sbosycjwf.exe

[trelales]

The programme sbosycjwf.exe loads via my startup menu. It is located in C:\WINDOWS|System 32

I have no information on this. I have googled it but no information is available. I have run a Norton scan on it and it found no virus etc.

It does not seem to have any major effect on my computer but it would be nice to know what it is.

Any ideas, please

[Rik]

It may well be malware:

http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/420684/an/0/page/0

Run something like Malwarebytes to be sure.

[Glenn]

It's a rare beast, only 1 hit with Google

[Rik]

Even then it thought I meant something else.

[Simon]

Some of these just have random names, hence little joy with Google.  As Rik said, run a scan with Malwarebytes, and / or Super Anti Spyware.

[JB]

Try uploading the suspect file to:-

http://www.virustotal.com/

It will scan the file and report any virus or malware. If it has seen the file before, even under a different name, it will recognise it.

Hope that helps.

[trelales]

Thank you all for your replies.

1. I uploaded the file to virustotal and on the first scan the results showed that IKARUS (whoever they are) identified it as a "IM-WORM.Win32.Prex.D". This was in 2008 which is when my file arrived.

I re -uploaded and there were no results relating to this file.

2. I downloaded malwarebytes and run. It found 12 errors but not the sbos.....

3. I then ran a malwarebytes scan of the sbos... file and it came back with "No malicious items were detected".

So where are we.

The file is still there.

I have stopped it loading via my startup

Am I to assume that there are no problems with it?

[Rik]

If you right click the file and select 'Properties' what does it say?

[Glenn]

Go to your AV providers website and search for IM-WORM.Win32.Prex.D removal it should tell you what to do.

[Simon]

You could also try Super Anti Spyware. 

[trelales]

In response to Rik.

Properties.

Under General

File name - sbosycjwf.exe
Type - Application
Description - sbosycjwf
Location - C:\WINDOWS\system32
Created - 17.8.08
Modified- 27.1.09
Accessed - 28.1.09

Does this help?

PS I run Norton Security 2008. Will try their website. Watch this space.

[Rik]

Sorry, forgot to mention 'click on the version tab'.

[trelales]

Hi Rik,

Version is   1.0.0.0

[trelales]

Further to my previous post, I have searched the Norton website and found a reference to the worm which seems to go under various names.

http://www.symantec.com/security_response/writeup.jsp?docid=2005-043023-5226-99&tabid=1

Will try this out tomorrow.

[Sebby]

Fingers crossed that'll sort it.

[Rik]

Hi Rik,

Version is   1.0.0.0

No reference to the author? Most valid files will list a company name in the first field.

[trelales]

So, here I am again with the latest news.

I followed the instructions on the Norton website ie turn off system restore, update and then a full scan. Nothing found

I scanned the sbos...file again with Norton and Malwarebytes and again nothing found.

The little so and so was still there.

I right clicked on the file and found an action "Shred(Wash with bleach)". I thought what the hell, let's give it a blast with this and, lo and behold, it has gone.

Thanks to everyone for their help.

[Rik]

They can be a pain to get rid of at times. It might pay you to turn off System Restore (which will delete all the restore points) then turn it back on, as sometimes the files hide in there.

[somanyholes]

i'd be tempted to open the .exe file up with something like notepad ++ and see what you can see if you really are concerned about it....