Re: Trojan.Proscks, I can't clean, quarantine, or delete



From: "JimmyD" <JimmyD@xxxxxxxxxxxxxxxxxxxxxxxxx>

| Hi, I've discovered my system has the Trojan.Proscks virus, and this has
| infected my c:\windows\system32\svchost.exe and \system32\proxy.dll files.
| My Norton A/V could not clean, quarantine the files, so it left them alone.
| I tried to delete the infected files (within the Norton progam), but was
| unable. I went to the Symantic web page and followed the removal
| instructions and still could not delete the files. System Recover disabled
| and running in SafeMode, I did another scan of the infected files, and got
| the same...could not clean, quarantine, or delete. I also tried to find the
| files and delete them from Windows Explorer and could not. Symantic listed
| the virus as LOW theat, so I put the issue on hold.

| Now, I've tried to install XP Service Pack 3, and it gets to the point where
| it wants to copy the \system32\svchost.exe file, and cannot. At this point I
| cancelled the install.

| Can anyone tell me how to clean the svchost.exe and proxy.dll file? Are
| these files essencial to XP? What's my next move?

| Thanks....

It is a Trojan and not a virus and it looks like the Trojan "trojanized" the legitimate
SVCHOST.EXE file.

That means the Trojans has added code (prepended, appended, etc) to the EXE file to make
SVCHOST.EXE do it bidding.

You have two options.

1. Follow Shenan Stanley's advice.

2. Load the WinXP Recovery Console and logon as "administrator" and replace
%windir%system32\svchost.exe with a legitimate copy.
The legit, file should be found in; %windir%\ServicePackFiles\i386\svchost.exe you can
tell if it is 14KB and 5.1.2600.5512 (SP3) dated; 04/14/2008

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


.