PCBugSquad

The Proscks Trojan modifies files on the compromised computer and connects to a remote server. Once infected you will be shown pop-up advertisements on your computer.

When infected the Trojan.Proscks.C malware will create the following files:

• %Temp%\RarSFX0\IPHOST.DLL
• %Temp%\RarSFX0\iphy.dll
• %Temp%\RarSFX0\xExe.dll
• %Temp%\RarSFX0\loaderSvc.exe
• %System%\IPHOST.DLL
• %System%\_proxy.dll
• %System%\iphy.dll
• %System%\fhpatch.dll
• %System%\fiplock.dll
• %System%\IpSvchostF.dll

Next, the Trojan copies the file %System%\svchost.exe to the following location:

%System%\[EIGHT RANDOM CHARACTERS]

It then modifies %System%\svchost.exe so that the following file is executed every time Windows starts:

%System%\IPHOST.DLL

The Trojan then downloads a .dll file from a remote location and saves it as %System%\IPHACTION.dll.

Automatic Removal Method

If you are infected with this malware, then we suggest you use Symantec Antivirus to remove this infection. The current definitions for Symantec Antivirus contains methods of removing this virus.

Download Symantec Antivirus to scan your computer for free

Manual Removal Instructions for

End these processes:

Learn how to end processes

loaderSvc.exe

Delete these files:

Lean how to remove files

%Temp%\RarSFX0\IPHOST.DLL
%Temp%\RarSFX0\iphy.dll
%Temp%\RarSFX0\xExe.dll
%Temp%\RarSFX0\loaderSvc.exe
%System%\IPHOST.DLL
%System%\_proxy.dll
%System%\iphy.dll
%System%\fhpatch.dll
%System%\fiplock.dll
%System%\IpSvchostF.dll

This entry was posted on Tuesday, July 29th, 2008 at 12:13 pm and is filed under Malware Removal Guide, Trojan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.