OT: Anyone heard of this file?

[BBegemott]

"siae3123.exe" looks like randomly generated filename to me. I recall reading somewhere that some evil programs install themselves with randomly generated names in order to be harder tracked down. Little help, but at least it can explain why you can't find info about it.

[Alneyan]

Even if my knowledge of informatics is about nill, I read something along the lines of what BBgemott mentioned as well. The fact that Google finds nothing is very unusual, so I would believe it is a name that has been generated at random.

Likewise, it might be that this exe has cousins on your computer, to avoid being suppressed too easily. Once I had a somewhat similar virus, which was present in several exes and used a few different names (it didn't generate names as far as I know though). How to get rid of it without invoking the Format spell is another matter obviously, but I would expect the Usenet to have better answers available. (My understanding of it is that it is basically a *lot* of newsGroups and includes other discussions, news and so on)

[pathfinder]

I found a registry entry in windows search assistant and deleted that. We'll see if this is permadeath.

Nope. Got rid of 2 registry entries in search assistant/ACMru folder. It still pops up.

[ May 22, 2004, 20:55: Message edited by: pathfinder ]

[EaX]

Well...., first check if it's a service (control panel->Administrative tools->Services, you can right click on every proccess and in properties check the filename), if it's not a process then program must be started from the registry or the StartUp on the Start->Programs->StartUp menu, so, first check these keys in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
I think you have the administrator account don't you?, anyway check on the "Document and settings" folder located on the root of your hard-disk usually C:, then on the folder Administrator if you are the administrator or the folder with your user name, check all the folder for a shortcut o the file.
Well i hope you understand something, sorry for my english.

[Baron Munchausen]

Wow... you've got one of those really intricate self-preserving spyware programs. Have you run a simple integrity check of your system files? It might have replaced a basic system file with a different copy including a re-installer for itself. Under Win 9x you run the sysinfo utility and there's an option to run the system file checker under the tools menu. Dunno what the equivalent is for 2k/XP.

I think you really need to get Spybot S&D. It's pretty good at destroying nasties like this.

http://www.safer-networking.org/

[Arkcon]

Quote:

Originally posted by Baron Munchausen:

I think you really need to get Spybot S&D. It's pretty good at destroying nasties like this.

http://www.safer-networking.org/

Thanks, Baron. I was using ver 1.2, I didn't know there was a new better Version until I clicked.

Pathfinder:
OK. Some guy on the USENET has seen similar filename in systems built on SiS chipsets. You have an asus Mobo, which I didn't post the USENET 'cause I didn't think it was important (Dumb!).

I'll post more info on the USENET later. But until then there is something to try. Run msinfo32. Maybe you've seen this program before, but it's new to me. It lists all hardware components and the files they require.

I know you're sure it's a new program, but maybe it's needed for your hardware, got spoofed (or innocently damaged), and can be repaired by reinstalling hardware drivers from the install CD-ROM.

[pathfinder]

Quote:

Originally posted by Baron Munchausen:
Wow... you've got one of those really intricate self-preserving spyware programs. Have you run a simple integrity check of your system files? It might have replaced a basic system file with a different copy including a re-installer for itself. Under Win 9x you run the sysinfo utility and there's an option to run the system file checker under the tools menu. Dunno what the equivalent is for 2k/XP.

I think you really need to get Spybot S&D. It's pretty good at destroying nasties like this.

http://www.safer-networking.org/

Spybot didn't find it.

[Baron Munchausen]

Quote:

Originally posted by Arkcon:

quote:

---

Originally posted by Baron Munchausen:

I think you really need to get Spybot S&D. It's pretty good at destroying nasties like this.

http://www.safer-networking.org/

Thanks, Baron. I was using ver 1.2, I didn't know there was a new better Version until I clicked.

Pathfinder:
OK. Some guy on the USENET has seen similar filename in systems built on SiS chipsets. You have an asus Mobo, which I didn't post the USENET 'cause I didn't think it was important (Dumb!).

I'll post more info on the USENET later. But until then there is something to try. Run msinfo32. Maybe you've seen this program before, but it's new to me. It lists all hardware components and the files they require.

I know you're sure it's a new program, but maybe it's needed for your hardware, got spoofed (or innocently damaged), and can be repaired by reinstalling hardware drivers from the install CD-ROM.

---

Yeah, that's a possiblity. Maybe this is a legit driver and something on his Mobo has gone flaky and it is popping up a warning box but failing to 'stay put' and transmit the message because of some conflict with something else in the system.

[pathfinder]

siae3123.exe? It is loaded in my windows/system32 folder and is more than a little annoying. It pops up every 15-3 seconds for 1-2 seconds and then goes away.

Whe I try to delete it, I get a message saying that another program is using it and it can't be deleted

It isn't on any virus definition list I could find.

[ May 22, 2004, 12:47: Message edited by: pathfinder ]

[Gandalf Parker]

There are some programs that both ad-aware and spybot will recommend a specific cleaner for. By any chance, when you go to google, are the first few results on every search trying to get you to search again at a site called 2020? Thats one example. Have you added any search bars or other buttoned goodies to your browser? or your IM program? try searching on those.

[ May 23, 2004, 14:46: Message edited by: Gandalf Parker ]