smsogx32.exe - what is this??

[fan]

I have a Dell Dimension 8400 using WinXP Pro.

Yesterday when I shut down my computer, it said that an update needed
to be installed that could not be installed with just a re-start, and
that my computer needed to be completely shut down. Upon powering up
again afterwards, McAfee Personal Firewall (Build 6.1.6144) detected a
program, smsogx32.exe, that wanted to connect to the internet, but the
firewall did not recognize it.

The file, smsogx32.exe, was in the C:\WINDOWS\SYSTEM32 folder. When
that file, and then the entire folder, were scanned with McAfee
VirusScan (version 9.1), no virus was found.

McAfee tech support did not recognize it either, advised me that it
might possibly be a virus, and suggested that I delete it. However, it
would not delete, saying that another program was using it, so the
tech support said to go into safe mode and delete it, which I did.
Upon rebooting into normal mode, everything has seemed to be fine.

However, I can not find *any* reference through either "google web" or
"google groups" to this file, smsogx32.exe.

Can someone please tell me what smsogx32.exe is? Thanks.

 

[David H. Lipman]

From: "fan" <[email protected]>

| I have a Dell Dimension 8400 using WinXP Pro.
|
| Yesterday when I shut down my computer, it said that an update needed
| to be installed that could not be installed with just a re-start, and
| that my computer needed to be completely shut down. Upon powering up
| again afterwards, McAfee Personal Firewall (Build 6.1.6144) detected a
| program, smsogx32.exe, that wanted to connect to the internet, but the
| firewall did not recognize it.
|
| The file, smsogx32.exe, was in the C:\WINDOWS\SYSTEM32 folder. When
| that file, and then the entire folder, were scanned with McAfee
| VirusScan (version 9.1), no virus was found.
|
| McAfee tech support did not recognize it either, advised me that it
| might possibly be a virus, and suggested that I delete it. However, it
| would not delete, saying that another program was using it, so the
| tech support said to go into safe mode and delete it, which I did.
| Upon rebooting into normal mode, everything has seemed to be fine.
|
| However, I can not find *any* reference through either "google web" or
| "google groups" to this file, smsogx32.exe.
|
| Can someone please tell me what smsogx32.exe is? Thanks.


Please submit a sample of "smsogx32.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:[email protected]?subject=SCAN

When you get the report, please post back the exact results.

 

[Max Wachtel]

(e-mail address removed) AKA fan on 1/7/2006 in

I have a Dell Dimension 8400 using WinXP Pro.

Yesterday when I shut down my computer, it said that an update needed
to be installed that could not be installed with just a re-start, and
that my computer needed to be completely shut down. Upon powering up
again afterwards, McAfee Personal Firewall (Build 6.1.6144) detected a
program, smsogx32.exe, that wanted to connect to the internet, but the
firewall did not recognize it.

The file, smsogx32.exe, was in the C:\WINDOWS\SYSTEM32 folder. When
that file, and then the entire folder, were scanned with McAfee
VirusScan (version 9.1), no virus was found.

McAfee tech support did not recognize it either, advised me that it
might possibly be a virus, and suggested that I delete it. However, it
would not delete, saying that another program was using it, so the
tech support said to go into safe mode and delete it, which I did.
Upon rebooting into normal mode, everything has seemed to be fine.

However, I can not find any reference through either "google web" or
"google groups" to this file, smsogx32.exe.

Can someone please tell me what smsogx32.exe is? Thanks.

******************Reply Separator*************************

Malware can use random names. Since you deleted it,do a search of your
drives and see if it is still there. If found,submit it to virus total
http://www.virustotal.com/flash/index_en.html

max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Specific Fixes: http://home.neo.rr.com/manna4u/fixes.html
Forums for HiJackThis Logs:
http://home.neo.rr.com/manna4u/forums_for_hijackthis_logs.html
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236

 

[fan]

(e-mail address removed) AKA fan on 1/7/2006 in

******************Reply Separator*************************

Malware can use random names. Since you deleted it,do a search of your
drives and see if it is still there. If found,submit it to virus total
http://www.virustotal.com/flash/index_en.html

max

Unfortunately, a search of my drives produces no results. Apparently
it really was deleted and is gone.

This was my first experience with such a "close call", and it didn't
occur to me to save it. Should this happen again, what's the best,
safest way to save the suspect file? Copy it onto a floppy or CD-r,
perhaps?

Thanks very much for both replies.

-fan

 

[Max Wachtel]

(e-mail address removed) AKA fan on 1/8/2006 in

needed >> to be installed that could not be installed with just a
re-start, and >> that my computer needed to be completely shut down.
Upon powering up >> again afterwards, McAfee Personal Firewall (Build
6.1.6144) detected a >> program, smsogx32.exe, that wanted to connect
to the internet, but the >> firewall did not recognize it.
However, it >> would not delete, saying that another program was
using it, so the >> tech support said to go into safe mode and delete
it, which I did. >> Upon rebooting into normal mode, everything has
seemed to be fine. >>

Unfortunately, a search of my drives produces no results. Apparently
it really was deleted and is gone.

This was my first experience with such a "close call", and it didn't
occur to me to save it. Should this happen again, what's the best,
safest way to save the suspect file? Copy it onto a floppy or CD-r,
perhaps?

Thanks very much for both replies.

-fan

******************Reply Separator*************************
Put it in the quarantine folder(it will be safe there) and then submit
it to VirusTotal.If you want to save it for submission to AV vendors
put it in a password-locked zip file.

max
--
Virus Removal Instructions: http://home.neo.rr.com/manna4u/
Keeping Windows Clean: http://home.neo.rr.com/manna4u/keepingclean.html
Windows Help: http://home.neo.rr.com/manna4u/tools.html
Specific Fixes: http://home.neo.rr.com/manna4u/fixes.html
Forums for HiJackThis Logs:
http://home.neo.rr.com/manna4u/forums_for_hijackthis_logs.html
To reply by e-mail change nomail.afraid.org to gmail.com
nomail.afraid.org is setup specifically for use in USENET
feel free to use it yourself. Registered Linux User #393236

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Unfortunately, a search of my drives produces no results. Apparently
it really was deleted and is gone.

This was my first experience with such a "close call", and it didn't
occur to me to save it. Should this happen again, what's the best,
safest way to save the suspect file? Copy it onto a floppy or CD-r,
perhaps?

Copy it (not necessarily to CD, up to you though) and rename it to have the
".dat" or ".bin" file extension. That way if it's inadvertently
double-clicked on it won't execute.

I believe adding this file extension doesn't interfere with VirusTotal so
you can still send it in that state.

You could see if it's in the Recycle Bin or use a deleted file recovery
program[1] to try and undelete it.

Cheers

[1]:
http://www.pricelesswarehome.org/2006/PL2006FILEUTILITIES.php#Files:Undelete

Adam Piggott,
Proprietor,
Proactive Services (Computing)
http://www.proactiveservices.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDwPYx7uRVdtPsXDkRAnErAJ9Bg7dI1Q6RVj1TTLOqowgTgHmW6ACffH6z
t8utypJghHeD5kFqghspIY8=
=NXUF
-----END PGP SIGNATURE-----

 

[rjdriver]

I have a Dell Dimension 8400 using WinXP Pro.

Yesterday when I shut down my computer, it said that an update needed
to be installed that could not be installed with just a re-start, and
that my computer needed to be completely shut down. Upon powering up
again afterwards, McAfee Personal Firewall (Build 6.1.6144) detected a
program, smsogx32.exe, that wanted to connect to the internet, but the
firewall did not recognize it.

The file, smsogx32.exe, was in the C:\WINDOWS\SYSTEM32 folder. When
that file, and then the entire folder, were scanned with McAfee
VirusScan (version 9.1), no virus was found.

McAfee tech support did not recognize it either, advised me that it
might possibly be a virus, and suggested that I delete it. However, it
would not delete, saying that another program was using it, so the
tech support said to go into safe mode and delete it, which I did.
Upon rebooting into normal mode, everything has seemed to be fine.

However, I can not find *any* reference through either "google web" or
"google groups" to this file, smsogx32.exe.

Can someone please tell me what smsogx32.exe is? Thanks.

Here's what I found:

http://www.trendmicro-middleeast.com/enterprise/vinfo/encyclopedia.php?VName=BKDR_BREPLIBOT.U

http://www.sophos.com/virusinfo/analyses/trojstinxk.html


Bob

 

[fan]

I have a Dell Dimension 8400 using WinXP Media Center, which came with
McAfee Suite. However, McAfee failed to catch smsogx32.exe, so now I'd
like to change over to Norton/Symantec.

If I get NortonSystemWorks2006, which includes Norton AntiVirus, will
I still need to get a firewall, or does it have everything needed to
optimally protect my computer?

Thanks.

 

[Noel Paton]

I have a Dell Dimension 8400 using WinXP Media Center, which came with
McAfee Suite. However, McAfee failed to catch smsogx32.exe, so now I'd
like to change over to Norton/Symantec.

If I get NortonSystemWorks2006, which includes Norton AntiVirus, will
I still need to get a firewall, or does it have everything needed to
optimally protect my computer?

If you get Norton SystemWorks 2006 - you'll regret it! (but yes, it does
include a firewall - which can develop a nasty habit of locking you out of
the internet)

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[optikl]

If you get Norton SystemWorks 2006 - you'll regret it! (but yes, it does
include a firewall - which can develop a nasty habit of locking you out of
the internet)

Noel, are you sure "SystemWorks" includes a firewall? NIS does. I
thought SystemWorks included only NAV, NU, Ghost, Go-Back, stuff like that.

 

[Noel Paton]

Noel, are you sure "SystemWorks" includes a firewall? NIS does. I thought
SystemWorks included only NAV, NU, Ghost, Go-Back, stuff like that.

Ooops! - you're right!
It'll probably still manage to lock you out of the internet somehow,
anyway! - one way or another
a.. Norton AntiVirusT - likely to chew CPU cycles for breakfast
b.. Norton UtilitiesT - likely to do all sorts of wonderful damage to the
unwary user's PC
c.. Norton GoBackT - chews disk space (and CPU cycles, if there's any
left after NAV got there first)
d.. CheckIt® Diagnostics - Standard diagnosis - "windows is bust - let's
break it more!"
e.. System Optimizer - AKA "How to screw Windows by pushing buttons when
you have no idea of the consequences"
f.. ...and they don't even mention LiveUpdate, that killer-of-Windows
systems!!
Thanks for the cluestick application!

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's

 

[fan]

I have a Dell Dimension 8400 using WinXP Media Center, which came with
McAfee Suite. However, McAfee failed to catch smsogx32.exe, so now I'd
like to change over to something better.

I see lots of negative comments about both McAfee and Norton, so how
does PC-cillin (Trend Micro) compare?

Thanks.

 

[Ron Lopshire]

I have a Dell Dimension 8400 using WinXP Media Center, which came with
McAfee Suite. However, McAfee failed to catch smsogx32.exe, so now I'd
like to change over to something better.

I see lots of negative comments about both McAfee and Norton, so how
does PC-cillin (Trend Micro) compare?

I use KAV. Some AV info for your perusal:

AV-Test (Andreas Marx - Germany)
(http://www.av-test.org/)
AV-Comparatives (Andreas Clementi - Austria)
(http://www.av-comparatives.org/)
Virus.gr (VirusP - Greece)
(http://www.virus.gr/english/fullxml/default.asp)
Food for thought (Eugene Kaspersky)
(http://www.viruslist.com/en/analysis?pubid=174405517)

Here are the preferences that I have gleaned from the various
security/paranoia NGs in which I hang out:

Free: AVG, Avast!, AntiVir
Paid: KAV, NOD32
Bottom of the List: Norton, McAfee

Note that the knock against NAV and McAfee is due to bias (they're the
big guys) and issues not related to detection rates.

I got the link to Virus.gr from a post by Markku Virtanen in a.c.f. Is
anyone familiar with this site or VirusP, the Greek virus collector?

And fan, a couple of points:

1) When you switch topics, start a new thread. You will get more
reads, and it is less confusing for everyone.

2) Do you own the rights to fan.com? If not, using it on Usenet will
cause all kinds of problems for the poor bastard who does. If you do,
that's a lot of fans. <g>

Ron

 

[Art]

I have a Dell Dimension 8400 using WinXP Media Center, which came with
McAfee Suite. However, McAfee failed to catch smsogx32.exe, so now I'd
like to change over to something better.

I see lots of negative comments about both McAfee and Norton, so how
does PC-cillin (Trend Micro) compare?

The McAfee scan engine has long been top notch, so it doesn't make
sense to switch if missing one malware is your only complaint. Only if
you have other complaints and want to try a different scanner should
you consider switching, IMO. In that case, PC-cillin wouldn't be at
the top of my list of recommendations. A real heavy-hitter in the
detection department is Kaspersky, and I suggest taking a look at
the new version 6 of KAV when it's out of Beta.

Art
http://home.epix.net/~artnpeg

 

[(PeteCresswell)]

Per fan:

I see lots of negative comments about both McAfee and Norton, so how
does PC-cillin (Trend Micro) compare?

I've got PC-Cillin and have two gripes:

1) TrendMicro support does not respond to my questions.

2) The notification of a real time virus attack is interruptive.
i.e. If you're in MS Word and typing something and that little
notification pops up, it takes focus and swallows your keystrokes.
This means that if you manage to acquire malware that sends requests
to other PC's to try to hit yours, those hits may come at the rate of
several per second - making the PC-Cillin's dialog pop/take focus
that often. Effectively, this disables your workstation.

 

[Art]

Virus.gr (VirusP - Greece)
(http://www.virus.gr/english/fullxml/default.asp)

The description of their sample selection (using av scanners to
decide what samples to use) indicates it's another "crap" test
site. However, I noticed CyberScrub antivirus which had a very
high score, and did some checking around on it.

It won't install since it detects KAV on my PC which it called
"another CyberScrub product". Sure enough, it's another
product using the KAV scan engine:

http://www.cyberscrub.com/company/news.php#lynne_russell

Notice the second article down, where Mrs. Kaspersky is signing
the agreement back in 2004.

I might have a go at uninstalling KAV and trying to install CSAV
since I'd like to explore its user interface and evaluate it. It
sounds like it might be a inexpensive alternative way of
getting the benefit of the Kaspersky scan engine, since they
sell a 5 year license. OTOH, if it doesn't use the speedup
techniques Kasperksy now uses, it might be too slow and
sluggish for many users.

Has anyone else taken a look at CSAV?

Art
http://home.epix.net/~artnpeg