The following behaviors have been observed for this object:
Installs programs.
Deletes programs.
Runs other programs.
Hijacks running processes.
zevelation
Aug 26 2008, 08:50 AM
yeah. when i did research on this .exe-i only found 2 articles..literally.

not only does it disable services.
it also
=blocks usb ports (so no jumpdrives to use with tech tools)
=blocks optical drive from running (could not load any tools from a cd....or even try to ghost machine for a dirty install
and keep fingers crossed i could recover data using 'FORENSIC DATA RECOV)

=also blocks hd from being detected as a slave drive.
=does not allow network access to possiblY backup data.
=disables safe mode
so pretty much this thing is driving me crazy.

i already warned the owner of this machine ...that.... this is a good example
of always making sure to back up data. (because obviously NOW....no data -as of the moment-
can be backed up

i have a couple of other tricks left ...but i feel this is quickly becoming a lost cause. (I HATE FAILURE!)
ANY ONE ELSE WHO HAS COME ACROSS THIS...OR HAS ANY IDEAS...

IM OPEN TO ALL!

THANKS

Simargl
Aug 26 2008, 04:33 PM
Try with Hiren's BootCD
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.