SVKP.sys -- Trojan? Real file?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

(accidentally posted this in the wrong place the first time... sorry if
people read it twice ;) )

Hi,

Today Norton Antivirus told me that it had found a Trojan on my computer.
The file is C:\WINDOWS\SYSTEM32\SVKP.sys. I've searched online about it and
have gotten mixed answers as to whether it's a harmful file or not. Currently
I have it quarantined; I'd like to delete it to be safe, but I'm worried that
it might be an important file (since it's in WINDOWS\SYSTEM32) and I don't
want to mess up my computer. Does anybody know whether this file is a Trojan
or not and/or what it really does? I'm running Windows XP Professional,
Service Pack 2, in case that's important.

Thanks!
 
From Sophos site:

<quote>

The trojan drops an additional file in the SYSTEM directory, SVKP.SYS and
attempts to register the file as a service:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svkp
The presence of SVKP.SYS does not necessarily mean that this trojan is
installed. SVKP.SYS is part of SVK Protector, which this trojan is packed
with. SVK Protector is used in innocent programs as well.

</quote>

To know if that service is installed, and to gather more information:

Type this in Start, Run:

CMD /K SC QC svkp



--
Ramesh, Microsoft MVP
Windows XP Shell/User

Windows XP Troubleshooting
http://www.winhelponline.com
 
Ramesh said:
From Sophos site:

<quote>

The trojan drops an additional file in the SYSTEM directory, SVKP.SYS and
attempts to register the file as a service:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svkp
The presence of SVKP.SYS does not necessarily mean that this trojan is
installed. SVKP.SYS is part of SVK Protector, which this trojan is packed
with. SVK Protector is used in innocent programs as well.

</quote>

To know if that service is installed, and to gather more information:

Type this in Start, Run:

CMD /K SC QC svkp



--
Ramesh, Microsoft MVP
Windows XP Shell/User

Windows XP Troubleshooting
http://www.winhelponline.com
Click to expand...
 
You do not name the Trojan! According to Norton this file is implicated
in a number of variants. The link ,which follows describes one variant:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.rdw.html

Go to this site and read up the information sheet for the particular
variant you have.

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
All right, I'll try that. Thank you!

Ramesh said:
From Sophos site:

<quote>

The trojan drops an additional file in the SYSTEM directory, SVKP.SYS and
attempts to register the file as a service:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svkp
The presence of SVKP.SYS does not necessarily mean that this trojan is
installed. SVKP.SYS is part of SVK Protector, which this trojan is packed
with. SVK Protector is used in innocent programs as well.

</quote>

To know if that service is installed, and to gather more information:

Type this in Start, Run:

CMD /K SC QC svkp



--
Ramesh, Microsoft MVP
Windows XP Shell/User

Windows XP Troubleshooting
http://www.winhelponline.com
Click to expand...
 
Back
Top