Forums have moved

This afternoon a program called "Saie.exe" installed itself into the "Startup" section of my System Configuration Utility (MSCONFIG.EXE). I'm currently running Windows XP Home Edition.

I hadn't dowloaded it so I was pretty sure it was a worm or trojan of some description, so I disabled it from starting and then ran some scans using Norton Antivirus and AdAware (neither of which detected it).

I then tried several methods of removing it (i.e. the obvious things like System Restore and Add/Remove Programs) - and I also looked under Performance & Maintenance but still couldn't find any way of taking it out of my startup options. Eventually, I just removed it manually, along with its registry entries etc., which seems to have done the trick.

I then did a search on Google for "SAIE.EXE" but it didn't come up with anything. I'm just curious to know what this program was. Does anybody know?

probably something bad... and it's gone now and it seems like nothing bad happened so consider yourself lucky..

__________________

It was most likely a giant Trojan horse, Like the Trojan of Trojans and it was the worst virus ever and the second it Extracts onto your hard drive you will only have 30 seconds until total system corruption. but of course you were quick enough to disarm and disable this virus before the 30 seconds was up..

i wanna see that trojan.. that reminds me of stinky.. he took mylaptop and tried to DL some cracked version of a game and ran some exe that took over and put spyware up the wazoo in there.. 45 min later, I think i've got it cleaned up...

__________________

Shucks. I've zapped it now, I'm afraid.... If you really want to get yourself infected (I'm sure you don't!) I was trying to check some of the Lyrics for "Mister Blue Sky" by ELO. I just typed "Mister Blue Sky" into Google and the infected site was one of the first entries. Don't know which one though - and I'm not going back to find out!! I only detected it so quickly because Zone Alarm caught it trying to access the internet.

I must admit though, I was disappointed that there wasn't a thing about it on Google. I guess it must be quite a new one. No real damage done as far as I can tell.

good to hear chaps!

__________________

Hey i dont know if you guys know this but this bug trojan thing is really starting to annoy me. I got it about 2 days ago and it just keeps reapplying it self. if you check your windows system32 directory and read the saie log it gives you the jist that ht has gone in and made it so when you do a search or visit some sites eg google it reappears. It also gets into your regestry and plants it very nice seeds all through it. I have yet to get it to stop coming back. If anyone knows how to kill it for good please let me know.

SAIE.EXE might possibly be a trojan downloader or, more likely, you've got yourself infected with one.

A few months ago a virus called Downloader.trojan was doing the rounds but NAV can now detect and remove it.

To remove SAIE, I just did a search for SAIE in the System Registry and removed any reference to it - then I searched my C: drive for " SAIE*.* " and zapped anything I found.

However, I had to open MSCONFIG first and deselect it on the Startup options, then reboot.

After I'd successfully removed it, I did a System Restore back to a suitable date, just to be on the safe side.

You might also want to try HijackThis and AdAware or Spybot.

I found saie.exe on a machine as well. I also found a log that apparently was tracking web traffic on that machine as well as trying to initiate pings and bunch of other stuff. Look for a log file on that machine with same name as saie, interesting.