Skip navigation.

sapmi_vcstats.exe can some1 pls analyze the file...


I got infected with this malware sapmi_vcstats.exe .... its md5 hash f3ccd302d540b229a60c48ca43a9aca9

I uploaded it to this site, nothing has been reported as yet...

i have formatted my os drive and reinstalled windows since then but now i'm stuck wondering whether it infected the other drives as well...

I couldn't find any malicious processes running after i restarted my comp... sygate firewall had asked whether to allow this file to access the internet, which i blocked.

Please throw some light on the issue....

All help will be deeply appreciated.

have you submitted the

have you submitted the binary to or

"Vernichte ihn! Er ist nur ein USER!" (MCP)

no i have not... one more

no i have not... one more suspicious activity that i'm noticing is that on the previous installation i had the my documents folder on my f:... it referred to a folder "my docs"... after i formatted it the previously drive f: is now the d: and the previously d: is now the f:....

and now i constantly get a folder "my docs" which has an empty folder "my pictures" inside it. Even if i delete it, it reappears there.

I submitted to the above two

I submitted to the above two websites (thanks for that!!) .... awaiting the results... I'm thoroughly confused... i was the first person to report the file to avira (and was thereby added to their detection list. :(

The result of the cwsandbox

The result of the cwsandbox is here

I'm just more confused about its work now... :(((

Help me pls...


if avira knows that kind of malware they will reply soon,
and will send you their threat id / name

if (they) have no idea, it would take about two days receiving their reply
about uploaded unknown bin.
what means youve got a good one.

"Vernichte ihn! Er ist nur ein USER!" (MCP)

it's called windows

may be you should have a look onto your system as system/ntauthority
and rip your registry ;)

"Vernichte ihn! Er ist nur ein USER!" (MCP)

They have sent the report

They have sent the report and now avira recognizes the file as a trojan TR/Sonat.308230..... It just sux... i don't know what the hell to do with my stupid puter... just feelin like throwing it outta the house....