What is sdexe.exe?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Daddygrace, Aug 31, 2004.

  1. Daddygrace

    Daddygrace Private E-2

    1. Can someone tell me what sdexe.exe is and how to eliminate this...?

    2. I can't seem to get rid of d.exe (casino palazzo). I've run Adware 6.0, Sypbot, Panda, Symantec system scan and Trend Micro but with no luck.
    HELP!

    OS Name Microsoft Windows XP Professional
    Version 5.1.2600 Service Pack 2 Build 2600
    OS Manufacturer Microsoft Corporation
    System Name BELOTE
    System Manufacturer VIA Technologies, Inc.
    System Model VT82C692BX
    System Type X86-based PC
    Processor x86 Family 6 Model 8 Stepping 3 GenuineIntel ~735 Mhz
    BIOS Version/Date Award Software International, Inc. 4.51 PG, 12/20/1999
    SMBIOS Version 2.1
    Windows Directory C:\WINDOWS
    System Directory C:\WINDOWS\system32
    Boot Device \Device\HarddiskVolume1
    Locale United States
    Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
    User Name BELOTE\ricco
    Time Zone Eastern Daylight Time
    Total Physical Memory 448.00 MB
    Available Physical Memory 178.80 MB
    Total Virtual Memory 2.00 GB
    Available Virtual Memory 1.96 GB
    Page File Space 1.03 GB
    Page File C:\pagefile.sys
     
    Daddygrace, Aug 31, 2004
    #1
  2. Major Attitude

    Major Attitude Co-Owner MajorGeeks.Com Staff Member

    Try removing it from safe mode. You probably can not delete it if it is being loaded with Windows as your operating system considers it a file that is in use, so check startup items for it as well.
     
    Major Attitude, Aug 31, 2004
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    In most cases of this Casino Palazzo problem it has overwritten your real Windows Media player file.
    This file is wmplayer.exe. They overwrite it with their program keeping the same filename. Sneaky bastards. They also quite often drop a file with name of "SEX" or something like that in c:\windows\system32 and sometimes even on the Desktop.

    So you will need to look around for your wmplayer.exe files. You may have a few depending on how you installed your system. The one the came with Win XP is about 508 k. It is version 8.0.0.4487 (yours may be slightly different). Then there is the version from when and if you upgraded to version 9 of Win Media Player. Version 9.0.0.2980 is about 72k. Most likely this is in c:\Program Files\Windows Media Player (but it will be where ever you installed it).

    If they did overwrite the real one you should be able to tell by getting Properties info on the file by right clicking on it and selecting Properties. That take a look at a version tab and see who it belongs too. The real wmplayer.exe will have a version tab and obviously belongs to MS. But the fake one may not even have a version tab.

    You can re-install Windows Media Player from:
    http://www.microsoft.com/windows/windowsmedia/9series/player.aspx

    You know you really should follow the instructions here: http://forums.majorgeeks.com/showthread.php?t=35407
    because system restore should be disabled before doing this. And then re-enable after getting the problem fixed. Also there are other good things to do in that thread that could uncover other issues. And your Ad-ware is old. They have Ad-aware SE now.
     
    Last edited: Aug 31, 2004
    chaslang, Aug 31, 2004
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds