Jump to content

It all started with safesurf.exe

Recommended Posts

I have a customers Windows 2003 Standard R2 server that had no anti virus (expired avg business edition).

On friday 17th august I installed ESET Endpoint Antivirus Version 5.0.2126.0 and after the initial scan, it found safesurf.exe and safeguard.exe

in the system32/SD folder I had the files "SafeSurf.exe" and "surfguard.exe".

I quarantined the files through ESET and removed them but couldnt remove the sd folder and some text files. (Trying to delete the folder came up with a message stating a file was in use and the text files kept coming back after i deleted them). I eventually deleted the folder after stopping a process called xstarter.

I thought that was it until i received a call from the customer saying the server had frozen (RDP displayed a grey screen) and a hard reboot was the only option to fix. The server came back up but since then it freezes once every morning at no particular time and after a reboot is ok until the next day when it freezes again.

I tried installing Malwarebytes but tells me 'windows cannot access the specified device path or file you may not have appropriate permissions'

I have run the mbam chameleon program with the mbam-setup.exe in the same folder and copied mbam.exe renamed as iexplorer.exe in there too with the following output:

MBAM-Chameleon ver. 1.62.0

Press any key to continue

Driver is already loaded

Enabling driver...


Trying to update Malwarebytes Anti-Malware, please wait..


Killing known malicious processes, please wait...


Trying to run Malwarebytes Anti-Malware , please wait...

Failed to run Malwarebytes Anti-Malware

Disabling protection driver...


Press any key to continue

I dont know if there is something still lurking but im getting lots of stick from the customer so any help would be appreciated! If ive posted in the wrong place, i apologise. Ive just joined!

Link to post
Share on other sites

If you are a technician, corporate, business, educational, government or non-profit-organization, or MBAM-reseller, or MBAM-affiliate, then please contact corporate support here and include full contact details along with your Reference # when you do to ensure that you receive prompt assistance.

Link to post
Share on other sites

Use of Malwarebytes' MBAM in an organization or commercial setting must be via a licensed copy of MBAM.

You cannot use the free MBAM without a license.

See here for corporate support http://www.malwarebytes.org/support/corporate/

You have 3 Options that you can choose from as listed below:

  • Option 1 —— Free Expert advice in the Malware Removal Forum
  • Option 2 —— Paying customer -- Contact Support via email
  • Option 3 —— Premium, Fee-Based Support


As we don't deal with malware removal in the
General Malwarebytes' Anti-Malware Forum
, you need to start a topic in the

Malware Removal forum
so a qualified helper can help you fix any malware related problems or infections you may have.
  • Please read and follow the directions here, skipping any steps you are unable to complete.
  • After posting your new post, make sure under options, you select Follow this topic and choose Instantly,
    so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

    • If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
    • You may send a Private Message to a Moderator asking for assistance.


Alternatively, as a paying customer, you can contact the help desk


If you would like to use our
Malwarebytes Premium Consumer Services
partner, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our
support site.

Please be patient, someone will assist you as soon as possible.
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.