Financial Daily from THE HINDU group of publications
Monday, Aug 15, 2005
eWorld
Features
Stocks
Port Info
Archives
Google

Group Sites

 eWorld - Computer Usage
Columns - Tip Off


Deleting file

My Norton Internet Virus detected Backdoor.Trojan. The object file has the following address: c:\WINDOWS\System32\scrsvc.exe. I could not find any removal tool. I would like to know whether the deletion of this file will affect the normal working of my PC. Also, please tell me if there is any removal tool specifically for this Trojan Horse.

Anuj Jain

This file scrsvc.exe does not seem to be a system file and you may delete it. But first, please install and run anti-spyware tools. Ad-aware SE Personal Edition 1.06 (2.72MB size) can be downloaded from http://www.download.com/3000-8022-10045910.html and spybot - Search & Destroy 1.4(size 4.8MB) is available at http://www.download.com/3000-8022-10122137.html. Check whether this detects the Backdoor.Trojan scrsvc.exe file and delete the file.

If not, you can perform an online Trojan scan at the following URL: http://www.windowsecurity.com/trojanscan/ by clicking the "Scan my computer for Trojans" button. Then click yes for the Security Warning dialog box (3468KB size) component to run. This will scan your system for Trojans.

If your problem is still unresolved, you can try directly deleting the scrsvc.exe. file.

If you are unable to delete, restart into safe mode (press F8 key) and delete this file. Also, please check and delete unwanted search engine site address entries in the hosts file (located in c:\windows\system32\drivers\etc\).

In Windows NT/2000/XP/2003, you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. To delete registry entries, click start - run - type regedit. This will bring up the registry editor.

Before you edit the registry, you should make a backup. On the Registry menu, click "Export Registry File". In the Export range frame below, click All, then save your registry as Backup.

Next locate the HKEY_LOCAL_MACHINE entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and on the right pane, check for scrsvc, scrsvc.exe entries and delete it if it exists. Close the registry editor. For more information, please refer to the following URL:

http://www.sophos.com/virusinfo/analyses/trojagentds.html

Please e-mail us at eworld@thehindu.co.in

if you have queries on computer usage or if you find an interesting way of using a computer.

Solution by M. Sampath

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

TMB Ltd

Stories in this Section
Cracking secrets

One time for all
Wings to roam
That's how big the opportunity is
In a snap
Search sans clutter
Fight for turf
Deleting file
Connection hitch
EDS: Cognizant of its strengths
`Push'ing complexity into e-mails
Quiz
You can't hide an elephant
Cartoon
`Balanced view'

The Hindu Group: Home | About Us | Copyright | Archives | Contacts | Subscription
Group Sites: The Hindu | Business Line | The Sportstar | Frontline | The Hindu eBooks | The Hindu Images | Home |

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line