s2gc.exe

Rick_699669 · 12-27-2007, 01:24 PM

I have just spent the hour searching the web and then this site about this particular file. Can someone give me some info on it and how to rid my pc of it? Thanks so much!

Rick

alt · 12-27-2007, 01:39 PM

Quote:

S2GC.EXE
AUTOMATED SOFTWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: S2GC.EXE

* Safety Rating: Uncertain
* First seen: Sep 25 2006 (GMT)
* Last seen: Sep 25 2006 (GMT)
* File Size: 5,120 bytes

SOFTWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY
1. COVERT ANALYSIS OF: S2GC.EXE

* File Names Used: 2
* Paths Used: 1
* Common File Name: S2GC.EXE
* Common Path:
* Vendor Information: No Vendor details specified
* File Name Structure: Common
* File and Path Structure: Normal

2. RELATIONSHIP ANALYSIS OF: S2GC.EXE

* No relationship details available for this object

3. ACTIVITY ANALYSIS OF: S2GC.EXE

* The following behaviors have been observed for this object:
* Communicates with web sites using httpout protocols.

4. PROPAGATION ANALYSIS OF: S2GC.EXE

* Object Propagation Rate: Very Low (minimal spread)
* Copyright Prevx Limited 2005, 2006

Have you ran any Spyware removal software?

Rick_699669 · 12-27-2007, 01:42 PM

Ad-Ware and it did not detect it at all... Norton Firewall detected it with the "allow or block" rule. I ran my antivirus but it comes back clean.

tetonbob · 12-27-2007, 01:44 PM

Where is it located on your machine? Is it being called at startup?

What information is available (if any) on it's properties sheet?

Scan it also at VirusTotal

http://www.virustotal.com/en/indexf.html

alt · 12-27-2007, 01:48 PM

If nothing will detect it and you know where the file is, you can manually delete it. If it won't let you because it is running, here is some software that will delete specified files before windows boots.

http://www.snapfiles.com/get/moveonboot.html

tetonbob · 12-27-2007, 01:50 PM

Rather than just delete it, probably better to find out more about it.

Prevx info is inconclusive, other than it's seeking http access.

Rick_699669 · 12-27-2007, 02:11 PM

S2GC-0D3BA6F0.pf is what comes up in search on C: drive located in " windows/prefetch "

alt · 12-27-2007, 02:27 PM

Quote:

Originally Posted by tetonbob

Rather than just delete it, probably better to find out more about it.

Prevx info is inconclusive, other than it's seeking http access.

True, also could be used for something (non malicious). I have never heard of it, and there is a lack of info for it. Google doesn't even know!

tetonbob · 12-27-2007, 03:06 PM

Hi Rick_699669 -

Does s2gc.exe exist, or not? If all that's found is a prefetch reference, it may no longer be present.

Run a Windows search for s2gc* as well as for s2gc.exe

@ alt, I agree the lack of info makes it suspicious, which is why I'd like to find out more before just deleting it, if in fact it's still on the machine.

Rick_699669 · 12-27-2007, 03:15 PM

Yes I ran a windows search and found what I put in the above post. Other than that, with the search ran both ways as you suggest, it is all that shows up. Norton however keeps alerting me as to whether I want to allow it to access the internet or not and shows as a "Low risk". I am now getting "banner type" ads popping up randomly as well that when right clicking on them lets me know it is in "flash" format. Don't know if those two are related or not...

tetonbob · 12-27-2007, 03:20 PM

They may well be....we may want to get some analysis logs from you.

When you go to Start > Search, have you clicked on More Advanced Options and checked the boxes for Search System Folders, Search hidden files and folders, and Search Subfolders ?

Let's do this also:

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
Please attach extra.txt to your post.

To attach a file to a new post, simply

Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Computer" box:
C:\Deckard\System Scanner\extra.txt
Click Upload.

What DSS will do:

create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

---------------------------------------------------------------------------------------------

fenkata · 12-28-2007, 08:37 AM

You could try this and see if it comes up with anything:

www.processlibrary.com/processscan/

12-27-2007, 01:24 PM	#1 (permalink)
Rick_699669 Registered User Join Date: Dec 2007 Posts: 4 OS: XP	s2gc.exe I have just spent the hour searching the web and then this site about this particular file. Can someone give me some info on it and how to rid my pc of it? Thanks so much! Rick

12-27-2007, 01:42 PM	#3 (permalink)
Rick_699669 Registered User Join Date: Dec 2007 Posts: 4 OS: XP	Re: s2gc.exe Ad-Ware and it did not detect it at all... Norton Firewall detected it with the "allow or block" rule. I ran my antivirus but it comes back clean.

12-27-2007, 01:44 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,379 OS: 2000 Pro; XP Pro; XP Home	Re: s2gc.exe Where is it located on your machine? Is it being called at startup? What information is available (if any) on it's properties sheet? Scan it also at VirusTotal http://www.virustotal.com/en/indexf.html __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

12-27-2007, 01:48 PM	#5 (permalink)
alt Registered User Join Date: Dec 2007 Location: DFW Texas Posts: 250 OS: xUbuntu, FedoraCore4, XP Pro SP2	Re: s2gc.exe If nothing will detect it and you know where the file is, you can manually delete it. If it won't let you because it is running, here is some software that will delete specified files before windows boots. http://www.snapfiles.com/get/moveonboot.html __________________ This message was sent from my iTimeTravel Device.

12-27-2007, 01:50 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,379 OS: 2000 Pro; XP Pro; XP Home	Re: s2gc.exe Rather than just delete it, probably better to find out more about it. Prevx info is inconclusive, other than it's seeking http access. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

12-27-2007, 02:11 PM	#7 (permalink)
Rick_699669 Registered User Join Date: Dec 2007 Posts: 4 OS: XP	Re: s2gc.exe S2GC-0D3BA6F0.pf is what comes up in search on C: drive located in " windows/prefetch "

12-27-2007, 03:06 PM	#9 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,379 OS: 2000 Pro; XP Pro; XP Home	Re: s2gc.exe Hi Rick_699669 - Does s2gc.exe exist, or not? If all that's found is a prefetch reference, it may no longer be present. Run a Windows search for s2gc* as well as for s2gc.exe @ alt, I agree the lack of info makes it suspicious, which is why I'd like to find out more before just deleting it, if in fact it's still on the machine. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message.

12-27-2007, 03:15 PM	#10 (permalink)
Rick_699669 Registered User Join Date: Dec 2007 Posts: 4 OS: XP	Re: s2gc.exe Yes I ran a windows search and found what I put in the above post. Other than that, with the search ran both ways as you suggest, it is all that shows up. Norton however keeps alerting me as to whether I want to allow it to access the internet or not and shows as a "Low risk". I am now getting "banner type" ads popping up randomly as well that when right clicking on them lets me know it is in "flash" format. Don't know if those two are related or not...

12-27-2007, 03:20 PM	#11 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 26,379 OS: 2000 Pro; XP Pro; XP Home	Re: s2gc.exe They may well be....we may want to get some analysis logs from you. When you go to Start > Search, have you clicked on More Advanced Options and checked the boxes for Search System Folders, Search hidden files and folders, and Search Subfolders ? Let's do this also: Please do this: Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges. Close all applications and windows. Double-click on dss.exe to run it, and follow the prompts. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here. Please attach extra.txt to your post. To attach a file to a new post, simply Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and copy and paste the following into the "Upload File from your Computer" box: C:\Deckard\System Scanner\extra.txt Click Upload. What DSS will do: create a new System Restore point in Windows XP and Vista. clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives. check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Please do not ask for help via Private Message. Last edited by tetonbob : 12-27-2007 at 03:22 PM.

12-28-2007, 08:37 AM	#12 (permalink)
fenkata Registered User Join Date: Dec 2007 Posts: 2 OS: XP SP2	Re: s2gc.exe You could try this and see if it comes up with anything: www.processlibrary.com/processscan/