File Investigation Report

SVCIPA.EXE

System Back Door

PC Cleanup in 3 Easy Steps

Use Prevx 3.0 to remove SVCIPA.EXE, along with any other viruses, spyware, adware, trojans, rootkits, worms, information stealers, keyloggers, bots, and other form of malicious threat that may reside on your PC.

Remove this Infection »

PC Magazine, Editors' Choice, May 2009

Think your PC might be Infected? Scan Now Prevx 3.0 will scan your PC in seconds to inform you whether your PC is clean or infected.
Malware Removal Prevx 3.0 removes adware infections for free. More complicated infections require purchase of a malware removal license.
Expert Assistance In the rare occurence that Prevx 3.0 malware removal fails - a Prevx Engineer will connect to your PC and manually disinfect.
Money Back Guarantee for Individual Users If within the first 14 days, the Prevx Engineer finds it impossible to clean an infection from your PC, we give you your money back.

Associated Malware Groups

The filename is associated with the malware groups:

System Back Door
Cloaked Malware

File Behavior

SVCIPA.EXE has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process
Writes to another Process's Virtual Memory (Process Hijacking)
Terminates Processes
Injects code into other processes
Executes a Process
This Process is a file infector which modifies program files to include a copy of the infection
Looks at the contents of the autoexec.bat file
Reads email address and phone book details
Visits web sites on your PC without you knowing
Creates, modifies or schedules batch jobs
Can communicate with other computer systems using HTTP protocols
This Process Deletes Other Processes From Disk
Registers a Dynamic Link Library File
This process creates other processes on disk
Enables the system to use a Communications Proxy Server
The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
Modifies Windows Initialization And System Settings Used On Start up
Adds a Registry Key (RUN) to auto start Programs on system start up
Makes outbound connections to other computers using NETBIOSOUT protocols

SVCIPA.EXE has been the subject of the following behavior:

Executed by Internet Explorer
Executed as a Process
Copied to multiple locations on the system
Registered as a Dynamic Link Library File
Created as a process on disk
Has code inserted into its Virtual Memory space by other programs
Deleted as a process from disk
Terminated as a Process

Country Of Origin

The filename SVCIPA.EXE was first seen on Jun 2 2007 in the following geographical regions of the Prevx community:

VENEZUELA on Jun 2 2007
SPAIN on Jun 2 2007
The UNITED STATES on Jun 24 2007
The EUROPEAN UNION on Aug 14 2007
GERMANY on Aug 14 2007
NETHERLANDS on Aug 14 2007

File Name Aliases

SVCIPA.EXE can also use the following file names:

N3UAR3SF.EXE
ABE0FGPC.EXE
AU2ADD0I.EXE
RRQC1M1D.EXE
I2GJ4850.EXE
FWYT8MFJ.EXE
SB074B31.EXE
EAXM2P33.EXE
FS4LS5FM.EXE
K2LJM28Y.EXE
PKS3YE6J.EXE
QXB4XO2G.EXE
Y20YKI8F.EXE
KQVO8SQ3.EXE
WEE3YT01.EXE
PX33NCFR.EXE
IT561TNM.EXE
O03JK0BC.EXE
B1MFCEP6.EXE
O7UO30TE.EXE
F42D5QWD.EXE
K14XXE57.EXE
KX06QC2E.EXE
UXOA18TW.EXE
QN83E88H.EXE
UPX6CDX1.EXE
VI2OW851.EXE
CQOGBG2X.EXE
I7DY6JP3.EXE
YQLI04E8.EXE
XVWQFVCI.EXE
P3VUC73W.EXE
SMBGC1S1.EXE
L2R01SI0.EXE
QK4F7D55.EXE
T6GN4VPB.EXE
YP7TUG2B.EXE
KF10K21O.EXE
R2JFYEEB.EXE
YNE6GM31.EXE
GB03OA0Y.EXE
DC84A6XE.EXE
EK3Y562J.EXE
R32UP3XO.EXE
MEELPV20.EXE
XYV74KB5.EXE
OTFFPQ0T.EXE
S12ASEQC.EXE
WNL0UHSU.EXE
VC5BGIB6.EXE
VVALERLF.EXE
LI767RLS.EXE
R1EAGNK2.EXE
D6Q1E0H0.EXE
BFOIASC1.EXE
U633UWXM.EXE
E8GI78DS.EXE
UJ1K38JG.EXE
X4C0PE6A.EXE
O32VU8UE.EXE
DE3NMU22.EXE
D6MOBFUW.EXE
I6BS10X8.EXE
CPR1FQL5.EXE
JRP07E4E.EXE
VIIDMTAK.EXE
WIS5K5MS.EXE
DFOETGTU.EXE
FSDBIPDC.EXE
RRAXCA27.EXE
M8L34G2D.EXE
F3T5H6CB.EXE
N24NI6F7.EXE
PMUBSMTL.EXE
OWID5UHO.EXE
BO5WJ7TG.EXE
BBM2AMR2.EXE
I6X414VH.EXE
IJNR7HKG.EXE
GYK65RKV.EXE
CW73XKI8.EXE
IVHX8A6C.EXE
NT8EEQAU.EXE
OVGUBLDO.EXE
CUOIOXF5.EXE
D2JR1FVN.EXE
PGCBE6S7.EXE
FHQ385RY.EXE
V450WYSW.EXE
S02VJQEH.EXE
KF58GYKD.EXE
LXQ78Y5R.EXE
C6E53FQK.EXE
L4GAVLNW.EXE
CHPV654B.EXE
RA77I47B.EXE
CGORW5BR.EXE
V521P76O.EXE
S3P648T7.EXE
KHVHOHKD.EXE
YLBFJUBT.EXE
QV002BS0.EXE
WV22YBN3.EXE
GMA108LC.EXE
RP24FBH1.EXE
GVFKDSM5.EXE
LSQLA60C.EXE
WEGCWYAS.EXE
DMEESTH6.EXE
C3S6S4UK.EXE
P1L8FX7C.EXE
KV21RFYI.EXE
LQ50Q83W.EXE
DDCUML1X.EXE
CDUSUWJV.EXE
Y47TFXYK.EXE
JD363RLT.EXE
XQUXPA6L.EXE
P4C2ERO4.EXE
JIPYPI3D.EXE
B25HME4O.EXE
AH8QUNGY.EXE
M86I88PY.EXE
KGTMN4QK.EXE
WCM1F1IW.EXE
OCAF544F.EXE
O37POUII.EXE
U40SDJ05.EXE
HG1AVOFP.EXE
S1RKRT47.EXE
Q4DQDN0Y.EXE
PGBO14PG.EXE
TGRB72W0.EXE
AYTICK05.EXE
B8I8OBP4.EXE
OAGFGL85.EXE
YTBNAQHX.EXE
RYEOGBL8.EXE
T75FP2O2.EXE
HXA1X43I.EXE
DY547KN1.EXE
P3OT23MB.EXE
N5HD1T0F.EXE
HJS4MAM7.EXE
SI1W8PS7.EXE
T4SFB51E.EXE
L4DYB5WJ.EXE
O1I8FIXX.EXE
C8YVT1XS.EXE
DFRMMVO1.EXE
ILTYKA35.EXE
V77H1WGP.EXE
E5755ROL.EXE
SPBSD6X0.EXE
UU8NPQJ4.EXE
F4815FOY.EXE
U5LYQLQK.EXE
A0NUM724.EXE
TCN7ID3J.EXE
CT6K4F8G.EXE
G2VQ6GOQ.EXE
AHO1WO5U.EXE
OSI83GD1.EXE
ONJPD4G5.EXE
L65UN381.EXE
L2I70HSL.EXE
G76C1DSS.EXE
XM0T70RK.EXE
EX8W460H.EXE
AWBUG2FD.EXE
LC0WF3QE.EXE
OKC04KCO.EXE
EF7C3QH6.EXE
U70HLMX3.EXE
W3YJLYA1.EXE
LC6UGUNM.EXE
O0P2WM16.EXE
LG3O2HWX.EXE
CXC3GJT0.EXE
S5JPF41F.EXE
F6G7JW5A.EXE
XD635LC3.EXE
RY1U2LTQ.EXE
AXVA76CO.EXE
HF46X8YH.EXE
UU7C76UD.EXE
RQUR7R4M.EXE
WF6VVJ5N.EXE
J1XQ6F5A.EXE
DUQP0S3J.EXE
XQ7D5ILX.EXE
M2KOTA7I.EXE
YROPD30T.EXE
AS25E6RF.EXE
P143D55V.EXE
XYT2XPXQ.EXE
RMD1A57R.EXE
L80EG8FN.EXE
NL461W63.EXE
A6MV1E8P.EXE
HQ3YQNGO.EXE
L13E32R2.EXE
EIKLQX73.EXE
LQO4V687.EXE
A6KOQ7TF.EXE
CR7D2TDY.EXE
JJBNO7X6.EXE
O3XR6GHK.EXE
M0VBQ4WE.EXE
V401DO65.EXE
ICY4OSW8.EXE
T8PJ4R7Y.EXE
Y2MURV7T.EXE
R0LD3PQM.EXE
LO2KM4UF.EXE
QMHB6PWE.EXE
P5PTK3XO.EXE
Y6DIOWTY.EXE
DQPORN5D.EXE
F4F228EB.EXE
BGSLE1M3.EXE
GT5A2F2O.EXE
V36U3E7M.EXE
Y37HSMHT.EXE
AJ633PIR.EXE
R4BYI007.EXE
REX4IAAQ.EXE
PVT4PYPR.EXE
M67XK0QF.EXE
J8JXAIV4.EXE
WT83S45Y.EXE
LM0484U4.EXE
I0SQFGKF.EXE
YBG8WDAD.0XE
H3N14SA6.EXE
IHGNOBAC.EXE
VPD4PTR5.EXE
HMMVEB4N.EXE
U4A63WN0.EXE
E6S3LRE8.EXE
YTGO8TF1.EXE
PLMXM3KD.EXE
V5G0T3OF.EXE
RYLX6NPG.EXE
RJHW4TH8.EXE
AUUU8DSN.EXE
T0ICRAGX.EXE
R7CUQHUI.EXE
Y3MJCLC2.EXE
YT8D4GC0.EXE
I5HMJIUW.EXE
S5BJM7M1.EXE
NFCLU2AD.EXE
WDNH8N81.EXE
HTA3SQLG.EXE
OUIK8UB2.EXE
FREN7U05.EXE
65F12U1R.EXE~
DC1.EXE
0WHA632I.EXE
4M7XBGET.EXE
2NGJRLFX.EXE
7PG2XV8S.EXE
6F03F04K.EXE
DC20.EXE
3RA1P3J6.EXE
2488PQ4B.EXE
55MFA1QB.EXE
0W6NYH16.EXE
4015W8CQ.EXE
8US85VU3.EXE
44PMVXIH.EXE
623NTRWB.EXE
8OG0BJ7W.EXE
0DA5GT7N.EXE
7G05UQB8.EXE
30CDNV6G.EXE
8ETSNFID.EXE
386TSFF1.EXE
72UDFG3R.EXE
6JVD0KNU.EXE
75EMT4B8.EXE
8348GDL1.EXE
5SVF401J.EXE
3TS5C100.EXE
3S3PC6BK.EXE
5T3UR8A5.EXE
4A0XSKM8.EXE
DC10.EXE
DC9.EXE
2UTC81UR.EXE
2JLTUCTP.EXE
246SLA3J.EXE
1P1SU68L.EXE
5G7D314H.EXE
21032KMT.EXE
22S7GXRG.EXE
6FM8L81I.EXE
7NFDNCQW.EXE
6MOI2K44.EXE
2YKGGWVB.EXE
1RBVVASE.EXE
50306JY8.EXE
2LIXX1L5.EXE
505PQ6S0.EXE
3VRN3NHI.EXE
5SHT1UHY.EXE
5YWW3B0W.EXE
03GAILHM.EXE
52SWV4N8.EXE
30VNSX82.EXE
6PO7TXYN.EXE
00NCEXAE.EXE
314E-006.EXE
86Q1U071.EXE
2HADRL3J.EXE
332B4M1X.EXE
55LJ7N0N.EXE
0RO4DYER.EXE
371T61BU.EXE
15BMTRQ0.EXE
08MMMW6O.EXE
36JO307S.EXE
0K6JTT13.EXE
6GQATHPV.EXE
82Q22J0O.EXE
3XS1JUB6.EXE
3VH7Q7I5.EXE
4K6R1A23.EXE
01R3SC4H.EXE
3YF30KCI.EXE
8JVR8MYL.EXE
8BA1MJ1D.EXE
40RV254E.EXE
47MWJ27D.EXE
88OR67AT.EXE
88T872P5.EXE
7DPII1D4.EXE
66J75CQF.EXE
3GJBLMTY.EXE
515W1L1M.EXE
3HOJ7G8Y.EXE
6XUDQAAY.EXE
62SCOFPC.EXE
8Q04YW7J.EXE
2N454N7A.EXE
7TV2K416.EXE
2F0J6R0J.EXE
4YA4BQNW.EXE
85VCDPQ2.EXE
6EYE85ND.EXE
74L0CCQ2.EXE
6WF8GHUP.EXE
5ATRI34C.EXE
0G1L6FOA.EXE
64AB0AID.EXE
64DNWH0W.EXE
SVCIPA.
145M7S0Q.EXE
3YNP0KUL.EXE
7IWK11XH.EXE
80NS6G7K.EXE
8Q1RJVM0.EXE
18M7QC87.EXE
0GW8GN8G.EXE
2BU73EBC.EXE
M6F02821.EXE
6YC6F11T.EXE
3M5708J2.EXE
37W23GBE.EXE
0V1GIXM3.EXE
4YSAI75C.EXE
38NCE3YF.EXE
6HAH365S.EXE
7R4VJIN6.EXE
7PP50O1W.EXE
8B2LFMBF.EXE
47577253.EXE
85968154.EXE

Filesizes

The following file size has been seen:

34,838 bytes
22,080 bytes
26,176 bytes
65,088 bytes
24,618 bytes
22,592 bytes

File Type

The filename SVCIPA.EXE is used by multiple object types including executable programs,objects.

File Activity

One or more files with the name SVCIPA.EXE creates, deletes, copies or moves the following files and folders:

Opens/modifes c:\autoexec.bat
Moves C:\Program Files\Prevx2\PXConsole.exe to "C:\Program Files\Prevx2\PXConsole.exe
Moves c:\windows\system32\dumprep 0 -k to c:\windows\system32\dumprep 0 -_

Website Activity

One or more files with the name SVCIPA.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.

194 .126 .193 .157 / ping / 52dda086797c3b034f01d4c1fb5a2f09c0cc371d89daf1e402ee52b3902bdb00 / 21
Port 80 IP:194.126.193.157

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.