Hello there. Once in a while I keep on finding acgd1.exe in my C/windows/temp.
I found it while checking my msconfig. I deselected it from startup program, but it came back and found it again, after days, bact in my startup program list.

Anyone knows it? In the database there is no mention about it. I did a research on google but no appreciatable results....

Bests

Michael

Can you please submit the file to http://www.bleepingcomputer.com/submit-malware.php

This is most likely malware if it keeps coming back.

I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem. As the guide says, after you have completed the scans that are recommended, please post your HijackThis log in a new topic in the forum found here. Please add your system infomation and also what problems you are having.
Please be patient, and a HJT team member will help you to clean up your system.

Grinler, thanks for your reply. I'm trying to get this thing again to send it as you mentioned. This morning Ewiro detected it as a malaware and deleted it upon reboot. The strange thing is that in the past it let it pass. Now, as soon as I get it back I will follow your direction and start a cleaning.

My bests

Michae

Its possible that ewido updated its definitions to include this malware. Do you remember what it identified it as ?

Grinler, while I was back from office, I found a malaware alert, which was again acgd1.exe.
I attached three pics that I hope you can see.
Malaware1.jpg shows ewido quarantine which give you the info you requested.
Malaware2.jpg shows a cut on my task manager at the moment the acgd1.exe was put in quarantine. Note that the exe is put apart but still working apparently given the memory usage
Malaware3.jpg is a cut of my c/windows7temp folder in which this exe comes when it appears.

Hope I gave you some more useful things to start with and I hope I could attach the 3 pics mentioned

Bests

Michael

Michael

Michael

Grinler,
I was just checking and saw the 3 pics are not there. Can you tell me how to post them? In addition I did a typo in the exe location which is c/windows/temp (in my previous I typed 7 instead of a /. Sorry.......

Michael

In case I cannot post the pics, here's something that might help you. Ewido says it is a Trojan.Agent.xj.

Hope this helps

Michael

Grinler,
I run regedit and searched for acgd1. It found the entry acgd1.exe in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\MSconfig\startupreg\acgd1.exe

I don't know if this is the cause to this exe to come back all the time. I'm a beginner, but I think this entry is used to msconfig to show all the item, checked or unchecked.

Might be so easy as to cancel the acgd1.exe registry entry?

Bests

Michael

I recommend you post a hijackthis log. You are almost definitely infected with something. Once you post the log we will be able to help you further.

Ok. do you want me to post it here or elsewhere? in addition I found this link on the web:

www.greatis.com/appdata/d/o/oyna1.exe_Removal.htm

In this page there is a mention about the file I'm struggling with. I found this page dialing the file name on google.

Anyways, my pc is running ok even when this sucker is present. This doesn't mean I will give up in getting rid of it.....

bests

Michael

You would be better off posting a hijackthis log in our hijackthis forum. Then come back here with your topic and I will see if I can guide you quickly.

thanks.
I'll do it right away and come back later on.

Michael