[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 66
  • Last Modified:

What is hoipcy.exe

There are a number of hoipcy.exe processes running using 100% CPU. What is this and can I stop it?
0
JOBAST
Asked:
JOBAST
  • 4
  • 3
  • 3
4 Solutions
 
KimputerCommented:
Sounds like a random name, and since there are several, and running at 100%, I'm just about as 100% sure it's malware/virus/spambot etc. Time to shutdown your computer and use a boot cd (Avast, AVG, whatever you can get your hands on, preferably newly created) and remove it.
0
 
awawadaCommented:
Upload hoipcy.exe to https://www.virustotal.com/
0
 
JOBASTAuthor Commented:
virustotal suggests this is Punto Switcher which is a Russian piece of software that changes keyboard settings to a Russian layout if it detects a certain combination of characters. It does not suggest that it is a virus or malware. After a few attempts to End the processes I deleted the file  but it reappeared. I tried the same again but I deleted the folder it was in. Again this was recreated.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
awawadaCommented:
Do you need Punto Switcher ?
0
 
JOBASTAuthor Commented:
No, I don't need Punto Switcher.
0
 
KimputerCommented:
I'd still recommend what I said earlier, as it's not normal for any software to use  the random name, the come back after you delete it, and to use up 100%
It's most likely this file is a result of the real virus hiding somewhere else.
0
 
awawadaCommented:
Uninstall Punto Switcher and see if you still have the file.

 @Kimputer
During a BootCD SCAN, most malware processes are not running and a heuristic detection can't detect them.

Malware processes must be active while doing a scan so scanning is not going to be as effective.

Windows File Protection is not used when scanning a BOOT CD, so if a crucial system file like userinit.exe or explorer.exe are infected the scanner will delete these files (no question asked) as opposed to just pointing out that these files are infected. Since WFP is not used, the deleted system files are not replaced and when you put the drive back, the user won't be able to login. If it is the explorer.exe that was deleted then explorer won't load leaving the user with no desktop icons/taskbar.

Have a look:
http://www.experts-exchange.com/Software/Anti_Spyware/A_6650-Malware-Fighting-Best-Practices.html
0
 
KimputerCommented:
Still recommending boot cd, as anti virus experts override "best practice" guides:
See how all the big name companies respond after years of top level expertise:

www.sophos.com/en-us/support/knowledgebase/52053.aspx

Examples of use

Scenario A: Operating System files have been compromised, unable to clean from Windows.

In this scenario Sophos Anti-virus has detected the virus and attempted cleanup but the machine (disconnected from the network) continues to become infected. The virus has managed to infect the machine and compromise legitimate operating system and application files which cannot be cleaned whilst running from within Windows. Use Sophos Bootable Anti-Virus with the disinfect option to clean the machine.
The scan completes and after running a second disinfect scan no further files are detected. The system is now clean, so reboot back into Windows and monitor it.

Scenario B: Infected Master Boot Record (MBR)

In this scenario Sophos Anti-Virus has detected malware that has infected the Master Boot Record (it can be identified by the detection name containing the word “MBR”). The MBR cannot be disinfected from within Windows as the virus responsible will be monitoring it. You must reboot into Sophos Bootable Anti-Virus and run a disinfect scan.
Once the scan has completed and disinfected the MBR, run a detect only scan to ensure that cleanup was successful and that no other infected files exist. If clean, reboot back into Windows and monitor.

www.comodo.com/business-security/network-protection/rescue-disk.php

Includes full AV scanning engine capable of removing rootkits embedded so deeply they cannot be removed with CCE for Windows

I could list all the av names and their articles as every single one has the same articles and this has been the industry standard for year.

While you mention unfortunate deletion of files leaving a computer unusable, it can be fixed afterwards and at least it will clean, instead of continuing with a computer that keeps infecting other systems and spamming the world.
0
 
JOBASTAuthor Commented:
Wow, I didn't expect the debate but all comments are useful.

I don't have Punto Switcher installed. The hoipcy.exe just seems to be masquerading as Punto Switcher.

I'm going to try the boot cd option but I think the virus/malware has got at my McAfee software as my scheduled scans do not seem to have been taking place and the date/time of the next scheduled scan seems to be always a few minutes away. When I try to run a scan manually I get an error message "An unexpected problem occurred during your scan. Please click OK to go back to the homepage, and then try running your scan again.". This happens no matter which type of scan I select.
0
 
KimputerCommented:
There's always a small window between a new virus and detection by a virus scanner (always a cat & mouse game, where sometimes residential heuristics scan fails).
In the event a virus does get through, depending on how well it's programmed, it could have the "upper hand", and will always "win" when Windows is started (either by hiding by special code hooked during booting, or other types of nasty code), no matter what program you throw at it.
That's why ALL virus vendors have made boot cd's available.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now