Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Spyware


  • Please log in to reply
6 replies to this topic

#1 Equador

Equador

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 28 August 2008 - 08:16 AM

Hi all.

I run 'msconfig' and discovered a strange entry in startup. Under 'startup item' it is listed as SY78801 and under Command it is C:\SY78801\SY78801.EXE
When I run 'Autoruns', under Autorun Entry, it says OP260 and under Image Path, 'File not found:C:\SY78801\SY78801.EXE. Is this malware? I googled this item and one site (there were very few results) informed me that this is spyware. Can somebody help me diagnose this problem and get rid of it?
My operating system is Windows XP Service Pack 3 and I have installed Windows Defender and AVG8 free Edition.
Thanks in advance.

Edited by Equador, 28 August 2008 - 08:30 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 PM

Posted 28 August 2008 - 08:27 AM

Go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.
-- Post back with the results of the file analysis.

Please download FileLook by jpshortstuff and save to your Desktop.
alternate download link
  • Double-click FileLook.exe to run it.
  • Important! If using Windows Vista, be sure to Run As Administrator.
  • Ensure that BBCode Ouput is checked.
  • Copy and paste everything in the code box below into the empty textfield under FileLook by...

    C:\SY78801\SY78801.EXE
  • Click the FileLook button to start the scan.
  • When finished, Notepad will open with the results of the scan in a text file named fl_log.txt which will automatically be saved to the root of your system drive. (Typically C:\fl_log.txt)
  • Please copy and paste the contents of this log in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Equador

Equador
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 30 August 2008 - 01:38 AM

Thanks for coming to my help. I could not perform the first check because I could not browse to the file. It is nowhere to be seen in my system but it is still appearing in msconfig under startup. I'am now posting the results of the second check.
FileLook.exe v1.0 by jpshortstuff
Log created at 06:53:11 on 30/08/2008

==============================
FileLook - SY78801.EXE

Unable to find file.

==============================

=EOF=

Edited by Equador, 30 August 2008 - 01:54 AM.


#4 dhants20

dhants20

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:10:29 AM

Posted 30 August 2008 - 05:29 AM

make sure that you have already changed file viewing options in folder options. then search for the file again. or you could run a hijackthis and if the file is really not in your system, it would show there that file is not existing.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 PM

Posted 30 August 2008 - 08:07 AM

When I run 'Autoruns'...it says...'File not found'

It appears the file is no longer on your system and FileLook confirms that.

This is what Prevx has to say about SY78801.EXE. Doesn't appear to be anything to be concerned about from the limited info available so you can remove the startup entry with Autoruns.

Edited by quietman7, 30 August 2008 - 08:08 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Equador

Equador
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 AM

Posted 01 September 2008 - 12:24 AM

okay, thanks. I have deleted it with autoruns.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:29 PM

Posted 01 September 2008 - 06:58 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users