PDA

View Full Version : Need User Feedback: ati2sgag.exe


ArcticFox
2011-02-06, 11:48
When I turned on my computer today Spybot reported a Process ID: 1808 with the filename ati2sgag.exe that was inside the C:\WINDOWS\System32 folder. It also said it contained the Win32.mIRC.603 virus.

When I saw this I freaked out thinking it was some malware or virus I may have picked up previously so I allowed Spybot to stop the execution and I think it deleted the file. But I did a little Google search on the filename and it seems it is part of ATI Smart software for my video card. Is this a false positive?! Did I just delete an important file for my video card software? I am trying to find a log of the message Spybot gave me but I can't find it anywhere, even in the logs directory.

Any help would be deeply appreciated on this matter.
ArcticFox
2011-02-06, 13:48
When I turned on my computer today Spybot reported a Process ID: 1808 with the filename ati2sgag.exe that was inside the C:\WINDOWS\System32 folder. It also said it contained the Win32.mIRC.603 virus.

When I saw this I freaked out thinking it was some malware or virus I may have picked up previously so I allowed Spybot to stop the execution and I think it deleted the file. But I did a little Google search on the filename and it seems it is part of ATI Smart software for my video card. Is this a false positive?! Did I just delete an important file for my video card software? I am trying to find a log of the message Spybot gave me but I can't find it anywhere, even in the logs directory.

Any help would be deeply appreciated on this matter.


I failed to mention that this warning message was produced by Teatimer and the Delete Associated file was checked. Can a file restore be done?
Yodama
2011-02-08, 11:13
hello,

this appears to be a false positive with the TeaTimer. Unfortunately the TeaTimer does not create backups of the files it deletes.

The file ati2sgag.exe is a minor file used for graphic configuration, you will get a new one if you update your graphics drivers and tools the next time. ATI releases updates quite frequently.

TeaTimer scans may get interrupted by other software thus resulting in false positives. If you use other realtime scanners (mostly included with antivirus) you should disable the TeaTimer:

start Spybot S&D
switch to advanced mode
navigate to tools - resident
uncheck the box for resident TeaTimer to disable the TeaTimer and remove it from Systemstart