SVKP.sys -- Trojan? Real file?

G

Guest

(accidentally posted this in the wrong place the first time... sorry if
people read it twice ;) )

Hi,

Today Norton Antivirus told me that it had found a Trojan on my computer.
The file is C:\WINDOWS\SYSTEM32\SVKP.sys. I've searched online about it and
have gotten mixed answers as to whether it's a harmful file or not. Currently
I have it quarantined; I'd like to delete it to be safe, but I'm worried that
it might be an important file (since it's in WINDOWS\SYSTEM32) and I don't
want to mess up my computer. Does anybody know whether this file is a Trojan
or not and/or what it really does? I'm running Windows XP Professional,
Service Pack 2, in case that's important.

Thanks!
 
R

Ramesh, MS-MVP

From Sophos site:

<quote>

The trojan drops an additional file in the SYSTEM directory, SVKP.SYS and
attempts to register the file as a service:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svkp
The presence of SVKP.SYS does not necessarily mean that this trojan is
installed. SVKP.SYS is part of SVK Protector, which this trojan is packed
with. SVK Protector is used in innocent programs as well.

</quote>

To know if that service is installed, and to gather more information:

Type this in Start, Run:

CMD /K SC QC svkp



--
Ramesh, Microsoft MVP
Windows XP Shell/User

Windows XP Troubleshooting
http://www.winhelponline.com
 
C

croske

Ramesh said:
From Sophos site:

<quote>

The trojan drops an additional file in the SYSTEM directory, SVKP.SYS and
attempts to register the file as a service:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svkp
The presence of SVKP.SYS does not necessarily mean that this trojan is
installed. SVKP.SYS is part of SVK Protector, which this trojan is packed
with. SVK Protector is used in innocent programs as well.

</quote>

To know if that service is installed, and to gather more information:

Type this in Start, Run:

CMD /K SC QC svkp



--
Ramesh, Microsoft MVP
Windows XP Shell/User

Windows XP Troubleshooting
http://www.winhelponline.com
Click to expand...
 
G

Gerry Cornell

You do not name the Trojan! According to Norton this file is implicated
in a number of variants. The link ,which follows describes one variant:
http://securityresponse.symantec.com/avcenter/venc/data/w32.spybot.rdw.html

Go to this site and read up the information sheet for the particular
variant you have.

--


Hope this helps.

Gerry
~~~~~~~~~~~~~~~~~~~~~~~~
FCA

Using invalid email address

Stourport, Worcs, England
Enquire, plan and execute.
~~~~~~~~~~~~~~~~~~~~~~~~
Please tell the newsgroup how any
suggested solution worked for you.



~~~~~~~~~~~~~~~~~~~~~~~~
 
G

Guest

All right, I'll try that. Thank you!

Ramesh said:
From Sophos site:

<quote>

The trojan drops an additional file in the SYSTEM directory, SVKP.SYS and
attempts to register the file as a service:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svkp
The presence of SVKP.SYS does not necessarily mean that this trojan is
installed. SVKP.SYS is part of SVK Protector, which this trojan is packed
with. SVK Protector is used in innocent programs as well.

</quote>

To know if that service is installed, and to gather more information:

Type this in Start, Run:

CMD /K SC QC svkp



--
Ramesh, Microsoft MVP
Windows XP Shell/User

Windows XP Troubleshooting
http://www.winhelponline.com
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Virus help, please.. 3
Will I lose my programs if I reinstalled Windows XP? 9
Trojan-Spy.Bzub removal help 2
newbie..help..about a trojan horse virus?? 2
Trojan horse in Windows\System32 file 1
trojan horse in write protected file 7
Have problem with Trojan 15
Trojan horse 6

Top