New malware??

Found a process on a clients computer called "sarcosogulpe.exe" that was trying to make, according to our Kaspersky AV, malicious calls to an amazon S3 server URL. Googling this executable only gives two results, with herd-protect.com saying it was first discovered at ~2:30am UTC on the 18th, less than 8 hours later, I am seeing this process on a client computer and can neither kill it with AV nor delete it.

Anyone else seeing this or know its origin?

#possiblezeroday

Asked Sep 18 '14 at 14:00

Add a comment

1 Answer

You should run the client machine in safe mode, and then try to remove the file manually.

Answered Sep 23 '14 at 13:53

Gin

Add a comment

Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

Your Answer

Not the answer you're looking for? Ask your own question.

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.