Hmmm... it's not on this list either {clicky} (http://www.lafn.org/webconnect/mentor/startup/PENINDEX.HTM) . I'm not trying to say that list has everything, but it's never failed me before. Check the site, see if you misspelled or if the program running is called something different.

[EDIT]

I can't find anything on google or a google Groups search. And it's not on in my WinXP directory.

It's also not in {this} (http://www.sysinfo.org/startuplist.php?type=&filter=&count=100&offset=3300) bigger list.

Hmmm... this could be nothing, but I suprised there's no info anywhere. Keep us informed Pathfinder.

[ May 22, 2004, 13:23: Message edited by: Arkcon ]

Yep, I had same results. Not on my system, not on Google, and not on SARC.

Adaware doesn't recognize it either....

It seems bit unlikely to be part of Windows if it's behaving in such a blatantly intrusive way. Boot in 'safe' mode and it will not be activated. Then you can safely delete it. You might want to make sure you have the very latest data file for Adaware, and maybe also dowwnload Spybot S&D because there are so many spyware and spamware programs out there that it sometimes requires both to remove them all.

Baron: That didn't work either.

This p.o.s. installed at 5 pm yesterday, somehow, someway.

1st, see if it is running as a service, if it is, then stop the service and then remove the file.

2nd, build a boot disk and use it to boot the system, then drill down to the file and wipe it out.

You can also run 'MSCONFIG' and see if it's listed under the Startup Tab. If it is, then you can remove the checkmark next to it, save & exit, and then reboot. If it's necessary to anything, you'll get an error about it. If everything appears to run smoothly though, then you can go back in and permenantly remove it (or just leave the checkmark deselected).

It isn't in the startup tab.

called it up in wordpad and it appears to be some form of internet blocker/filter. I didn't install it or set it up, so it makes me very angry... http://forum.shrapnelgames.com/images/icons/icon8.gif

[ May 22, 2004, 16:01: Message edited by: pathfinder ]

Pathfinder, I'm in the mood to post your problem on the USENET and see if anyone has a clue. Don't know if you've decided to do that yourself. If you hate the USENET, don't worry, I won't let the message get traced back to you. I'm just steamed that the progam exists, and there's no info on it anywhere. Anyway, can you give me some more system info -- computer model (Dell, Toshiba, or just say homebrew), and what Version of Windows (98, XP) you're using?

Originally posted by Arkcon:
Pathfinder, I'm in the mood to post your problem on the USENET and see if anyone has a clue. Don't know if you've decided to do that yourself. If you hate the USENET, don't worry, I won't let the message get traced back to you. I'm just steamed that the progam exists, and there's no info on it anywhere. Anyway, can you give me some more system info -- computer model (Dell, Toshiba, or just say homebrew), and what Version of Windows (98, XP) you're using? <font size="2" face="sans-serif, arial, verdana">XP (Home edition, v 2002 w Sp1), homebrew PC (athalon 1700+ cpu on an asus Mobo), 512 MB ram, MSI GeForce 4200 with 64 MB ram (53.03 nvidia drivers), Creative SB, 80 GB HDD (can't remember make) with a 40 GB secondary drive. mobo uses nforce drivers.

I don't know jack about usenet, so no biggy. thanks for asking.

[ May 22, 2004, 18:42: Message edited by: pathfinder ]

"siae3123.exe" looks like randomly generated filename to me. I recall reading somewhere that some evil programs install themselves with randomly generated names in order to be harder tracked down. Little help, but at least it can explain why you can't find info about it.

Even if my knowledge of informatics is about nill, I read something along the lines of what BBgemott mentioned as well. The fact that Google finds nothing is very unusual, so I would believe it is a name that has been generated at random.

Likewise, it might be that this exe has cousins on your computer, to avoid being suppressed too easily. Once I had a somewhat similar virus, which was present in several exes and used a few different names (it didn't generate names as far as I know though). How to get rid of it without invoking the Format spell is another matter obviously, but I would expect the Usenet to have better answers available. (My understanding of it is that it is basically a *lot* of newsGroups and includes other discussions, news and so on)

I found a registry entry in windows search assistant and deleted that. We'll see if this is permadeath.

Nope. Got rid of 2 registry entries in search assistant/ACMru folder. It still pops up.

[ May 22, 2004, 20:55: Message edited by: pathfinder ]

Well...., first check if it's a service (control panel->Administrative tools->Services, you can right click on every proccess and in properties check the filename), if it's not a process then program must be started from the registry or the StartUp on the Start->Programs->StartUp menu, so, first check these keys in the registry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run
I think you have the administrator account don't you?, anyway check on the "Document and settings" folder located on the root of your hard-disk usually C:, then on the folder Administrator if you are the administrator or the folder with your user name, check all the folder for a shortcut o the file.
Well i hope you understand something, sorry for my english.

Wow... you've got one of those really intricate self-preserving spyware programs. Have you run a simple integrity check of your system files? It might have replaced a basic system file with a different copy including a re-installer for itself. Under Win 9x you run the sysinfo utility and there's an option to run the system file checker under the tools menu. Dunno what the equivalent is for 2k/XP.

I think you really need to get Spybot S&D. It's pretty good at destroying nasties like this.

http://www.safer-networking.org/

Originally posted by Baron Munchausen:

I think you really need to get Spybot S&D. It's pretty good at destroying nasties like this.

http://www.safer-networking.org/ <font size="2" face="sans-serif, arial, verdana">Thanks, Baron. I was using ver 1.2, I didn't know there was a new better Version until I clicked.

Pathfinder:
OK. Some guy on the USENET has seen similar filename in systems built on SiS chipsets. You have an asus Mobo, which I didn't post the USENET 'cause I didn't think it was important (Dumb!).

I'll post more info on the USENET later. But until then there is something to try. Run msinfo32. Maybe you've seen this program before, but it's new to me. It lists all hardware components and the files they require.

I know you're sure it's a new program, but maybe it's needed for your hardware, got spoofed (or innocently damaged), and can be repaired by reinstalling hardware drivers from the install CD-ROM.

Originally posted by Baron Munchausen:
Wow... you've got one of those really intricate self-preserving spyware programs. Have you run a simple integrity check of your system files? It might have replaced a basic system file with a different copy including a re-installer for itself. Under Win 9x you run the sysinfo utility and there's an option to run the system file checker under the tools menu. Dunno what the equivalent is for 2k/XP.

I think you really need to get Spybot S&D. It's pretty good at destroying nasties like this.

http://www.safer-networking.org/ <font size="2" face="sans-serif, arial, verdana">Spybot didn't find it.

Originally posted by Arkcon:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Baron Munchausen:

I think you really need to get Spybot S&D. It's pretty good at destroying nasties like this.

http://www.safer-networking.org/ <font size="2" face="sans-serif, arial, verdana">Thanks, Baron. I was using ver 1.2, I didn't know there was a new better Version until I clicked.

Pathfinder:
OK. Some guy on the USENET has seen similar filename in systems built on SiS chipsets. You have an asus Mobo, which I didn't post the USENET 'cause I didn't think it was important (Dumb!).

I'll post more info on the USENET later. But until then there is something to try. Run msinfo32. Maybe you've seen this program before, but it's new to me. It lists all hardware components and the files they require.

I know you're sure it's a new program, but maybe it's needed for your hardware, got spoofed (or innocently damaged), and can be repaired by reinstalling hardware drivers from the install CD-ROM. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">Yeah, that's a possiblity. Maybe this is a legit driver and something on his Mobo has gone flaky and it is popping up a warning box but failing to 'stay put' and transmit the message because of some conflict with something else in the system.

siae3123.exe? It is loaded in my windows/system32 folder and is more than a little annoying. It pops up every 15-3 seconds for 1-2 seconds and then goes away.

Whe I try to delete it, I get a message saying that another program is using it and it can't be deleted http://forum.shrapnelgames.com/images/icons/icon8.gif

It isn't on any virus definition list I could find.

[ May 22, 2004, 12:47: Message edited by: pathfinder ]

There are some programs that both ad-aware and spybot will recommend a specific cleaner for. By any chance, when you go to google, are the first few results on every search trying to get you to search again at a site called 2020? Thats one example. Have you added any search bars or other buttoned goodies to your browser? or your IM program? try searching on those.

[ May 23, 2004, 14:46: Message edited by: Gandalf Parker ]

Go figure, file is still there BUT has not popped up in the Last hour or so.

Hi

I'm Andrea. Sorry to bother you but surfing the internet I saw that you know something about the file siae3123.exe.

I have this problemis a window that keeps opening every 30 seconds saying that it cannot start the file siae3123.exe. i
try to delete this file but is impossible.

Do you know hao to help me?

Once again i apoligioze to bother you qith my problemns but i really need help.

thank you very much

Andrea <font size="2" face="sans-serif, arial, verdana">This is the email I got today... http://forum.shrapnelgames.com/images/icons/shock.gif
I'm no big expert about that file...
Pathfinder, did you have any success with it?

EDIT- Looks like google tracked me down.

[ May 28, 2004, 18:08: Message edited by: BBegemott ]

I ended a similar proble just Last night. I ended up doing several things. I opened the file up with note pad and dleted it and then saved it. that almost worked. I finally killed it with norton antivirus. I just kept hammering at it until it quit. I kept trying several things. I wish I could be more specfic. Oh try renaming the file. and Combination of safe mode and cleaning the registery. I tried all thos things and finally registerd my copy of norton and then after that it appeared that norton finally helped destroyed it. I homp I am making some sense it was 2 am before I finall got most of this done. My file was Trojan.virus lsb_3f.dll.
Sorry for the jumbled post
Gozguy

Well now, this is funny ... siae3123.exe is no longer unknown to Google. Not only that, but our forum is now a source of expertise. Hello out there, people of Earth. We come in peace.

In all seriousness, this file seems to be spreading slowly around the world. {see here if you can read Dutch} (http://bobordelman.web-log.nl/index.log?ID=613224)


Pathfinder, did you try the latest Version of Spybot? Version 1.3 add lots of stuff, that Version 1.2 didn't have. Spybot does tend to find more things than Adaware. It's just that in rare occasions some of the registry entries it finds are needed by computer, and aren't spyware.

[EDIT]

Originally posted by Arkcon:
If you hate the USENET, don't worry, I won't let the message get traced back to you. <font size="2" face="sans-serif, arial, verdana">Uh...oops, sorry guys. Guess I didn't do such a good job in that department did I?

[ May 29, 2004, 00:50: Message edited by: Arkcon ]

We really do come in peace.

Well, we're not to sure about Fyron. We think he's an alien agent of some kind. http://forum.shrapnelgames.com/images/icons/icon10.gif

What you need, methinks, is a program that reads individual bytes of the disk and overwrites them, reading and interacting with the file system itself, so as not to be stopped by things like 'this file is in use'. But I have no idea how that could be done.

Originally posted by BBegemott:
</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana"> Hi

I'm Andrea. Sorry to bother you but surfing the internet I saw that you know something about the file siae3123.exe.

I have this problemis a window that keeps opening every 30 seconds saying that it cannot start the file siae3123.exe. i
try to delete this file but is impossible.

Do you know hao to help me?

Once again i apoligioze to bother you qith my problemns but i really need help.

thank you very much

Andrea <font size="2" face="sans-serif, arial, verdana">This is the email I got today... http://forum.shrapnelgames.com/images/icons/shock.gif
I'm no big expert about that file...
Pathfinder, did you have any success with it?

EDIT- Looks like google tracked me down. </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">Sort of. It finally quit popping up. It is still on the HDD. I guess after I hit it with dellater it gave up. Beats me.

Originally posted by Arkcon:
Well now, this is funny ... siae3123.exe is no longer unknown to Google. Not only that, but our forum is now a source of expertise. Hello out there, people of Earth. We come in peace.

In all seriousness, this file seems to be spreading slowly around the world. {see here if you can read Dutch} (http://bobordelman.web-log.nl/index.log?ID=613224)


Pathfinder, did you try the latest Version of Spybot? Version 1.3 add lots of stuff, that Version 1.2 didn't have. Spybot does tend to find more things than Adaware. It's just that in rare occasions some of the registry entries it finds are needed by computer, and aren't spyware.

[EDIT]

</font><blockquote><font size="1" face="sans-serif, arial, verdana">quote:</font><hr /><font size="2" face="sans-serif, arial, verdana">Originally posted by Arkcon:
If you hate the USENET, don't worry, I won't let the message get traced back to you. <font size="2" face="sans-serif, arial, verdana">Uh...oops, sorry guys. Guess I didn't do such a good job in that department did I? </font><hr /></blockquote><font size="2" face="sans-serif, arial, verdana">Yeah, I have 1.3. It worked pretty good BUT didn't get rid of siae3123. That file just gave up its annoying habits. It is still there but not popping up anymore. It stopped after I tried a file/app called dellater.

[ May 29, 2004, 11:12: Message edited by: pathfinder ]