syscpy.exe - Dangerous
syscpy.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It also listens on TCP port 3355 for incoming connections.
Copies itself as %System%\Syscpy.exe.
Adds the value:
"Syscpy"="%System%\syscpy.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Gets the IP address of the computer on which it is running, and then queries spamcop.net and www.abuse.net for this address.
If the address is found on a "spam blacklist," which one of these services maintains, the Trojan will exit.
Sends a message containing the current IP address to a certain Web site.
Opens a connection on TCP port 3355, waiting for incoming connections.
When a connection is made, the Trojan accepts incoming messages, and relays them to another SMTP server on port 25.
Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Syscpy"="%System%\syscpy.exe"
Remove this worm by RegRun Startup Optimizer.