Wordpress Themes
« How to delete BOOT.VBS, DXDLG.EXE,WPROXP.EXE trojan viruses, basic steps
How to know what a Trojan Horse does to your PC »

How to remove with advanced steps – BOOT.VBS, DXDLG.EXE,WPROXP.EXE trojan viruses

From my previous posts, the recommended methods should do the trick for most generic and
straight forward Trojan viruses. However, some of these wproxp.exe, dxdlg.exe and boot.vbs
can be quite a pain in the neck and need a stronger dose of solution to get it right.

The advanced steps below require the use of Trend Micro which I used to eradicate it completely but the steps are quite complicated. As a precautionary step, you MUST own a copy of TrendMicro Internet antivirus software first. You may get one here so that the latest virus data file is there.


US - PC-cillin Internet Security 2009

 RUN SYSCLEAN:

1. Create a new folder on your Desktop named “SYSCLEAN”
2. Click on his link then save it to your Desktop:
http://www.trendmicro.com/ftp/products/tsc/sysclean.com
3. Once finish, copy the sysclean.com file to the “SYSCLEAN” folder.
4. Click on his link then save it to your Desktop:
http://www.trendmicro.com/ftp/products/pattern/cpr/lpt465.zip
5. Open lpt465.zip file then right click on the lpt$vpn.465 then choose Copy.
6. Right click on the “SYSCLEAN” folder then choose Paste.
7. Open the “SYSCLEAN” folder then you should have two files in it [sysclean.com and lpt$vpn.465]
8. Click on his link then save it to your Desktop:
http://www.trendmicro.com/ftp/products/pattern/spyware/ssapi/

ssapiptn671.zip
9. Open ssapiptn671.zip file then right click on the ssapiptn.da5 then choose Copy.
10. Right click on the “SYSCLEAN” folder then choose Paste.
11. Open the “SYSCLEAN” folder then you should have three files in it [sysclean.com, lpt$vpn.465 and ssapiptn.da5]
12. Under safe mode, double click on sysclean.com then complete the scan.

Restart back to Normal Mode.

Go to this link and download Process Explorer and save it to your Desktop:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Extract the file to your Desktop

Go to this link and download the AutoRuns and save it to your Desktop:
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Extract the file to your Desktop

Run Process Explorer and Kill the Following Processes:
wscript.exe
dxdlg.exe

Run Autoruns and under logon tab, remove
C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\boot.vbs
Search for entries named wproxp and remove it

Remove the following files from your PC:
C:\WINDOWS\system32\dxdlg.exe
wproxp.exe (Most probably in your system32 or windows folder)
C:\WINDOWS\system32\boot.vbs

Restart back to normal mode.

Enjoy a virus free PC secured environment.

This entry was posted on Thursday, September 18th, 2008 at 3:47 pm and is filed under PC Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.