probably unknown NewHeur_PE virus found in operating memory. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file G:\sxs2.exe.

help!!

janechongyc:

Can you provide a few more details? For example: What is the source of the message? Is it coming from your anti-virus or is it originating from some unknown source inducing you to buy (license) a product to cure the problem?

ohya, this is the message from my antivurus software NOD 32.

The virus is found from my mp3 player, when i plug in my new mp3 into my computer, it come out two removeable disk, disk G and disk h (normally it come out 1 disk only).

Disk G is normal, but when i click Disk H, it come out the message said: the drive is not formatted, would you like to format it now?

Then i click on yes to format, after i format it will come out a few files with unreconized file......

terrible, after format the file still there, and the files also cannot be deleted...

i suspect it is the new virus that call sxs2...how to kill it?
it is still in my mp3?

Thanks!

Hello.

Please follow the procedure in this link: "BEFORE you POST" Mandatory Steps Before Requesting Assistance (http://forums.spybot.info/showthread.php?t=288)

Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Once you have posted a helper will advise you as soon as available.

Regards. :)

Dear janechongyc !
Welcome to China!

sxs2.exe is a Chinese breed of malware, on various Chinese support websites, there are many postings on this malware, but they are all in Chinese, and mine is not good enough to read the stuff. But since I live here (China) I know sxs2.exe very well, unfortunately.

It spreads via USB sitcks and mp3 players. sxs2.exe is the program which is executed by an infected autorun.inf If you look at the infected autorun.inf you will find some command lines that lead directly to a launch of sxs2.exe
sxs2.exe is a hidden file, autorun a system file - so make sure to change your settings (properties - windows explorer) so you can see ALL files including system files and hidden files.

As long as the autorun is not enabled or as long as you just look at the folders on your USB stick or mp3 player and delete the malicious stuff (including the autorun) nothing can happen. So check first then use.

Once the sxs2.exe has been activated it is a nasty stuff. Avira antivir, Norton and MacAffee do not recognize it. Rising does if it is the newest edition (older versions don't) AVG antivirus from Grisoft does recognize it best, as far as I could find out. (Have not yet confronted Kaspersky and Bitdefender with this problem)

Once the sxs2.exe is executed all kind of nasty things happen.
1. It spreads via USB sticks and Mp3 players.
2. It changes the date to April 1980.
3. It dublicates files.
4. If might cause troubles with the file location.
5. In the end you can't use your USB stick or mp3 any longer.

What you can do
1. Try to get a good antivirus program (like AVG free down load or even better ones)
2. Clean up your system.
3. Have a close look at you stick.
4. Delete autorun and sxs2.exe on ALL your USB sticks or mp3s.
5. Clean your USB stick or mp3 with a good antivirus.
6. Try to back up all the file you need.
7. Delete or better SAFE erase all the files on your USB stick or mp3.
8. Formate it (NOT quick format)
9. Clean all the systems your USB stick or mp3 has come into contact with.
10. Warn your friends.

Good luck
Muggle



ohya, this is the message from my antivurus software NOD 32.

The virus is found from my mp3 player, when i plug in my new mp3 into my computer, it come out two removeable disk, disk G and disk h (normally it come out 1 disk only).

Disk G is normal, but when i click Disk H, it come out the message said: the drive is not formatted, would you like to format it now?

Then i click on yes to format, after i format it will come out a few files with unreconized file......

terrible, after format the file still there, and the files also cannot be deleted...

i suspect it is the new virus that call sxs2...how to kill it?
it is still in my mp3?

Thanks!

janechongyc started a topic here: http://forums.spybot.info/showthread.php?t=12440

probably unknown NewHeur_PE virus found in operating memory. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file G:\sxs2.exe.

help!!

I've been recently in china and I've brought back this shit virus on my USB stick!
I've found a software which can delete easily the process on the computer.

here is the link:


then check the process which are running when windows starts. The icon which corresponds to this checking is the icon named "Startup" (third icon in the second row of the menu).
You will finf sxsé.exe and then click on "delete"

good luck
:bigthumb:

I've been recently in china and I've brought back this shit virus on my USB stick!
I've found a software which can delete easily the process on the computer.

here is the link:


then check the process which are running when windows starts. The icon which corresponds to this checking is the icon named "Startup" (third icon in the second row of the menu).
You will finf sxsé.exe and then click on "delete"

good luck
:bigthumb:


Could you send me the link? i've just formatted and this fu**ing sxs2.exe has infected my pc... thanks

Last edited by tashi : 2007-04-19 at 07:28. Reason: link removed, malware infections need analysis before advice on removal is given

Could you send me the link?

Please make sure if you chose that route, it is via PM and not posted here.

Our Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) is where experienced volunteers assist in removing infections.


Cheers. :)

ups... sorry...

btw, does Spybot-S&D or other anti-malware/spyware software recognise and fix the sxs2.exe?