7 Replies Latest reply on Sep 11, 2010 6:36 PM by Felipe

    sbpad.exe, dxwuat.exe, rvlox.exe?



      Hi, I am new using this, but I have many problems, and I have searched in McAfee library about them, but they are not registered:


      The first one deleted all the files from my USB, and created a group of folders or aplications like folders. This folders have the name of common Windows folders, like "Documents", "Photos", & "Music". The name of the malware is sbpad.exe. The others are dxwuat.exe, p.exe, gefr.exe and rvloz.exe.

           Also there is a file, which I don't know if is a virus, that has a long name:

      \REGISTRY\User\S-1-5-21-3172892418-1466560630-1935879851-1000\Software\Microsoft \Windows\CurrentVersion\Run.

           I tried using an antivirus called Prevx 3.0, and it says that the last one is caused by rvloz.exe.


      My question: Help!!!



      on 9/09/10 10:29:40 PM CDT



      El mensaje fue editado por: Felipe on 9/09/10 10:34:22 PM CDT
        • 1. Re: sbpad.exe, dxwuat.exe, rvlox.exe?

          Hi Felipe,


          If you infected with something and have trouble finding what is causing the infection, I'd suggest giving this handy tool a try.


          "McAfee GetSusp is intended for users who suspect undetected malware on their system. By using a combination of clever heuristics and querying McAfee's online database of known clean files to gather suspicious files, GetSusp eliminates the user's need for deep technical knowledge of computer systems to isolate undetected malware. McAfee GetSusp is recommended as a tool of first choice when analyzing a suspect machine."


          Get it from here:


          Once GetSusp identifies and collects the suspect files, post the logs here and we community members can help.


          Vinoo Thomas
          Technical Product Manager, McAfee Labs

          • 2. Re: sbpad.exe, dxwuat.exe, rvlox.exe?

            Thanks, Vinoo, but the program says at the end: "Suspicious samples have not been delivered to Mcafee Labs". It says that is because the size, so, I don´t know how to send it...

            Thanks again. Just in case you can use it, there is a zip file created by GetSusp.exe with some suspicious elements.

            Atte. Felipe

            • 3. Re: sbpad.exe, dxwuat.exe, rvlox.exe?

              McAfee GetSusp was successfully able to identify two malicious files on your system. One of them is >3MB in size and hence the upload failed. This information will suffice for our virus analysts monitoring the community to add detection for these files.


              Thanks for posting the scan results.





              McAfee GetSusp Scan Results

              To download the tool, visit the McAfee Labs Tools website

              Suspicious Files

              Status MD5 Location File Name Attribute Company Description Product Version File Version File Size Creation Date Modification Date Type Scan Error
              UNKNOWN f46074bfd576caaf8ce41f43361ef102 C:\Users\Felipe Vidal Otero\svcpad svcpad.exe HS 1.00 1.00 3,231,744 09/10/2010 07:20 09/10/2010 07:20 Process
              UNKNOWN 4f7dfe8e99ffa5a16e2cffbe73b8c4be C:\Users\Felipe Vidal Otero weamua.exe HRS 1.81 1.81 208,896 09/10/2010 07:19 09/10/2010 07:19 Process

              Need help or advice removing malware? Visit the McAfee Community

              1 of 1 people found this helpful
              • 4. Re: sbpad.exe, dxwuat.exe, rvlox.exe?

                Thanks Vinoo, but anyway, I submit another file that I already sent to McAfee-Labs via E-mail, but they didn't answer to me, so I don't know if they received it. Here are the things that I think had destroyed my USB. The password is "infected". Thanks again, I hope you can solve it...



                El mensaje fue editado por: Felipe on 10/09/10 05:56:56 PM CDT



                Message was edited by: Ex_Brit on 11/09/10 7:47:33 EDT PM
                • 5. Re: sbpad.exe, dxwuat.exe, rvlox.exe?

                  Hi Felipe,


                  I've pinged our virus analysts to take at look at the files you've posted.


                  The zip file that was posted to the forum was not password protected. Please take care to password protect zip files next time you post anything malicious. This would prevent users accidentally downloading and executing files posted on the forum.



                  • 6. Re: sbpad.exe, dxwuat.exe, rvlox.exe?

                    Oh, God! I'm so sorry!, but it was suposed to have a password, I don't know what could happen. I checked it a lot of times, I don't understand. Anyway, I hope I have been helpful, and doesn't think twice at asking me to do anything else. Thanks for the help, & hope you can solve it.

                    Atte. Felipe

                    • 7. Re: sbpad.exe, dxwuat.exe, rvlox.exe?
                      Peter M

                      I moved this topic to Home User Assistance from the Malware Discussions master forum and password protected that file...password infected.