Trojan.Proscks, I can't clean, quarantine, or delete

[JimmyD]

Hi, I've discovered my system has the Trojan.Proscks virus, and this has
infected my c:\windows\system32\svchost.exe and \system32\proxy.dll files.
My Norton A/V could not clean, quarantine the files, so it left them alone.
I tried to delete the infected files (within the Norton progam), but was
unable. I went to the Symantic web page and followed the removal
instructions and still could not delete the files. System Recover disabled
and running in SafeMode, I did another scan of the infected files, and got
the same...could not clean, quarantine, or delete. I also tried to find the
files and delete them from Windows Explorer and could not. Symantic listed
the virus as LOW theat, so I put the issue on hold.

Now, I've tried to install XP Service Pack 3, and it gets to the point where
it wants to copy the \system32\svchost.exe file, and cannot. At this point I
cancelled the install.

Can anyone tell me how to clean the svchost.exe and proxy.dll file? Are
these files essencial to XP? What's my next move?

Thanks....

 

[Shenan Stanley]

Hi, I've discovered my system has the Trojan.Proscks virus, and
this has infected my c:\windows\system32\svchost.exe and
\system32\proxy.dll files. My Norton A/V could not clean,
quarantine the files, so it left them alone. I tried to delete the
infected files (within the Norton progam), but was unable. I went
to the Symantic web page and followed the removal instructions and
still could not delete the files. System Recover disabled and
running in SafeMode, I did another scan of the infected files, and
got the same...could not clean, quarantine, or delete. I also
tried to find the files and delete them from Windows Explorer and
could not. Symantic listed the virus as LOW theat, so I put the
issue on hold.

Now, I've tried to install XP Service Pack 3, and it gets to the
point where it wants to copy the \system32\svchost.exe file, and
cannot. At this point I cancelled the install.

Can anyone tell me how to clean the svchost.exe and proxy.dll file?
Are these files essencial to XP? What's my next move?

Format and use your backups to restore your personal data after you cleanly
install.

 

[Jim]

Format and use your backups to restore your personal data after you
cleanly install.

Also, never install a service pack in the hope that it will solve your
problem. The most likely
outcome would be even more problems.
Jim

 

[David H. Lipman]

From: "JimmyD" <[email protected]>

| Hi, I've discovered my system has the Trojan.Proscks virus, and this has
| infected my c:\windows\system32\svchost.exe and \system32\proxy.dll files.
| My Norton A/V could not clean, quarantine the files, so it left them alone.
| I tried to delete the infected files (within the Norton progam), but was
| unable. I went to the Symantic web page and followed the removal
| instructions and still could not delete the files. System Recover disabled
| and running in SafeMode, I did another scan of the infected files, and got
| the same...could not clean, quarantine, or delete. I also tried to find the
| files and delete them from Windows Explorer and could not. Symantic listed
| the virus as LOW theat, so I put the issue on hold.

| Now, I've tried to install XP Service Pack 3, and it gets to the point where
| it wants to copy the \system32\svchost.exe file, and cannot. At this point I
| cancelled the install.

| Can anyone tell me how to clean the svchost.exe and proxy.dll file? Are
| these files essencial to XP? What's my next move?

| Thanks....

It is a Trojan and not a virus and it looks like the Trojan "trojanized" the legitimate
SVCHOST.EXE file.

That means the Trojans has added code (prepended, appended, etc) to the EXE file to make
SVCHOST.EXE do it bidding.

You have two options.

1. Follow Shenan Stanley's advice.

2. Load the WinXP Recovery Console and logon as "administrator" and replace
%windir%system32\svchost.exe with a legitimate copy.
The legit, file should be found in; %windir%\ServicePackFiles\i386\svchost.exe you can
tell if it is 14KB and 5.1.2600.5512 (SP3) dated; 04/14/2008

 

[Phillip]

Actually , doing Windows XP Recovery Console is first thing to do.
So , I prefer the option two of David H . Lipman . Good luck !