Is this a virus/malware?

This has never happened before so I think it is a virus or something.
I plugged in my external hard drive today and my AVG firewall popped up and asked if I wanted BLACKSHEEP.EXE to access the internet. I told it to block and I did a tracert to the IP it was trying to connect to and it is imagehut2.cn [212.117.173.92]

What is odd is my computer user name is BlackSheep.

If I search for BLACKSHEEP.EXE it is in the C:\Users\BlackSheep folder.

If I delete it and plug the drive in it is there again and runs again.

It runs 2 instances of BLACKSHEEP.EXE in "Task Manager"

This will do this when plugging in any type of external media into the computer.

Is this something bad or is it something normal for windows?

 

It is probably an infection that loaded itself into your external drive's autoruns.inf file. You'll want to clear that out.

You'll want to check your main drive's startup entries to make sure that it hasn't implanted itself there. I'd say use a tool like HijackThis or Autoruns to scan.

 

It had itself hidden as a system file so I selected show system files and deleted it on every external media and the C: I had and used Autoruns to remove it from the startup and so far it has not come back.

 

Run Malwarebytes'AntiMalware and/or SUPERAntispyware for a thorough check.
Both have a free version and are very good antimalware programs.
See my sig for links.
You might also want to disable autoplay for all (external) media.
Cheers.

 

I manually deleted it from every external device I had and used Autoruns to remove it from startup, and have not had any issues yet.

I did submit it to AVG and they confirmed it was in fact a virus and added it to the newest definition update.

I updated and ran AVG and it did not find it so I guess I am good.