Not open for further replies.


Dec 28, 2015
Hello everyone. i have this issue which i think my computer is infected. my DFX Sound Enhancer's user interface has "i am sorry!!!" written on it. i've looked up about this and there's not much information about this. Here's link to the picture.

I found a suspicious process inside task manager called "Ground.exe". Malwarebyes reports it as Trojan.Renamer. I think the process Ground.exe has something to do with this since most of my application/programs .exe file were replaced by ground.exe.

Before Infected, the program is Auslogics Disk Defrag so the executable is DiskDefrag.exe in the program file directory.

After infected, the original executable DiskDefrag.exe were renamed to gDiskDefrag.exe and Ground.exe took the original name DiskDefrag.exe

So, every time i launch Auslogics Defrag by shortcut, the virus will also launch because it took the name of the original file. The worst part is, Auslogics Defragmenter still launches like the virus told Auslogics Defragmenter's original .exe to launch after the virus launches. This is why i didn't noticed this activity for a few days. I've ran Malwarebytes's full scan and deleted most of the disguised executable files. some need to be removed manually. Have any of you experience this before?
ps: i still have the ground.exe file archived if you need a sample of the virus.
Not open for further replies.