sxs2.exe
Dear janechongyc !
Welcome to China!
sxs2.exe is a Chinese breed of malware, on various Chinese support websites, there are many postings on this malware, but they are all in Chinese, and mine is not good enough to read the stuff. But since I live here (China) I know sxs2.exe very well, unfortunately.
It spreads via USB sitcks and mp3 players. sxs2.exe is the program which is executed by an infected autorun.inf If you look at the infected autorun.inf you will find some command lines that lead directly to a launch of sxs2.exe
sxs2.exe is a hidden file, autorun a system file - so make sure to change your settings (properties - windows explorer) so you can see ALL files including system files and hidden files.
As long as the autorun is not enabled or as long as you just look at the folders on your USB stick or mp3 player and delete the malicious stuff (including the autorun) nothing can happen. So check first then use.
Once the sxs2.exe has been activated it is a nasty stuff. Avira antivir, Norton and MacAffee do not recognize it. Rising does if it is the newest edition (older versions don't) AVG antivirus from Grisoft does recognize it best, as far as I could find out. (Have not yet confronted Kaspersky and Bitdefender with this problem)
Once the sxs2.exe is executed all kind of nasty things happen.
1. It spreads via USB sticks and Mp3 players.
2. It changes the date to April 1980.
3. It dublicates files.
4. If might cause troubles with the file location.
5. In the end you can't use your USB stick or mp3 any longer.
What you can do
1. Try to get a good antivirus program (like AVG free down load or even better ones)
2. Clean up your system.
3. Have a close look at you stick.
4. Delete autorun and sxs2.exe on ALL your USB sticks or mp3s.
5. Clean your USB stick or mp3 with a good antivirus.
6. Try to back up all the file you need.
7. Delete or better SAFE erase all the files on your USB stick or mp3.
8. Formate it (NOT quick format)
9. Clean all the systems your USB stick or mp3 has come into contact with.
10. Warn your friends.
Good luck
Muggle
ohya, this is the message from my antivurus software NOD 32.
The virus is found from my mp3 player, when i plug in my new mp3 into my computer, it come out two removeable disk, disk G and disk h (normally it come out 1 disk only).
Disk G is normal, but when i click Disk H, it come out the message said: the drive is not formatted, would you like to format it now?
Then i click on yes to format, after i format it will come out a few files with unreconized file......
terrible, after format the file still there, and the files also cannot be deleted...
i suspect it is the new virus that call sxs2...how to kill it?
it is still in my mp3?
Thanks!
