OT: Anyone heard of this file?

[Thermodyne]

1st, see if it is running as a service, if it is, then stop the service and then remove the file.

2nd, build a boot disk and use it to boot the system, then drill down to the file and wipe it out.

[Katchoo]

You can also run 'MSCONFIG' and see if it's listed under the Startup Tab. If it is, then you can remove the checkmark next to it, save & exit, and then reboot. If it's necessary to anything, you'll get an error about it. If everything appears to run smoothly though, then you can go back in and permenantly remove it (or just leave the checkmark deselected).

[pathfinder]

It isn't in the startup tab.

called it up in wordpad and it appears to be some form of internet blocker/filter. I didn't install it or set it up, so it makes me very angry...

[ May 22, 2004, 16:01: Message edited by: pathfinder ]

[Arkcon]

Pathfinder, I'm in the mood to post your problem on the USENET and see if anyone has a clue. Don't know if you've decided to do that yourself. If you hate the USENET, don't worry, I won't let the message get traced back to you. I'm just steamed that the progam exists, and there's no info on it anywhere. Anyway, can you give me some more system info -- computer model (Dell, Toshiba, or just say homebrew), and what Version of Windows (98, XP) you're using?

[pathfinder]

Quote:

Originally posted by Arkcon:
Pathfinder, I'm in the mood to post your problem on the USENET and see if anyone has a clue. Don't know if you've decided to do that yourself. If you hate the USENET, don't worry, I won't let the message get traced back to you. I'm just steamed that the progam exists, and there's no info on it anywhere. Anyway, can you give me some more system info -- computer model (Dell, Toshiba, or just say homebrew), and what Version of Windows (98, XP) you're using?

XP (Home edition, v 2002 w Sp1), homebrew PC (athalon 1700+ cpu on an asus Mobo), 512 MB ram, MSI GeForce 4200 with 64 MB ram (53.03 nvidia drivers), Creative SB, 80 GB HDD (can't remember make) with a 40 GB secondary drive. mobo uses nforce drivers.

I don't know jack about usenet, so no biggy. thanks for asking.

[ May 22, 2004, 18:42: Message edited by: pathfinder ]

[BBegemott]

"siae3123.exe" looks like randomly generated filename to me. I recall reading somewhere that some evil programs install themselves with randomly generated names in order to be harder tracked down. Little help, but at least it can explain why you can't find info about it.

[Alneyan]

Even if my knowledge of informatics is about nill, I read something along the lines of what BBgemott mentioned as well. The fact that Google finds nothing is very unusual, so I would believe it is a name that has been generated at random.

Likewise, it might be that this exe has cousins on your computer, to avoid being suppressed too easily. Once I had a somewhat similar virus, which was present in several exes and used a few different names (it didn't generate names as far as I know though). How to get rid of it without invoking the Format spell is another matter obviously, but I would expect the Usenet to have better answers available. (My understanding of it is that it is basically a *lot* of newsGroups and includes other discussions, news and so on)