Jump to content


Recommended Posts


Today SAS found c:\windows\system32\GKSUI18.exe SAS was successful at removing then required a reboot & was then in quarantine.

I then selected remove from quarantine. re-scanned with SAS & all was clean :D

Question - My external hdd, which has Acronis 10 backed up files on it. Can SAS get into the compressed Acronis files for a good scan?

I tried doing it, it lasted only seconds on G:\ then SAS said G:\$secure$SDS is this a failed scan?

Regarding the removed GKSUI18.exe - I really did not notice any adverse effects on the infected machine, how would this malware been executed?

From SAS Log:

SUPERAntiSpyware Scan Log


Generated 11/17/2008 at 05:31 PM

Application Version : 4.21.1004

Core Rules Database Version : 3640

Trace Rules Database Version: 1623

Scan type : Quick Scan

Total Scan Time : 00:07:17

Memory items scanned : 297

Memory threats detected : 0

Registry items scanned : 359

Registry threats detected : 0

File items scanned : 7076

File threats detected : 1



Thank You


Share this post

Link to post
Share on other sites


Thank you for the response!

Further investigation leads me to believe this is/was an "FP"

Exploring the backup drive (ext hdd, Acronis back=ups) shows:

c:\windows\system 32\GKSUI18.exe 72kb 72kb x 1024 = 73,728 bytes.

From Prevx I found: http://spywarefiles.prevx.com/ssBFDF148315/GKSUmore.html

Also from Prevx:

* Safety Rating: Known Malware, do not run

* Malware Family: Part of Malware group - Covert Sys Exec

* Determination: Automatically determined using Prevx centralized heuristics

* Malware Form: EXPLOIT

* Protection: Prevx provides powerful security products that you can use to detect, remove and protect you from GKSUI18.EXE and safeguard your PC against viruses, trojans, worms, spyware, rootkits and adware

* Why risk having spyware on your PC when it takes less than 2 minutes to thoroughly check it with Prevx CSI? Click here to check your PC with Prevx CSI Now.

* First seen: Nov 14 2006 (GMT)

* Last seen: Nov 14 2006 (GMT)

* File Size: 69,632 bytes

It seems known Trojan size = 69,632 bytes which does not equal 72kb

Where I'm not sure is:

% signs surrounding a folder (see url above)

Who does this exe file belong to?

Not 100% sure I should restore it from Acronis

Do you have a database to ID threats? I just googled & chose 1st match < why I referenced Prevx >



Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...