I work for an attorney in my city, and my duties range from billable client work to a variety of general office tasks. Today I was asked to scrub one of his home computers of viruses and other malware.
First thing I noticed besides running slowly was that the computer had no firewall, and that his kids liked to download stuff off torrents. I fixed that with a download of Comodo. I then noticed that IE 6 acted funny by denying access to some sites (Yahoo, sometimes Google) but had no problems accessing other sites. I installed Firefox and had no problems from there. I also downloaded a host of anti-spyware programs and they cleaned up a number of adware and spyware programs.
I checked the computer's copy of Avast! antivirus and noted that it intercepted several viruses in the recent past... but once Comodo came online and started monitoring Web-enabled programs, I noticed that many of them were related to this system file:
C:WINDOWS\System32\
sorcpnz.exeComodo would prompt me and tell me that sorcpnz.exe "has modified <program> in memory. This is typical of Virus, Trojan and Spyware behaviour." This included necessary programs such as Firefox and IE. I Googled and Yahoo'd sorcpnz and found nothing. Absolutely nothing!
So, is sorcpnz.exe a legitimate system file (I've never heard of it before, and never saw it reported on my own computer's copy of Comodo, or is it an as-yet unknown malware/virus program? Comodo had nothing on the sorcpnz either, but I made sure to send it to Comodo for analysis, as well as block further attempts to connect to the internet.
If anyone can help, please do so. I don't want to have to mindwipe my employer's computer if I don't have to.
Author