HELP! Windows cannot find copy.exe

By ragxyz
Jan 27, 2007
Topic Status:
Not open for further replies.
  1. Anyone knows about this stuff? I can't open my drives and this message keeps on popping every time i try to. Is this a virus?

    here is my avg antispyware log and hijackthis log. please take a look. thanks
  2. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.


    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Delete all files in AVG Antispyware quarantine.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\svchost.exe<Do not delete any other svchost.exe files.

    Reboot into normal mode and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :wave: :wave:

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    new HJT log

    Thanks. I followed the instructions but I didn't find the C:\WINDOWS\svchost.exe. Also, I still can't open my C and D drives. I have to find files through the "Search" feature.

    How can I open my C and D drives again?
  4. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Your HJT log is now clean.

    Please can you give me the exact message you receive, when you try and open a cd drive?

    By open, I take it you mean when you press the open tray button?

    Regards Howard :)

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. focus_water

    focus_water Newcomer, in training Posts: 182

    search for a program called analyze.exe and delete it.
  6. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Please stop giving incorrect advice. Analyze.exe is HijackThis.exe that`s been renamed and is not nasty. The reason for renaming HijackThis.exe is due to some malware being able to hide from the HijackThis.exe file name.

    Regards Howard :)

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    the analyze.exe is the HJT file i renamed...i can't delete it
  8. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    the message

    here's what the message looks like... please see attached file...
    i ran the kaspersky online scanner and it found something but they cant fix it...
    i also ran trendmicro but it stuck when it found the host.exe, i have to close it...

    Attached Files:

  9. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Ok, try this.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.


    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    copy.exe
    host.exe

    Close task manager.

    Search your system for the above two files and delete them if found.

    Reboot into normal mode and rehide your protected OS files.

    Let me know the outcome please.

    Regards Howard :)

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  10. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    I already have done that. there are no more copy.exe and host.exe in my files or in the processes list.
    My AVG antispyware have found tracking cookies and a trojan.copier. DOes it have something to do with it?

    Thanks for the help.

    i found this on the net. hope this info helps about finding the solution...
    http://www.auditmypc.com/process/copy.asp

    I was looking into the regedit and foudn this HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

    i am not familiar with the name Mountpoints2... so i tried to delete it...
    after a while, i can open again my C and D drives

    HEhhe
    I am relieved. BUt I am not yet sure if I have done the right thing. Please have a check.

    Thanks.
  11. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    I`m glad your appear to have solved your problem. However, I`m not convinced you system is clean yet. Please do the following.

    Download and run the Blacklight programme. follow all the instructions carefully.

    Download combofix.exe. Double click combofix.exe & follow the prompts. A window will open with a warning. Type "Y" (and Enter) to start the fix. When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log and the Blacklight results. Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Regards Howard :)

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  12. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    Thanks a lot!
    I remember where i got that virus. I was using my USB flash drive and it acted that way ever since.
  13. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    I suggest you reformat your flash drive to get rid of any nasty files on there.

    Run the programmes above and post the results.

    Regards Hioward :)

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    I run the blacklight program and it says that there are no hidden files found. I tried running the comobofix but it tells me not to rename the file even if i haven't done anything like that.
  15. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Try running combofix from safe mode.

    Regards Howard :)

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  16. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    combofix log

    Here is the log from combofix...
    Regards too...
    :)
  17. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    That looks fine mate.

    See how things go for a day or two and post back if you have any further problems.

    Regards Howard :)

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  18. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    Thanks!
    I have been running AVG ANti-spyware over and over again and it keeps on detecting the tracking cookies, and i kept on performing the suggested action- which is to delete. DO you think this has something to do with the copy.exe virus?

    By the way, i just reformatted my disk this morning. Been infected by brave sentry before, I was able to bring it back to normal, thanks for your help. BUt i still reformatted it because of some trojans left.
  19. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Use the CCleaner programme in this thread HERE, that should get rid of all your cookies. I don`t think tracking cookies have anything to do with the virus you had. You`re probably getting them from some website you visit.

    You should also install the Spyware Blaster programme, update it and enable all protection. This will prevent a lot of cookies etc from getting on your system is the first place. Spyware Blaster.

    Regards Howard :)

    This thread is for the use of ragxyz only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  20. ragxyz

    ragxyz Newcomer, in training Topic Starter Posts: 24

    Thanks a lot for the help!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.