A friend has a problem with his windows XP machine, everytime he tries to run a program (except IE) he gets the error "windows cannot find program sgbav.exe, something something something (i totally forget the end of the error message, the word application was mentioned, but i forget the rest)" ..../me = hopeless bastard.

Anyhow, sounds like a virus too me, yet symantec haven't identified it as a virus.

Any ideas appreciated.

Is there anything called SGB Antivirus? I dunno, the only way i could figure a program starting up every time an executable is opened is if it's trying to scan but can't find the program....if it's a virus, i've never heard of it, but I really havent had any experiences with viruses since my first computer...

the Windows Startup Online Repository (great tool for matching filenames to programs) didnt have a damn thing on it.
Suprisingly, google couldnt find a bloody thing on it either.
Ill keep lookin...

Yeah i was gonna say the same thing as TurtleWrangler....no such luck anywhere so far, if it's a virus, it might be one that just randomizes it's main program name, I know subseven does that, but i've never seen instances in which other programs are changed to become dependant on it...

I cant find a damn thing. Ive tried swapping letters, breaking it up, checking for acronyms. "sgbav" doesnt seem to exist anywhere as a filename. Most likely it was randomly generated. how odd. anywho... Im up too late. *goes to sleep*

There are lots of viruses that randomly generate a file name. The whole idea is that it makes finding a solution for it that much harder because it's completely randomly generated.

Does your friend have the same problem in Safe Mode? If not, I'd probably recommend going to Start -> Run -> type MSCONFIG -> click OK -> Click the "Startup" tab -> either untick everything and click on OK or use a process of elimination to see if you can find the offender by disabling apps, one at a time, rebooting after each one is unticked, and seeing if that makes a difference. Anything that is unticked that isn't the cause of the problem can be reticked later (but I'd probably recommend leaving them unticked unless you get some other problem occuring as a result).

The full error message would be really useful, as this is something you CAN do a search on (regardless of what the actual filename is... your friend won't be the first person to have experienced this and someone else has probably posted the same error message on the net. And chances are that someone else has probably found a way to fix it... just leave the actual filename itself out of the search when typing in the error message), but failing that I'd probably recommend checking the shortcuts of any .exes that won't start. That might give you an idea of how the apps are being hijacked.

I'd also suggest going into Task Manager and doing an End Process" on everything under the current users logon. Leave anything labeled "SYSTEM", LOCAL SERVICE", or "NETWORK SERVICE". Then see if that has an effect on his ability to start anything.

I'd also recommend that your friend create an antivirus boot disk on someone elses computer and use it to boot the system.

Basically, any troubleshoot is a process of elimination. The trick is knowing what needs to be eliminated. There are lots of other things that can be tried, but I'm lazy, so let us know how it works out, and if he can't fix it with the suggestions we've given so far, I'll come up with some more. Good luck. :)

Thanks for the info, yeah i tapped the exact error message into ms run and closed it without copying it, derrr....

Yeah the same error occurs in safe mode, that was the first thing i tried after a google search.

His running avg AV.

The computers is around an hour away from me, my friend isn't all that computer savvy, might try some things later on tonight if he can be bothered (it's his old mans pc).

Thanks again.

Ok, then I'd probably suggest that you make up an antivirus bootdisk on your own PC and take that to his place when you visit him.

Originally posted by tikdoph
rebooting after each one is unticked

Yeah... fucking Windows, eh?

Easier than recompiling a kernel after unticking each item.

incase you cared......
AVG fucked up some files or the like when removing a virus, installed windows over the top of the original installation and the error was fixed.

If I had seen this thread earlier I could have saved you SO much effort it's not funny.

It's the results of a virus, you're right in thinking AVG didn't remove it properly (but I can't think of a single AV program that would have - hence my love for Symantec's removal tools).

Most viruses create a link to themselves in the registry under HKey_Local_Machine\Software\Microsoft\Windows\Curr entVersion\Run so they load on startup. Some create a link to themselves under HKey_Classes_Root\exefile\shell\command so they run when you double click on a file with an "exe" extension (and they also do that to other extensions too). THIS is what happened. Although AGV removed the virus (sgbav.exe), it didn't fix the registry entry so every time you tried to run a program that had an "exe" extension, it'd try to run the virus too which no longer existed.