I work for an attorney in my city, and my duties range from billable client work to a variety of general office tasks. Today I was asked to scrub one of his home computers of viruses and other malware.
First thing I noticed besides running slowly was that the computer had no firewall, and that his kids liked to download stuff off torrents. I fixed that with a download of Comodo. I then noticed that IE 6 acted funny by denying access to some sites (Yahoo, sometimes Google) but had no problems accessing other sites. I installed Firefox and had no problems from there. I also downloaded a host of anti-spyware programs and they cleaned up a number of adware and spyware programs.
I checked the computer’s copy of Avast! antivirus and noted that it intercepted several viruses in the recent past… but once Comodo came online and started monitoring Web-enabled programs, I noticed that many of them were related to this system file:
C:WINDOWS\System32[b]sorcpnz.exe[/b]
Comodo would prompt me and tell me that sorcpnz.exe “has modified in memory. This is typical of Virus, Trojan and Spyware behaviour.” This included necessary programs such as Firefox and IE. I Googled and Yahoo’d sorcpnz and found nothing. Absolutely nothing!
So, is sorcpnz.exe a legitimate system file (I’ve never heard of it before, and never saw it reported on my own computer’s copy of Comodo, or is it an as-yet unknown malware/virus program? Comodo had nothing on the sorcpnz either, but I made sure to send it to Comodo for analysis, as well as block further attempts to connect to the internet.
If anyone can help, please do so. I don’t want to have to mindwipe my employer’s computer if I don’t have to.