|
proquota.exe is a process belonging to Microsoft (profile quota manager). You may be or may not be using this service. The file is located at C:\windows\system32\proquota.exe If you do a search on your hard disk, you will find this file in one more location at C:\windows\system32\dllcache\proquota.exe
If you take your mouse pointer over the search results you should see a popup window giving you the information about the process. Description:Proquota Company:Microsoft Corporation. The same filename is being used by some trojan horse viruses. Their strategy is as follows. Delete the original file from the computer. Create another file with the same name in another location. In this case the virus adds a file in C:\Window\System32\Wbem\proquota.exe . The folder Wbem in this case is a legitimate windows folder. So only delete the file in you find it in that location. You should also be able to find this process in the Task Manager. This virus itself is downloaded by another (unidentified) trojan that is already present on the infected computer so you should be cautious to find it out and remove it. This article provides thorough detection and removal instructions. All the tools/ software mentioned in this article are freeware.
|
Aliases: You can see a list of the aliases on this link |
| Turn system restore Off : The malicious files are also saved in the system restore backup. You need to turn system restore off in order to remove them. You can turn it ON again after cleaning the computer. Click here to read more... |
Delete Files: The places where the malicious proquota.exe could be found is
%System%\Wbem\proquota.exe %System% refers to the System folder. By default C:\Windows\System (in Windows 95/98/Me), C:\Winnt\System32 (in Windows NT/2000), or C:\Windows\System32 (in Windows XP and Vista). |
| View Hidden Files: Before you could delete proquota.exe and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders Click here to read more... |
| Boot in safe mode: Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them. Click here to read more... |
| End Process in the Task Manager: If you find proquota.exe running in the Task Manager, you can select it and press End process button after making sure that it belogs to the virus and is not a legitimate windows process, that will help you to delete it from the hard disk later. Click here to read more... |
Remove entry from Windows Startup: Look in the windows startup, by opening the system configuration utility and remove the entry ofproquota.exe if found. Click here to read more...
|
| Unable to open Task Manager: If that happens, you can try these free tools to enable the task manager again. Click here to read more... |
| Run CCleaner : If you manage to find proquota.exe and associated files and delete it, even then there will be associated entries in the windows registry. If you run a free temp files/registry cleaner called CCleaner, that will help you to automatically clean the registry from the virus entries as well as the temp folder . Click here to read more... |
Block the sites/ ports: Keep yourself protected by using a stadalone firewall software, you can see the logs of the firewall to see if there is any suspicious communication from your computer which you are not aware of. These are the sites from where this trojan could have originated. see report 193.138.173.160
onlineanalytics.cn
|
| Run system file chekcer: Windows has a built in tool called system file checker. It scans the computer to see if any of the windows system files are corrupt/missing and replaces them with a good copy. you should run this tool so that it will replace the deleted/ modified system files. Click here to read more... |
Delete the registry keys manually: If you are brave enough to do so. You can edit the registry by using the windows built in registry editor. Click here to read more... It modifies the registry keys to enable Profile Quota Manager - The following Registry Key was created:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
- The newly created Registry Value is:
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
- EnableProfileQuota = 0x00000001
Best of Luck reference with permission from Threatexpert |
