welcome to my space

03/14/2010 (6:18 am)

Blocking atiphexx.exe

Filed under: nappedeptrole.com edit
  • I am a new, inexperienced user and find that Outpost is blocking a continuous process called 'atiphexx.exe'. A search on the web suggests this is a worm but it is not picked up by Norton Antivirus or my trojan remover software. Could someone enlighten me on what this process is and what should be done about it, please? :confused:

    Mark


  • Thanks for all the responses and advise, I shall be heading over to the security and privacy forum when I get a moment. By the way, Dominus, the Trendmicro antivirus software seems to have completely removed atiphexx.exe without any adverse effects (so far) so goo dor bad, it's gone.

    Mark


  • Hi minoka,

    I understand what you're saying and full marks for OP for blocking the exe. I use Norton antivirus and I'm also trialling 'T-R' (a well reviewed trojan/worm remover) but neither found atiphexx.exe, nor is there any mention of the problem on Symantec's website - which I find depresssing.

    Even so, I think my point about OPs official response is valid. It was not an example of good customer service - we none of us work in isolation and we're all affected by the same attacks so the more we can share experience and knowledge the better protected we all will be.

    Mark


  • Hi,
    that executable rang familiar, so I checked. Atiphexx.exe is normally totally harmless as it is the control panel for the ATI graphics card drivers. As it is very comon, bad people try to hide their trojan with that name.
    So just as a word of advice, don't just delete this file, since it also comes with Windows XP (at least with either service packs).


  • Hi Mark,

    A google search for atiphexx.exe' produced a number of results including one a Trend Micro's that may help:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.IL
    Click on Technical Details as well.

    Also is your windows system fully patched?

    Please let us know if you were able to remove the worm.


  • Hi minoka, thanks for your reply and apologies for the delay in getting back - I've been away. The problem has now been resolved. I ran Trendmicro's online virus scanner and this quickly found and sorted the problem. I have to say, though, that I was disappointed with Agnitum's official response, which was simply to simply drag Atiphexx.exe to Outpost's Blocked Applications list - no explanation, just block it. This doesn't seem to help increase the sum of knowledge about threats and solutions, nor does it make for efficient computing.

    Mark


  • Hi Mark,

    Please have a look at the Security & Privacy Software Forum (www.outpostfirewall.com/forum/forumdisplay.php?f=65) and, just in case you do not have them already, download these free tools CWShredder, Spybot Search & Destroy, Ad-aware and HijackThis (http://tomcoyote.com/hjt/). The forums at Net-Integration (http://forums.net-integration.net/index.php?) provide help on most of these, also the computer help sub-forums here (www.outpostfirewall.com/forum/forumdisplay.php?f=71).

    Hope this helps.


  • Hi Mark,

    Glad to hear your problem is resolved.

    Outpost did its job by blocking this exe, thereby warning you about it. Op is not an anti-virus prog. it seems to me you should now ask your anti-virus and anti-trojan developers why their progs did not detect/stop this malware (when Trend Micro did)?


  • Hi mlewis,

    Welcome to the forums. :)

    I believe that from the point of view of Agnitum, Outpost was doing it's job and prompting you to allow or deny some internet traffic. I am not sure what their support work level is like at Agnitum right now. But they are close to a new release and so things may be extra busy at the moment. So while we in the forum may have had time to do a little bit of extra research and provide a better answer, Agnitum may have seen this from the point of view that their firewall is doing the job. I think they just gave you the "safe" answer. Fortunately in this case, that answer was right. I cannot and will not make excuses for Agnitum. I only want to express my thoughts on the response you received from Agnitum.

    Enjoy the forum and have a great day. :)







    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about Blocking atiphexx.exe , Please add it free.