Win32.Autorun.Tepfer
SpyBot tells me I have Win32.Autorun.Tepfer
It wants to clean on reboot - but spybot does not run on reboot
Malware Bytes and Security Essentials shows clean.
I cannot see Win32.Autorun.Tepfer in register with RegEdit either,
Can this be a false positive? (running MS Security Essentials)
Win7 pro 64byte
Hello,
unfortunately this does not look like a false positive. It looks more like an incomplete detection.
Please open Spybot S&D and switch into advanced mode and open Startup Tools and create a log file.
Attach this log file in this thread.
The only thing weird is the logfile is this....Originally Posted by Yodama
Win32.Autorun.Tepfer: [SBI $680DAD54] Autorun settings (Copy) (Registry value, nothing done)
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Copy
Win32.Autorun.Tepfer: [SBI $680DAD54] Autorun settings (Copy) (Registry value, nothing done)
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Copy
This is what I see in that segment of the registry
http://themezz.com/temp/reg.jpg
This CopyAgent.exe does not look trustworthy at all, if you did not install it yourself it is very likely a Trojan horse.
There is absolutely no reason at all for any copy software to start at system start.
Many Trojan horses also use such generic names to make them look harmless but legit software usually use more unique namings.
Please send in the CopyAgent.exe to detections@spybot.info for analysis.
Oddly enough CopyAgent.exe does not show up anywhere when I search my hard drives.
The file may be hidden. Open the Windows control panel, then go to Folder options and switch to the View tab. Now look for the settings to unhide hidden files and folders. There is also a setting to hide system files, this should also be set so that those files are visible.
Change the settings so that all files are visible.
Reply With Quote
