SNz.exe?

#1
I recently got COMODO and every time my windows 7 OS loads up it promts me if i want to run the snz.exe executable. I dont know if prior to me getting comodo SNZ.exe was executed or not, but my point is that from reading online about this executable i dontr know if it malware or not. Some websites are saying yes and some are saying no. Everytime my computer starts commodo promts me to run the executable i just block its request.Ive ran spyware and malware tools but none of them have picked up on the fact if its malware or not, so im kinda stuck in limbo with this application right now. Im going to write a series of questions and hopefully someone can guide me on what to do. Oh and by the way the websites are sayig snz.exe are affiliated with an program called Snoozer. Also i dont see any degrading to the performance of my computer.

1) IS this software malware?
2)if the software is malware what folders has effected?
3)Since i cant see the program in my uninstall program in control panel, how can iremove it from my system?

I really apprecieate any help on this mater, thank you very much
 


patcooke

Microsoft MVP
Staff member
Premium Supporter
Microsoft MVP
#2
It is a trojan. Get a copy of autoruns free from here:

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Use it to remove the exe from your startup and see if it stops it being reported by comodo. You will then need to search for it on your system and delete it.
 


#3
Thank you. I rwemoved it and am about to restart my computer. But i noticed when snoozer was highlighted the highlighted color was a red bar across the row in the list. My question is what does this red bar mean? Does that mean all the red bars i see i should delete?

Im not so sure if i should delete all of them since i noticed one of the rows was from steam as you can see here

Memory Buffered Filter d:\program files (x86)\steam\steamapps\common\wormsrevolution\redist\memorybufferedfilter.dll 4/23/2012 2:39 AM

So what should i do?
 


#4
OK quick update. After removing Snoozer through the autoruns it never popped back up in comodo. Thank you very much for helping me out with removing the trojan from my computer
 


#5
Heres the other row that is highlighted in red

\Microsoft\Windows\NetTrace\GatherNetworkInfo c:\windows\system32\gathernetworkinfo.vbs 6/10/2009 3:36 PM
 


patcooke

Microsoft MVP
Staff member
Premium Supporter
Microsoft MVP
#6
Is the red bar highlighting you refer to in autoruns or comodo?
 


patcooke

Microsoft MVP
Staff member
Premium Supporter
Microsoft MVP
#8
A red entry means it relates to an unsigned image. Code which is signed cannot be altered and generally raises its level of trustworthiness. Being unsigned does not necessarily mean it is malware or cannot be trusted.
 


#9
I understand what unsigned and signed software is so thank you for clarifying what the red line meant. You were a big help with everything.
 


patcooke

Microsoft MVP
Staff member
Premium Supporter
Microsoft MVP
#10
Pleased we've been of help.
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.