Is This New/Unknown malware?

I work for an attorney in my city, and my duties range from billable client work to a variety of general office tasks. Today I was asked to scrub one of his home computers of viruses and other malware.

First thing I noticed besides running slowly was that the computer had no firewall, and that his kids liked to download stuff off torrents. I fixed that with a download of Comodo. I then noticed that IE 6 acted funny by denying access to some sites (Yahoo, sometimes Google) but had no problems accessing other sites. I installed Firefox and had no problems from there. I also downloaded a host of anti-spyware programs and they cleaned up a number of adware and spyware programs.

I checked the computer’s copy of Avast! antivirus and noted that it intercepted several viruses in the recent past… but once Comodo came online and started monitoring Web-enabled programs, I noticed that many of them were related to this system file:


Comodo would prompt me and tell me that sorcpnz.exe “has modified in memory. This is typical of Virus, Trojan and Spyware behaviour.” This included necessary programs such as Firefox and IE. I Googled and Yahoo’d sorcpnz and found nothing. Absolutely nothing!

So, is sorcpnz.exe a legitimate system file (I’ve never heard of it before, and never saw it reported on my own computer’s copy of Comodo, or is it an as-yet unknown malware/virus program? Comodo had nothing on the sorcpnz either, but I made sure to send it to Comodo for analysis, as well as block further attempts to connect to the internet.

If anyone can help, please do so. I don’t want to have to mindwipe my employer’s computer if I don’t have to.

have you tried any online scanner, to see what they might come up with?

You can also submit the file to for checking and a response.

I didn’t turn up anything on searches either, not even with full path, or filename only (with no extension). I sure would be suspicious, though. The rule of thumb with CFP and the ABA alerts like you’re getting is that if you know the applications in question, you may safely allow. If you do not know them, there may be a problem and it should be denied.

Can you manually quarantine the file with Antivir?


I’m running TrendMicro’s utility right now. I’ll post results when it’s done. As for the programs in question, I recognized the vast majority of them, but sorcpnz has tried to modify nearly all of them. I’ll see if Avast! can quarantine the file. Avast hasn’t even identified it as a problem file.

This topic should be moved from CFP Help to malware removal or something more fitting, but I don’t know which one.

sorcpnz.exe is not on google :o

Try this thread: Good Removal Programs

I knew that was somewhere!

It is in malware removal…


If you want to post a Hijackthis log, i am more than happy to look it over!!