Have you heard of this one?

Discussion in 'other security issues & news' started by twodogs44, Mar 19, 2010.

Thread Status:
Not open for further replies.
  1. twodogs44

    twodogs44 Registered Member

    Joined:
    Feb 23, 2007
    Posts:
    109
    When I turn my computer on and the firewall will ask me if I wish to allow or decline programs from getting on line. It seems that there is one I have not noticed in the past. It is gycpsftav.exe has anyone here know what it is.
    I have ran several search programs and not found a thing.

    Thanks for taking the time to read this. Any and all help will be highly thought of.

    Dave aka twodogs44
     
  2. mvario

    mvario Registered Member

    Joined:
    Sep 16, 2008
    Posts:
    339
    Location:
    Haddonfield, IL
    Hmmm, unknown executable, running at startup, trying to connect to the net. :rolleyes:

    Have you found it on disk? What ports is it opening?
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Try uploading it to VirusTotal so it can be scanned by multiple scanners. You will need to know the location of the file to upload it.
     
  4. twodogs44

    twodogs44 Registered Member

    Joined:
    Feb 23, 2007
    Posts:
    109
    I am running Comodo Firewall and I hit the DECLINE so many times it quit coming up. Now I cannot find it when I run the Search Program in Windows!
    Beats me. If its gone then good because the PC has not suffered a bit.

    Thanks everyone, Dave aka twodogs44
     
  5. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Looks like the rogue antivirus I had to clean off of two PCs (so far) at work. It was nasty, I had to repair the MBR and, even after cleaning, it had disabled Windows Update and implemented a proxy connection in Internet Explorer which I had to turn off and also reset IE LAN settings to automatically detect. Each infection involved an executable with a name in the form of xxxxxav.exe that was added to the run/startup key in the registry.

    MBAM alongside mbrfix was very helpful in breaking the back of this one.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @twodogs44

    gycpsftav.exe very similar to gesvsftav.exe http://www.dslreports.com/forum/r23910637-

     
  7. twodogs44

    twodogs44 Registered Member

    Joined:
    Feb 23, 2007
    Posts:
    109
    Thank you one and all for your assistance!

    Dave aka twodogs44
     
Loading...
Thread Status:
Not open for further replies.