PDA

View Full Version : SAIE.EXE


JohnE
09-19-2004, 08:05 AM
This afternoon a program called "Saie.exe" installed itself into the "Startup" section of my System Configuration Utility (MSCONFIG.EXE). I'm currently running Windows XP Home Edition.

I hadn't dowloaded it so I was pretty sure it was a worm or trojan of some description, so I disabled it from starting and then ran some scans using Norton Antivirus and AdAware (neither of which detected it).

I then tried several methods of removing it (i.e. the obvious things like System Restore and Add/Remove Programs) - and I also looked under Performance & Maintenance but still couldn't find any way of taking it out of my startup options. Eventually, I just removed it manually, along with its registry entries etc., which seems to have done the trick.

I then did a search on Google for "SAIE.EXE" but it didn't come up with anything. I'm just curious to know what this program was. Does anybody know?

Jason425
09-19-2004, 12:09 PM
probably something bad... and it's gone now and it seems like nothing bad happened so consider yourself lucky.. :wavey:

Napster
09-19-2004, 03:46 PM
It was most likely a giant Trojan horse, Like the Trojan of Trojans and it was the worst virus ever and the second it Extracts onto your hard drive you will only have 30 seconds until total system corruption. but of course you were quick enough to disarm and disable this virus before the 30 seconds was up..

Jason425
09-19-2004, 08:50 PM
:rofl: i wanna see that trojan.. that reminds me of stinky.. he took mylaptop and tried to DL some cracked version of a game and ran some exe that took over and put spyware up the wazoo in there.. 45 min later, I think i've got it cleaned up...

JohnE
09-20-2004, 02:17 AM
Shucks. I've zapped it now, I'm afraid.... If you really want to get yourself infected (I'm sure you don't!) I was trying to check some of the Lyrics for "Mister Blue Sky" by ELO. I just typed "Mister Blue Sky" into Google and the infected site was one of the first entries. Don't know which one though - and I'm not going back to find out!! I only detected it so quickly because Zone Alarm caught it trying to access the internet.

I must admit though, I was disappointed that there wasn't a thing about it on Google. I guess it must be quite a new one. No real damage done as far as I can tell. :)

Jason425
09-20-2004, 12:45 PM
good to hear chaps!

Laknet
09-25-2004, 08:12 AM
Hey i dont know if you guys know this but this bug trojan thing is really starting to annoy me. I got it about 2 days ago and it just keeps reapplying it self. if you check your windows system32 directory and read the saie log it gives you the jist that ht has gone in and made it so when you do a search or visit some sites eg google it reappears. It also gets into your regestry and plants it very nice seeds all through it. I have yet to get it to stop coming back. If anyone knows how to kill it for good please let me know.

JohnE
09-25-2004, 10:14 AM
SAIE.EXE might possibly be a trojan downloader or, more likely, you've got yourself infected with one.

A few months ago a virus called Downloader.trojan was doing the rounds but NAV can now detect and remove it.

To remove SAIE, I just did a search for SAIE in the System Registry and removed any reference to it - then I searched my C: drive for " SAIE*.* " and zapped anything I found.

However, I had to open MSCONFIG first and deselect it on the Startup options, then reboot.

After I'd successfully removed it, I did a System Restore back to a suitable date, just to be on the safe side.

vee_ess
09-25-2004, 10:59 PM
You might also want to try HijackThis and AdAware or Spybot.

arod
09-27-2004, 12:07 PM
I found saie.exe on a machine as well. I also found a log that apparently was tracking web traffic on that machine as well as trying to initiate pings and bunch of other stuff. Look for a log file on that machine with same name as saie, interesting.

CiKoTiC
09-28-2004, 09:26 PM
Last Friday I was asked to look at a system. The system would hardly work. Click an icon and five minutes later it would activate. The desktop was covered with icons that wasn't suposed to be there. Everythig from "optimize your system" to "get free porn".

Client was using the latest Norton AV. Used task manager and msconfig to disable most of it to get Norton to run at a half way decent speed. Eight hour later and Norton hung up. Tried Norton again on Saturday and again it hung up. Tried again and it finished only to come in on Monday to find out the client closed Norton before I could get there.

Monday afternoon, a second computer infected with the same worm only this one was on MY network. Stupid blond biatch secretary decided to open an attachment in an email that said "Here's the postcard you requested!" I felt like punching her in the face. Three days of getting nowhere with the other one and here I am faced with the exact same thing on my network because of stupidity.

The worm un-installed McAfee on her computer. I disabled as much as I could in task manager and msconfig and re-installed McAfee. Rebooted and updated McAfee and slowly but surly found the culprit. HTML/DEBESKI was the bastage causing all this havok. McAfee found what the lastest version of Norton couldn't.

Ran McAfee and got rid of the main virus/worm/trojens. Had to run it 3 times before everything was clean. However, the worm installed a BOAT load of adware and spyware. Had to run Ad-Aware 6 times and Spybot Search and Destroy 3 times to completly remove everything. Repeated on the first computer infected and fixed it also.

SAIE.exe was there the whole time on both machines. If I find out it's adware, I'm gonna make it my misson to make sure the people responsible pay for it. :mad:

Jason425
09-29-2004, 12:18 AM
nice story.. lmao @ the BOAT load of spy/adware (pictures noas arc of 2 of every spyware) :lol:

vee_ess
09-29-2004, 02:28 AM
When I was attacked by a wave of spyware/adware, I decided to try making the people responsible pay for it. The problem is that when I traced and resolved sources and destinations, they often led me places like Croatia, the Czech Republic, Russia, and China. There is not much I can do legally, as far as I know, G/L with your pursuits.

JohnE
09-29-2004, 03:05 AM
I must admit, I've never understood why this should be such a big problem to deal with. It just seems to be lack of political will. The answer surely is to make internet web hosts legally responsible for all the content that they host. They, in turn, would have to enforce contracts with their own customers, holding each customer responsible for their own content and ensuring that every web site gives (somewhere on the site) some contact details for the host.

In practice, it would work like this.... If I visit a site which infects my computer - or downloads something undesirable, without my consent - I can find out who is hosting that site and complain to them. It's then up to that host to contact their customer and ensure that the offending content is removed. If the customer won't comply, their site is shut down. If the host won't comply, they can be fined.

In fact, an even better idea would be to have a recognised organisation policing the system. Therefore, I would make my complaint to the relevant authority and they would decide whether or not to prosecute any offenders depending upon how many complaints they receive.

There are plenty of precedents for such a system and it's not exactly rocket science.

Jason425
09-29-2004, 08:36 AM
won't work.. that's how they make money and how most stuff on the net is free...

Saint
09-29-2004, 10:12 AM
I received a call this morning to look at a system that was "freaking out". There are 15-20 icons on the desktop for everything from porn to credit cards (interesting how those two go hand-in-hand ;) ) and everytime the icons are removed and the computer restarted they reappear. The system is a HP running XP Home. The Norton Personal Firewall is continually warning of outbound TCP traffic and when "Block" is selected along with "Always Use This Action" it doesn't seem to have much effect. The computer will not shut down and is EXTREMELY slow -about 10 minutes to open a single Word file.

I too did a search on google and found only a handful of results, this site being one of them. I even searched Norton and McAfee's sites to no avail.

If ANYONE has a solution or tested suggestion for removal I would (along with the others) appreciate it very much!

-

Jason425
09-29-2004, 02:22 PM
Last Friday I was asked to look at a system. The system would hardly work. Click an icon and five minutes later it would activate. The desktop was covered with icons that wasn't suposed to be there. Everythig from "optimize your system" to "get free porn".

Client was using the latest Norton AV. Used task manager and msconfig to disable most of it to get Norton to run at a half way decent speed. Eight hour later and Norton hung up. Tried Norton again on Saturday and again it hung up. Tried again and it finished only to come in on Monday to find out the client closed Norton before I could get there.

Monday afternoon, a second computer infected with the same worm only this one was on MY network. Stupid blond biatch secretary decided to open an attachment in an email that said "Here's the postcard you requested!" I felt like punching her in the face. Three days of getting nowhere with the other one and here I am faced with the exact same thing on my network because of stupidity.

The worm un-installed McAfee on her computer. I disabled as much as I could in task manager and msconfig and re-installed McAfee. Rebooted and updated McAfee and slowly but surly found the culprit. HTML/DEBESKI was the bastage causing all this havok. McAfee found what the lastest version of Norton couldn't.

Ran McAfee and got rid of the main virus/worm/trojens. Had to run it 3 times before everything was clean. However, the worm installed a BOAT load of adware and spyware. Had to run Ad-Aware 6 times and Spybot Search and Destroy 3 times to completly remove everything. Repeated on the first computer infected and fixed it also.

SAIE.exe was there the whole time on both machines. If I find out it's adware, I'm gonna make it my misson to make sure the people responsible pay for it. :mad:

do that

JohnE
09-30-2004, 02:03 AM
won't work.. that's how they make money
With all due respect Jason, that's just being defeatist. History is full of companies who made money from selling shoddy goods, quack remedies, condemned meat etc - but political will eventually closed them down. Of course, that was when people became politicians because they cared about society. Things are different now.

Nevertheless, anyone who provides a service by damaging the people who use that service is committing fraud and the law is there to deter such things. The fact that the perpetrator is making money from the enterprise is no excuse for allowing it to continue. The internet could easily be rid of these viruses and trojans if the political will was there... and I'd be prepared to bet that one day it will be. A day will come when someone manages to wipe the entire records of the CIA or something like that. Then and only then, will something magically get done about it. In the meantime, it looks as though we're all going to have to suffer.

essline
10-13-2004, 02:44 PM
based on my digging and diagnoisis of a computer I just got dne with, saie.exe appears to be part of 180 search assistant. Adaware finds it, Spybot, Spy Sweeper don't. uninstalling 180 search assistant didn't appear to remove it.
Housecall.antivirus.com, and symantec's web based virus scans also do not detect it as malware.

It has a log file, saie.log, which appears to get very large, which may be the reason it was causing the machine to slow down (this machine had a total memory in use of 450 mb, and the log file was 425mb. the machine had 128mb of ram.)

Jason425
10-13-2004, 02:56 PM
w00t for 425mb log file! (see name) :P

Akela
11-06-2004, 10:58 PM
Check out"
http://www.sawtoothdistortion.com/Articles/Uninstall180Search.html
for detailed accounts of this Spyware/Adware/HiJacker general pain in the buttocks.

It's a pernicious little devil and somewhat difficult to remove.

Symantec suggests the following; however the Sawtooth Site is much more detailed.
http://securityresponse.symantec.com/avcenter/venc/data/adware.180search.html

Lastly, http://www.pestpatrol.com/pestinfo/n/ncase.asp has a pile of information about the company that built this little $#^&@%!* of a program..

netware
01-17-2005, 02:31 PM
:wavey: My PC was affected by "saie.exe", tried to remove it with "Spykiller 2005", "Adaware 6.181", and "Adware SPY", but of no use. Further, Norton system works 2004 Pro was affected. . I found out that it was in the startup, and could not be removed from tools options in the IE. I restared my PC in "safe mode" and deleted the "saie.exe" program from "C:\WINNT\System32\".
I am using system "system mechanic", where i found out the name "saie.exe" and the location. It is a search assistant.