Have you heard of this one?

[twodogs44]

When I turn my computer on and the firewall will ask me if I wish to allow or decline programs from getting on line. It seems that there is one I have not noticed in the past. It is gycpsftav.exe has anyone here know what it is.
I have ran several search programs and not found a thing.

Thanks for taking the time to read this. Any and all help will be highly thought of.

Dave aka twodogs44

[mvario]

Hmmm, unknown executable, running at startup, trying to connect to the net.

Have you found it on disk? What ports is it opening?

[innerpeace]

Try uploading it to VirusTotal so it can be scanned by multiple scanners. You will need to know the location of the file to upload it.

[twodogs44]

I am running Comodo Firewall and I hit the DECLINE so many times it quit coming up. Now I cannot find it when I run the Search Program in Windows!
Beats me. If its gone then good because the PC has not suffered a bit.

Thanks everyone, Dave aka twodogs44

[crofttk]

Looks like the rogue antivirus I had to clean off of two PCs (so far) at work. It was nasty, I had to repair the MBR and, even after cleaning, it had disabled Windows Update and implemented a proxy connection in Internet Explorer which I had to turn off and also reset IE LAN settings to automatically detect. Each infection involved an executable with a name in the form of xxxxxav.exe that was added to the run/startup key in the registry.

MBAM alongside mbrfix was very helpful in breaking the back of this one.

[CloneRanger]

@twodogs44

gycpsftav.exe very similar to gesvsftav.exe http://www.dslreports.com/forum/r23910637-

Quote:

did a scan, using all those tools, after opening the hidden files. The search found a Trojan Fraudpack.

Quote:

Trojan.FraudPack will download the fraud tool "Antispyware PRO XP" or similar and install it on user's computer.

[twodogs44]

Thank you one and all for your assistance!

Dave aka twodogs44