exe question

  • Thread starter Thread starter Kathy Harkins
  • Start date Start date
K

Kathy Harkins

Hi. I'm new and don't know how this will work.
I have had windows xp since November. During my latest virus scan f-prot
picked up syscpy.exe as a security risk or back door program. I did a find
for the extension. When I checked the properties it has been on the system
since November, so I'm assuming since I installed xp. I hope someone can
tell me what it is, whether I should delete it or if it's something I need
to operate the system and should not delete it.
Thanks for the help.
Kathy
 
Hi Kathy.

I made a filesearch on my XP comp for syscpy.exe and I
couldn't find one. So I presume that file isn't necessary,
not sure if it is a virus, but usually F-Prot isn't
alerting without a reason. Why don't you try to make a
backup of the file to a floppy disk, and remove the file
once you have the backup. Different viruses and macros can
infect your computer pretty quickly so it is possible the
file has been there ever since you first connected to the
internet.
 
Kathy Harkins said:
Hi. I'm new and don't know how this will work.
I have had windows xp since November. During my latest virus scan
f-prot picked up syscpy.exe as a security risk or back door program.
I did a find for the extension. When I checked the properties it has
been on the system since November, so I'm assuming since I installed
xp. I hope someone can tell me what it is, whether I should delete
it or if it's something I need to operate the system and should not
delete it.
Thanks for the help.
Kathy
Click to expand...

Maybe it's this:


http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hogle.html
 
Hi. Thanks for the help. I tried both suggestions. To back it up to disk
which it wouldn't let me do, I got access denied. I couldn't just delete it
either. It wouldn't let me. I tried to disable the system restore run the
virus scan and delete it through that and it wouldn't let me do that either.
Does anyone have any ideas of how I can get rid of it? If it's been on my
system so long, why wouldn't my virus protection have picked it up sooner?
I run an update and scan every week.
I really appreciate your help.
Thanks
Kathy
 
Kathy Harkins said:
Hi. Thanks for the help. I tried both suggestions. To back it up
to disk which it wouldn't let me do, I got access denied. I couldn't
just delete it either. It wouldn't let me. I tried to disable the
system restore run the virus scan and delete it through that and it
wouldn't let me do that either. Does anyone have any ideas of how I
can get rid of it? If it's been on my system so long, why wouldn't
my virus protection have picked it up sooner? I run an update and
scan every week.
I really appreciate your help.
Thanks
Kathy
Click to expand...

Maybe the system is protecting the file because it is currently running.
If you open the Task Manager via Ctrl+Alt_Delete, do you see syscpy.exe
among the list of running processes? If so, you could try selecting it
and terminating it, and only then attempting to backup and delete (or
rename) the .exe file.
 
Hi. Thanks for the help. I tried both suggestions. To back it up to disk
which it wouldn't let me do, I got access denied. I couldn't just delete it
either. It wouldn't let me. I tried to disable the system restore run the
virus scan and delete it through that and it wouldn't let me do that either.
Does anyone have any ideas of how I can get rid of it?
Click to expand...

Have you tried opening in Safe mode? You may need to dig through the
Registry and root out any Run keys that start this program. You might
also try getting one of the good spyware cleaners - AdAware from
http://www.lavasoftusa.com, or SpyBot Search & Destroy
http://www.safer-networking.org/index.php?page=home.
 
I posted something last night but I think I did it wrong. It didn't show
up.
I tried both the ctrl alt delete and it didn't list the syscpy.exe as
running.
Then I downloaded an adware program. I ran a scan. It listed it in the
items scanned log, but not in the programs that could be deleted or
quarantined by the program.
I still can't delete it on my own or through the F-prot virus program.
Does anyone else have any more ideas?
Thanks. I really do appreciate the help.
Kathy
 
Kathy Harkins said:
I posted something last night but I think I did it wrong. It didn't
show up.
I tried both the ctrl alt delete and it didn't list the syscpy.exe as
running.
Then I downloaded an adware program. I ran a scan. It listed it in
the items scanned log, but not in the programs that could be deleted
or quarantined by the program.
I still can't delete it on my own or through the F-prot virus program.
Does anyone else have any more ideas?
Thanks. I really do appreciate the help.
Click to expand...

I see your post, and Wayne Morgan's reply directing you to this link,
which I also posted in response to your original post:


http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hogle.html

That web page contains instructions for removing the trojan, and
although it is directed toward using Norton Antivirus, the part about
starting the computer in Safe Mode would seem to be relevant. Also, see
of the F-Prot web site (I assume there is one) contains instructions
about removing this particular trojan.
 
Yes, THANK YOU ALL.
I don't know what I did wrong the first time with the symantec directions.
This time I disabled the system restore option. I restarted the computer in
plain "safe mode".
I ran the F-Prot anti-virus program which was able to delete the syscpy.exe
this time.
I really appreciate all the help.
THANKS AGAIN.
KATHY
 
Back
Top