Eric H. Posted May 26, 2011 Whenever I start SAS, I see a weird.exe in the Task Manager, the name looks like xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx.exe where the 'x' are all hex digits. I can't remember seeing this before. Is this normal, or has my machine been compromised? version 4.53 thanks, eric Share this post Link to post Share on other sites
Seth Posted May 26, 2011 Hi Eric. Make sure SAS is fully updated and run a complete scan. If the file remains, post its name in this thread. You can also run a search for the file and submit it to VirusTotal: http://www.virustotal.com/ Share this post Link to post Share on other sites
Eric H. Posted May 26, 2011 If the file remains, post its name in this thread. It's a different set of hex digits each time, which is what makes me think the machine is toasted. Share this post Link to post Share on other sites
Seth Posted May 26, 2011 It's a different set of hex digits each time That's not sounding good. If it remains after the SAS update and complete scan. Then download HijackThis and choose "Do a system scan and save the log file". Post that log in your next reply. http://free.antivirus.com/hijackthis/ Share this post Link to post Share on other sites
Eric H. Posted May 26, 2011 That's not sounding good. If it remains after the SAS update and complete scan. Then download HijackThis and choose "Do a system scan and save the log file". Post that log in your next reply. http://free.antivirus.com/hijackthis/ Current one running is c29a40c0-b556-43d0-9e3e-667c1d383454.exe and that .exe file (along with a few other similiarly named .exe) is actually just sitting in c:\Program Files\SUPERAntiSpyware. Maybe it is SAS doing something to stealth itself against the bad guys trying to find it and kill it? (OK, that's a stretch, but one can hope, right?) Share this post Link to post Share on other sites
Eric H. Posted May 26, 2011 Current one running is c29a40c0-b556-43d0-9e3e-667c1d383454.exe the scan is running now, and that exe is taking up all the cpu, so maybe it is just a cloaked SAS program? Share this post Link to post Share on other sites
Seth Posted May 26, 2011 the scan is running now, and that exe is taking up all the cpu, so maybe it is just a cloaked SAS program? To the best of my knowledge, that's not part of SAS. Nor do any of my computers have those type of files in the SAS folder. Confirmed that in Task Manager while running scans as well. If needed, use SAS's Threat Check: https://www.superantispyware.com/superantispyware_threatcheck.html Share this post Link to post Share on other sites
Eric H. Posted May 26, 2011 To the best of my knowledge, that's not part of SAS. Nor do any of my computers have those type of files in the SAS folder. Confirmed that in Task Manager while running scans as well. If needed, use SAS's Threat Check: https://www.superantispyware.com/superantispyware_threatcheck.html Submitted a check. Also tried uninstalling and reinstalling SAS. Still get the same weird hex .exe files showing up in Task Manager, and in Program File\SUPERAntiSpyware. Where would I submit one of those .exes for someone to look at? Share this post Link to post Share on other sites
Seth Posted May 26, 2011 Threat Check is the most appropriate action for your particular issue. However, individual files can be submitted here: https://www.superantispyware.com/blog/2009/05/28/supersamplesubmit-an-easy-way-to-submit-samples/ Share this post Link to post Share on other sites
bohemianroxie Posted June 8, 2011 124368a9-24cf-459e-ba19-a5bcb6c1ad76.com MS-DOS application does run in my task manager (although the string is not completely visible there). I finally found it in my SAS program files folder. Everything comes up clean on my computer from sas, avast, malwarebytes..and even a few other scans... and I'm having no issues. But this might be similar. Share this post Link to post Share on other sites
SAS Customer Service Posted June 8, 2011 124368a9-24cf-459e-ba19-a5bcb6c1ad76.com MS-DOS application does run in my task manager (although the string is not completely visible there). I finally found it in my SAS program files folder. Everything comes up clean on my computer from sas, avast, malwarebytes..and even a few other scans... and I'm having no issues. But this might be similar. It would seem that you are runnin the alternate start of SUPERAntiSpyware as it will rename superantispyware.exe to a random file name so that malware has less of a chance of blocking the application. Share this post Link to post Share on other sites
bohemianroxie Posted June 9, 2011 It would seem that you are runnin the alternate start of SUPERAntiSpyware as it will rename superantispyware.exe to a random file name so that malware has less of a chance of blocking the application. Yeah, I didn't do that intentionally...but I think I like it. Makes sense to me. I've looked high and low and never seen it mentioned anywhere. Incognito. Share this post Link to post Share on other sites