SXE8.TMP What is? Help me

[marcofirenze]

Hi to all and thanks for reading this message.

I have a lot of message from Avast on my computer that says something about SXE.TMP or SEX8.TMP and seemd to be a virus or a worm or trojan hourse but does nothing.

I discover that there were some files named sex....tmp in the root directory of C: and I deleted them.

Maybe I have to clean also the registry but now I want to know what are these files and why Avast put on my desktop a lot of messages on different windows saying there is Sxe.tmp on my computer.


Thanks a lot for any possible help.


Marcofirenze from Italy.
marcofirenze@libero.it

[szc]

I am not sure will this help you or not, but sure you can get a better picture of what sxe.exe really is...

http://forums.windrivers.com/showpost.php?s=d9e951579fb501511db492470f33a166&p=457517&postcount=8

Cheers !

EDIT: Link for the whole thread:

http://forums.windrivers.com/showthread.php?t=58847

[FreewheelinFrank]

Following S.Z.Craftec's trail, sxe.exe seems to be associated with a folder called f0r0r which is impossible to delete, and f0r0r seems to be a symptom of Hacker Defender rootkit, which hides malware and makes it almost impossible to delete.

Microsoft have added Hacker Defender removal to their Malicious Software Removal Tool, so that might be worth a try:

http://www.eweek.com/article2/0,1895,1785621,00.asp

Other products worth a try are:

UnHackMe:

http://www.snapfiles.com/get/unhackme.html

Blacklight:

http://www.f-secure.com/blacklight/

[marcofirenze]

Thanks all but I cannot remove it.

I discover that there is also REMON.SYS and I find some files sxe*.tmp in the root of my c:


Now Avast find a lot of remon.sys trojian hourses but I can do nothing.


Marco

[Lisandro]

Now Avast find a lot of remon.sys trojian hourses but I can do nothing.

Marco, did you try a boot time scanning? And what about boot in Safe Mode and scan from there?
Maybe other antispywares and antitrojans could help...

[DavidR]

Thanks all but I cannot remove it.

I discover that there is also REMON.SYS and I find some files sxe*.tmp in the root of my c:

Now Avast find a lot of remon.sys trojian hourses but I can do nothing.

A forum search for remon.sys should return some hits as this has been covered I believe it 's a part of the HackTool RootKit and as such very difficult to remove (it keeps getting restored by the other hidden elements).

UnHackMe - Claims to fix this Hacktool rootkit: http://www.greatis.com/unhackme/ let us know how you get on.
RootKitRevealer from system internals - http://www.sysinternals.com/utilities/rootkitrevealer.html, this will check if there is in fact a rootkit type virus deeply hidden.
Also see Hidden things http://invisiblethings.org

Some further information.
It would appear that you have a rootkit variant running as a Windows service. These are hidden and you will have to disable the service before you can remove the malware. avast! can remove elements but the will be back. Check these forum topics:
http://forum.avast.com/index.php?topic=16580.0
http://forum.avast.com/index.php?topic=14587.msg123385#msg123385
http://forum.avast.com/index.php?topic=14618.msg125345#msg125345 and the rest of the topic.

Virus Keep Coming Back - possible rootkit infection - msdirectx.sys, etc.
http://forum.avast.com/index.php?topic=14618.msg142666#msg142666

[FreewheelinFrank]

Could you post a HijackThis! log for us?

http://www.bleepingcomputer.com/forums/tutorial42.html

[Abraxas]

Thanks all but I cannot remove it.

I discover that there is also REMON.SYS and I find some files sxe*.tmp in the root of my c:


Now Avast find a lot of remon.sys trojian hourses but I can do nothing.


Marco

That's a shame , I would have been interested to have seen how this story ended after using;  UnHackMe; RootKitRevealer; and looking at the  HijackThis  log .

[CharleyO]

***

Yeah, it is a shame that we do not get to help resolve the issue ... or get to understand the full problem ... when a poster just does not come back.   


***