Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Is chg.exe malware?

  • 1.  Is chg.exe malware?

    Posted Dec 03, 2009 12:00 AM
    I am seeing the following being installled on some of my clients' machines:
    C:\WINDOWS\system32\chg.exe

    I have done searches for it and I am getting conflicting results.  Does anyone know what it is?  Is it a virus or other malware?


  • 2.  RE: Is chg.exe malware?

    Posted Dec 03, 2009 12:22 AM
    I found a somewhat obscure thread on this specific .exe. The full thread can be found here http://www.wilderssecurity.com/showthread.php?t=194114.

    The relavent part was:

    "I got my suspicions after seeing from the logs that the OP over at MajorGeeks also had an HP computer. From what I understand chg.exe is responsible for launching PCAngel.exe when required. PCAngel is a rollback tool and is a part of the HP Protected Tools suite."

    So are you seeing this .exe on HP computers???

    Cheers
    Grant





  • 3.  RE: Is chg.exe malware?
    Best Answer

    Posted Dec 03, 2009 12:22 AM
    Upload that fie to http://www.virustotal.com/ and see what is the result of it.... 


  • 4.  RE: Is chg.exe malware?

    Posted Dec 03, 2009 01:00 AM
     Upload the file to Symantec...

    Use these urls based on support contract

    https://submit.symantec.com/basic
    https://submit.symantec.com/gold
    https://submit.symantec.com/essential
    https://submit.symantec.com/platinum
    https://submit.symantec.com/bcs


  • 5.  RE: Is chg.exe malware?

    Posted Dec 04, 2009 09:09 AM
    We are a small systems integrator and have several customers with Symantec support contracts.  On the support certificate, there are all kinds of numbers, but no indication of what level of support we have.  I have called Symantec customer support in the past using the "RTSM ID / Support ID" number and gotten support with no problem.  How can I tell what level of support we have?

    The various forms above ask for a "Contact ID"; however, nowhere on the Symantec suppport certificate (it is a PDF file) is there a "Contact ID"...there is a "Sales Order #", a "Symantec Agreement (SAN) #", a "Disti / Cust PO:", a "Resell:", a "Certificate #:", a "Customer Number:", a "Serial Number", a "Part #", and a "RTSM ID / Support ID"...is it any of these or something else entirely?


  • 6.  RE: Is chg.exe malware?

    Posted Dec 04, 2009 11:11 AM
    I submitted to virustotal.com, but I don't understand the results:
    http://www.virustotal.com/analisis/9c6d16f0b9dd38d428fed13216793e8060798211669ad1f81990868f28420ee8-1259073881

    What do the results indicate?  Is the file a problem or not?


  • 7.  RE: Is chg.exe malware?

    Posted Dec 04, 2009 11:36 AM
    But I am just wanting to make sure that it is not an a virus masquerading as something else.
    .


  • 8.  RE: Is chg.exe malware?



  • 9.  RE: Is chg.exe malware?

    Posted Dec 04, 2009 12:16 PM
    virustotal is reporting 0.0% of virus engines as having detected as a virus


  • 10.  RE: Is chg.exe malware?

    Posted Dec 04, 2009 12:18 PM
    Thanks to everyone for your help!