Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep On Finding Acgd1.exe. Anyone Knows It?


  • Please log in to reply
11 replies to this topic

#1 michael mellner

michael mellner

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 07 October 2006 - 09:52 AM

Hello there. Once in a while I keep on finding acgd1.exe in my C/windows/temp.
I found it while checking my msconfig. I deselected it from startup program, but it came back and found it again, after days, bact in my startup program list.

Anyone knows it? In the database there is no mention about it. I did a research on google but no appreciatable results....

Bests

Michael

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 PM

Posted 08 October 2006 - 07:01 PM

Can you please submit the file to http://www.bleepingcomputer.com/submit-malware.php

This is most likely malware if it keeps coming back.

I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem. As the guide says, after you have completed the scans that are recommended, please post your HijackThis log in a new topic in the forum found here. Please add your system infomation and also what problems you are having.
Please be patient, and a HJT team member will help you to clean up your system.

#3 michael mellner

michael mellner
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 09 October 2006 - 08:06 AM

Grinler, thanks for your reply. I'm trying to get this thing again to send it as you mentioned. This morning Ewiro detected it as a malaware and deleted it upon reboot. The strange thing is that in the past it let it pass. Now, as soon as I get it back I will follow your direction and start a cleaning.

My bests

Michae

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 PM

Posted 09 October 2006 - 08:47 AM

Its possible that ewido updated its definitions to include this malware. Do you remember what it identified it as ?

#5 michael mellner

michael mellner
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2006 - 07:24 AM

Grinler, while I was back from office, I found a malaware alert, which was again acgd1.exe.
I attached three pics that I hope you can see.
Malaware1.jpg shows ewido quarantine which give you the info you requested.
Malaware2.jpg shows a cut on my task manager at the moment the acgd1.exe was put in quarantine. Note that the exe is put apart but still working apparently given the memory usage
Malaware3.jpg is a cut of my c/windows7temp folder in which this exe comes when it appears.

Hope I gave you some more useful things to start with and I hope I could attach the 3 pics mentioned

Bests

Michael

Michael

Michael

#6 michael mellner

michael mellner
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2006 - 07:29 AM

Grinler,
I was just checking and saw the 3 pics are not there. Can you tell me how to post them? In addition I did a typo in the exe location which is c/windows/temp (in my previous I typed 7 instead of a /. Sorry.......

Michael

#7 michael mellner

michael mellner
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2006 - 07:32 AM

In case I cannot post the pics, here's something that might help you. Ewido says it is a Trojan.Agent.xj.

Hope this helps

Michael

#8 michael mellner

michael mellner
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2006 - 08:11 AM

Grinler,
I run regedit and searched for acgd1. It found the entry acgd1.exe in the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\MSconfig\startupreg\acgd1.exe

I don't know if this is the cause to this exe to come back all the time. I'm a beginner, but I think this entry is used to msconfig to show all the item, checked or unchecked.

Might be so easy as to cancel the acgd1.exe registry entry?

Bests

Michael

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 PM

Posted 10 October 2006 - 09:25 AM

I recommend you post a hijackthis log. You are almost definitely infected with something. Once you post the log we will be able to help you further.

#10 michael mellner

michael mellner
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2006 - 12:23 PM

Ok. do you want me to post it here or elsewhere? in addition I found this link on the web:

www.greatis.com/appdata/d/o/oyna1.exe_Removal.htm

In this page there is a mention about the file I'm struggling with. I found this page dialing the file name on google.

Anyways, my pc is running ok even when this sucker is present. This doesn't mean I will give up in getting rid of it.....

bests

Michael

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:54 PM

Posted 10 October 2006 - 02:27 PM

You would be better off posting a hijackthis log in our hijackthis forum. Then come back here with your topic and I will see if I can guide you quickly.

#12 michael mellner

michael mellner
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 10 October 2006 - 02:33 PM

thanks.
I'll do it right away and come back later on.

Michael




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users