Help
Hello there. Once in a while I keep on finding acgd1.exe in my C/windows/temp.
I found it while checking my msconfig. I deselected it from startup program, but it came back and found it again, after days, bact in my startup program list.
Anyone knows it? In the database there is no mention about it. I did a research on google but no appreciatable results....
Bests
Michael
Page 1 of 1
Keep On Finding Acgd1.exe. Anyone Knows It?
Back to top
#2
- Bleep Bleep!
-
- Group: Admin
- Posts: 36,603
- Joined: 24-January 04
- Gender:Male
- Location:USA
Posted 08 October 2006 - 07:01 PM
Can you please submit the file to http://www.bleepingcomputer.com/submit-malware.php
This is most likely malware if it keeps coming back.
I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem. As the guide says, after you have completed the scans that are recommended, please post your HijackThis log in a new topic in the forum found here. Please add your system infomation and also what problems you are having.
Please be patient, and a HJT team member will help you to clean up your system.
This is most likely malware if it keeps coming back.
I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem. As the guide says, after you have completed the scans that are recommended, please post your HijackThis log in a new topic in the forum found here. Please add your system infomation and also what problems you are having.
Please be patient, and a HJT team member will help you to clean up your system.
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
#3
- Member
-
- Group: Members
- Posts: 43
- Joined: 23-September 06
Posted 09 October 2006 - 08:06 AM
Grinler, thanks for your reply. I'm trying to get this thing again to send it as you mentioned. This morning Ewiro detected it as a malaware and deleted it upon reboot. The strange thing is that in the past it let it pass. Now, as soon as I get it back I will follow your direction and start a cleaning.
My bests
Michae
My bests
Michae
#4
- Bleep Bleep!
-
- Group: Admin
- Posts: 36,603
- Joined: 24-January 04
- Gender:Male
- Location:USA
Posted 09 October 2006 - 08:47 AM
Its possible that ewido updated its definitions to include this malware. Do you remember what it identified it as ?
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
#5
- Member
-
- Group: Members
- Posts: 43
- Joined: 23-September 06
Posted 10 October 2006 - 07:24 AM
Grinler, while I was back from office, I found a malaware alert, which was again acgd1.exe.
I attached three pics that I hope you can see.
Malaware1.jpg shows ewido quarantine which give you the info you requested.
Malaware2.jpg shows a cut on my task manager at the moment the acgd1.exe was put in quarantine. Note that the exe is put apart but still working apparently given the memory usage
Malaware3.jpg is a cut of my c/windows7temp folder in which this exe comes when it appears.
Hope I gave you some more useful things to start with and I hope I could attach the 3 pics mentioned
Bests
Michael
Michael
Michael
I attached three pics that I hope you can see.
Malaware1.jpg shows ewido quarantine which give you the info you requested.
Malaware2.jpg shows a cut on my task manager at the moment the acgd1.exe was put in quarantine. Note that the exe is put apart but still working apparently given the memory usage
Malaware3.jpg is a cut of my c/windows7temp folder in which this exe comes when it appears.
Hope I gave you some more useful things to start with and I hope I could attach the 3 pics mentioned
Bests
Michael
Michael
Michael
#6
- Member
-
- Group: Members
- Posts: 43
- Joined: 23-September 06
Posted 10 October 2006 - 07:29 AM
Grinler,
I was just checking and saw the 3 pics are not there. Can you tell me how to post them? In addition I did a typo in the exe location which is c/windows/temp (in my previous I typed 7 instead of a /. Sorry.......
Michael
I was just checking and saw the 3 pics are not there. Can you tell me how to post them? In addition I did a typo in the exe location which is c/windows/temp (in my previous I typed 7 instead of a /. Sorry.......
Michael
#7
- Member
-
- Group: Members
- Posts: 43
- Joined: 23-September 06
Posted 10 October 2006 - 07:32 AM
In case I cannot post the pics, here's something that might help you. Ewido says it is a Trojan.Agent.xj.
Hope this helps
Michael
Hope this helps
Michael
#8
- Member
-
- Group: Members
- Posts: 43
- Joined: 23-September 06
Posted 10 October 2006 - 08:11 AM
Grinler,
I run regedit and searched for acgd1. It found the entry acgd1.exe in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\MSconfig\startupreg\acgd1.exe
I don't know if this is the cause to this exe to come back all the time. I'm a beginner, but I think this entry is used to msconfig to show all the item, checked or unchecked.
Might be so easy as to cancel the acgd1.exe registry entry?
Bests
Michael
I run regedit and searched for acgd1. It found the entry acgd1.exe in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\MSconfig\startupreg\acgd1.exe
I don't know if this is the cause to this exe to come back all the time. I'm a beginner, but I think this entry is used to msconfig to show all the item, checked or unchecked.
Might be so easy as to cancel the acgd1.exe registry entry?
Bests
Michael
#9
- Bleep Bleep!
-
- Group: Admin
- Posts: 36,603
- Joined: 24-January 04
- Gender:Male
- Location:USA
Posted 10 October 2006 - 09:25 AM
I recommend you post a hijackthis log. You are almost definitely infected with something. Once you post the log we will be able to help you further.
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
#10
- Member
-
- Group: Members
- Posts: 43
- Joined: 23-September 06
Posted 10 October 2006 - 12:23 PM
Ok. do you want me to post it here or elsewhere? in addition I found this link on the web:
www.greatis.com/appdata/d/o/oyna1.exe_Removal.htm
In this page there is a mention about the file I'm struggling with. I found this page dialing the file name on google.
Anyways, my pc is running ok even when this sucker is present. This doesn't mean I will give up in getting rid of it.....
bests
Michael
www.greatis.com/appdata/d/o/oyna1.exe_Removal.htm
In this page there is a mention about the file I'm struggling with. I found this page dialing the file name on google.
Anyways, my pc is running ok even when this sucker is present. This doesn't mean I will give up in getting rid of it.....
bests
Michael
#11
- Bleep Bleep!
-
- Group: Admin
- Posts: 36,603
- Joined: 24-January 04
- Gender:Male
- Location:USA
Posted 10 October 2006 - 02:27 PM
You would be better off posting a hijackthis log in our hijackthis forum. Then come back here with your topic and I will see if I can guide you quickly.
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
#12
- Member
-
- Group: Members
- Posts: 43
- Joined: 23-September 06
Posted 10 October 2006 - 02:33 PM
thanks.
I'll do it right away and come back later on.
Michael
I'll do it right away and come back later on.
Michael
Share this topic:
Page 1 of 1