NewHeur_PE virus
probably unknown NewHeur_PE virus found in operating memory. No action can be taken while the file is in memory. Click "Leave" to continue and subsequently run the cleaning of all local disks. System memory infection originated from file G:\sxs2.exe.
help!!
janechongyc:
Can you provide a few more details? For example: What is the source of the message? Is it coming from your anti-virus or is it originating from some unknown source inducing you to buy (license) a product to cure the problem?
Getting an answer is one thing, learning is another.
Microsoft Windows XP Home Edition running on a 2.40GHz Intel® Pentium® 4 Processor with 512 MB of RAM and a 533 MHz System Bus.
ohya, this is the message from my antivurus software NOD 32.
The virus is found from my mp3 player, when i plug in my new mp3 into my computer, it come out two removeable disk, disk G and disk h (normally it come out 1 disk only).
Disk G is normal, but when i click Disk H, it come out the message said: the drive is not formatted, would you like to format it now?
Then i click on yes to format, after i format it will come out a few files with unreconized file......
terrible, after format the file still there, and the files also cannot be deleted...
i suspect it is the new virus that call sxs2...how to kill it?
it is still in my mp3?
Thanks!
Hello.
Please follow the procedure in this link: "BEFORE you POST" Mandatory Steps Before Requesting Assistance
Then start your own thread in the Malware Removal Forum
Once you have posted a helper will advise you as soon as available.
Regards.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
sxs2.exe
Dear janechongyc !
Welcome to China!
sxs2.exe is a Chinese breed of malware, on various Chinese support websites, there are many postings on this malware, but they are all in Chinese, and mine is not good enough to read the stuff. But since I live here (China) I know sxs2.exe very well, unfortunately.
It spreads via USB sitcks and mp3 players. sxs2.exe is the program which is executed by an infected autorun.inf If you look at the infected autorun.inf you will find some command lines that lead directly to a launch of sxs2.exe
sxs2.exe is a hidden file, autorun a system file - so make sure to change your settings (properties - windows explorer) so you can see ALL files including system files and hidden files.
As long as the autorun is not enabled or as long as you just look at the folders on your USB stick or mp3 player and delete the malicious stuff (including the autorun) nothing can happen. So check first then use.
Once the sxs2.exe has been activated it is a nasty stuff. Avira antivir, Norton and MacAffee do not recognize it. Rising does if it is the newest edition (older versions don't) AVG antivirus from Grisoft does recognize it best, as far as I could find out. (Have not yet confronted Kaspersky and Bitdefender with this problem)
Once the sxs2.exe is executed all kind of nasty things happen.
1. It spreads via USB sticks and Mp3 players.
2. It changes the date to April 1980.
3. It dublicates files.
4. If might cause troubles with the file location.
5. In the end you can't use your USB stick or mp3 any longer.
What you can do
1. Try to get a good antivirus program (like AVG free down load or even better ones)
2. Clean up your system.
3. Have a close look at you stick.
4. Delete autorun and sxs2.exe on ALL your USB sticks or mp3s.
5. Clean your USB stick or mp3 with a good antivirus.
6. Try to back up all the file you need.
7. Delete or better SAFE erase all the files on your USB stick or mp3.
8. Formate it (NOT quick format)
9. Clean all the systems your USB stick or mp3 has come into contact with.
10. Warn your friends.
Good luck
Muggle
Originally Posted by janechongyc
janechongyc started a topic here: http://forums.spybot.info/showthread.php?t=12440
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
delete sxs2.exe
I've been recently in china and I've brought back this shit virus on my USB stick!
I've found a software which can delete easily the process on the computer.
here is the link:
then check the process which are running when windows starts. The icon which corresponds to this checking is the icon named "Startup" (third icon in the second row of the menu).
You will finf sxsé.exe and then click on "delete"
good luck
Last edited by tashi; 2007-04-19 at 16:28. Reason: link removed, malware infections need analysis before advice on removal is given
I've been recently in china and I've brought back this shit virus on my USB stick!
I've found a software which can delete easily the process on the computer.
here is the link:
then check the process which are running when windows starts. The icon which corresponds to this checking is the icon named "Startup" (third icon in the second row of the menu).
You will finf sxsé.exe and then click on "delete"
good luck
Could you send me the link? i've just formatted and this fu**ing sxs2.exe has infected my pc... thanks
Last edited by tashi : 2007-04-19 at 07:28. Reason: link removed, malware infections need analysis before advice on removal is givenPlease make sure if you chose that route, it is via PM and not posted here.
Our Malware Removal Forum is where experienced volunteers assist in removing infections.
Cheers.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
ups... sorry...
btw, does Spybot-S&D or other anti-malware/spyware software recognise and fix the sxs2.exe?
Posting Permissions
Reply With Quote