Q: My Norton Internet Virus detected Backdoor.Trojan. The object file has the following address:c:\WINDOWS\System32\scrsvc.exe. I could not find any removal tool. I would like to know whether the deletion of the file will affect the normal working of my PC. Also, please suggest if there is any removal tool specifically for this Trojan horse.
A: This file scrsvc.exe does not seem to be a system file and you may delete it. But first, install and run anti-spyware tools. Ad aware SE Personal Edition 1.06 can be downloaded from http://www.download.com/3000-8022-10045910.html and spybot - Search & Destroy 1.4 is available at http://www.download.com/3000-8022-10122137.html. Check whether this detects the Backdoor.Trojan scrsvc.exe and delete the file.
If not, you can perform an online Trojan scan at the following URL- http://www.windowsecurity.com/trojanscan/ by clicking the “Scan my computer for Trojans” button. Then click yes for the Security Warning dialog box component to run. This will scan your system for Trojans.
If your problem is still unresolved, you can try directly deleting the scrsvc.exe file.
If you are unable to delete, restart into safe mode (press F8 key) and delete this file. Also, check and delete unwanted search engine site address entries in the hosts file (located in c:\windows\system32\drivers\etc\).
In windows NT/2000/XP/2003, you will also need to edit the following registry entry. The removal of this entry is optional in windows 95/98/Me. To delete registry entries, click start – run – type regedit. This will bring up the registry editor.
Before you edit the registry, you should make a backup. On the Registry menu, click “Export Registry File”. In the Export range frame below, click All, then save your registry as Backup.
Next locate the HKEY_LOCAL_MACHINE entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and on the right pane, check for scrsvc, scrsvc.exe entries and delete it if it exists. Close the registry editor. For more info, refer the following URL: http://www.sophos.com/virusinfo/analyses/trojagentds.html
A: This file scrsvc.exe does not seem to be a system file and you may delete it. But first, install and run anti-spyware tools. Ad aware SE Personal Edition 1.06 can be downloaded from http://www.download.com/3000-8022-10045910.html and spybot - Search & Destroy 1.4 is available at http://www.download.com/3000-8022-10122137.html. Check whether this detects the Backdoor.Trojan scrsvc.exe and delete the file.
If not, you can perform an online Trojan scan at the following URL- http://www.windowsecurity.com/trojanscan/ by clicking the “Scan my computer for Trojans” button. Then click yes for the Security Warning dialog box component to run. This will scan your system for Trojans.
If your problem is still unresolved, you can try directly deleting the scrsvc.exe file.
If you are unable to delete, restart into safe mode (press F8 key) and delete this file. Also, check and delete unwanted search engine site address entries in the hosts file (located in c:\windows\system32\drivers\etc\).
In windows NT/2000/XP/2003, you will also need to edit the following registry entry. The removal of this entry is optional in windows 95/98/Me. To delete registry entries, click start – run – type regedit. This will bring up the registry editor.
Before you edit the registry, you should make a backup. On the Registry menu, click “Export Registry File”. In the Export range frame below, click All, then save your registry as Backup.
Next locate the HKEY_LOCAL_MACHINE entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and on the right pane, check for scrsvc, scrsvc.exe entries and delete it if it exists. Close the registry editor. For more info, refer the following URL: http://www.sophos.com/virusinfo/analyses/trojagentds.html
