Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Copy.exe Virus


  • Please log in to reply
4 replies to this topic

#1 svg3414

svg3414

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 05 October 2007 - 01:54 AM

Hi, :thumbsup:

I am new to this forum.

I have a peculiar problem with my Computer running Windows XP Home.

I had run a Virus scan using AVG Antivirus free edition some time back and it had detected and cleaned some viruses like
Temp1.exe, SVchost.exe etc. Now my problem is that I am not able to access any drive by double clicking - It shows the message "Windows cannot find Copy.exe". I have to open the drives using the right click menu.

I have run a virus check and spyware check using the latest updates of AVG and Spybot but it turned up nothing.

What could be wrong?

Please help.

Moderator Edit: Moved topic to the more appropriate forum. ~ Animal

Edited by Animal, 05 October 2007 - 08:16 AM.


BC AdBot (Login to Remove)

 


#2 -Tarra-

-Tarra-

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Sydney, Australia.
  • Local time:07:00 PM

Posted 05 October 2007 - 06:27 AM

SVchost.exe is a virus..
Im in trouble then :|
" Your Pretty Face Is Going To Hell " (: .




EVEN THE GARDEN OF EDEN WAS JUST A BIG FANCY CAGE.
YOU'LL BE A SLAVE FOR THE REST OF YOUR LIFE IF YOU DON'T BITE THE APPLE

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:00 AM

Posted 05 October 2007 - 11:10 AM

From what you describe, it appears to be a flash drive infection.

Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable) and automatically executes a malicious autorun.bat file which calls wscript.exe to run autorun.vbs on your computer. When a flash drive becomes infected, the Trojan will infect a system when the flash drive is inserted if autorun has not been disabled.

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Svchost.exe is a generic host process name for a group of services that are run from dynamic-link libraries (DLLs). This is a valid system process that belongs to the Windows Operating System which handles processes executed from DLLs.

Determining whether a file is malware or a legitimate process sometimes depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location on your computer. In XP, the legitimate Svchost.exe file is located in your C:\WINDOWS\system32\ folder.

Other legitimate copies can be found in the following folders:
C:\I386
C:\WINDOWS\ServicePackFiles\i386\
C:\WINDOWS\$NtServicePackUninstall$\
and a prefetch file located here: C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf

If svchost.exe is running as a startup (shows in msconfig), this can be bad as shown here and here.
Also make sure of the spelling. If it is scvhost.exe, then this a Trojan.

Edited by quietman7, 05 October 2007 - 11:12 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 svg3414

svg3414
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:30 PM

Posted 06 October 2007 - 04:37 AM

I did as tols and now the problem is rectified.


Thanks a lot. :thumbsup:

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:00 AM

Posted 06 October 2007 - 06:52 AM

Good job. Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recent Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users