BKDR calyps.A help please

[Duane & Raelene Rowe]

Any one help please
while doing a omline sca at http://housecall.trendmicro.com/ found a
virus called BKDR calyps.A and one know how to fix this off my puter or
what iyts real name is or what it does it has infected svcint.exe found at
c:\windows\system32
I am running xp pro
Please help

 

[Duane Arnold]

Well, if Trend is identifying this as a virus then it must be, because I
found no information on a search with Google using BKDR calyps.A or
svcint.exe in the search..

1) You can delete svcint.exe out of the directory.

2) You can use Regedit and do a search on svcint.exe, and if it is found,
you can delete it from the registry.

3) If svcint.exe has installed something else that is accessing the
Internet, you can use Active Ports (free use Google) and install it and look
for any suspicious connections to an IP by a program and kill it
temporarily. You can use PRCview (free) too and look inside a program that
is running (right-click on program and use Modules), to see what programs
are using it. You can kill it temporarily with PRCview too.

4) You should stop Svchost.exe an O/S program from connecting out to the
Internet to an IP or any program you're not sure about for that matter.

5) You can follow some of the steps outlined in the link to better protect
the machine.

http://www.uksecurityonline.com/husdg/windowsxp.php

6) Use Active Ports and PRCview on a periodic basis and look around every
now and then and use your common sense.

Duane

 

[Tim]

Well, if Trend is identifying this as a virus then it must be, because I
found no information on a search with Google using BKDR calyps.A or
svcint.exe in the search..

Well, if Trend is identifying this as a virus, and your web searches
come up blank, it may be a false alarm.. Why wouldn't you point the OP
to another AV for a confirmation before asking him to delete files
which may have a legitimate purpose on his system?

tim

 

[Duane Arnold]

Well, if Trend is identifying this as a virus, and your web searches
come up blank, it may be a false alarm.. Why wouldn't you point the OP
to another AV for a confirmation before asking him to delete files
which may have a legitimate purpose on his system?

tim

That's because I searched for that file on my Win 2K machine and it was
not there, which is pretty close to the XP O/S since they are both NT. I
am going by what the user has indicated as to the problem with the
machine.

I also searched for that file on the MS Knowledge Base too and no hits.
And since it's in the Windows\system32 directory with SVC as the prefix
(an O/S prefix) and no mention nowhere about it (unusual), then I assumed
it is suspicious.

As a matter of fact, if I found it on one of my machines and Trend Micro
had altered on it, I would have done a little investigation and would
have deleted it flat-out.

It's just an exe and most applications that have been programmed properly
would log a message in the NT based O/S Applications Log system that
svcint.exe was not found.

I view svcint.exe as being questionable and at that point IMHO, it comes
down to one's common sense.

Duane