The fxsvc.exe file is infected with the Backdoor.Trojan in the following directory.
C:/winnt/fxsvc.exe
We are running a virus scan from another computer by sharing the hard drive of the infected computer. The virus software would not delete the infected file. We tried to directly delete the file from the infected computer but it would not allow it. Then we booted up in VGA mode and tried to delete the file but we still could not.
How do we remove the file?
We have exhausted our knowledge in this area. Please provide instructions for removal.
Thank You!

It would appear that this process (fxsvc.exe) is being activated at boot-up and keeps a lock open on the file so that it cannot be deleted. You need to try and stop it from starting at boot time. Look in the startup folder of the main programs menu to see if it's there. Next you need to look in the registry in these locations:-

HKCU\Software\Microsoft\Windows\CurrentVersion\Run and also
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Check for any entries there and delete any rogue ones.

You could also check to see if is loading as a 'service' This is more time consuming. Again in the registry go to:-
HKLM\System\CurrentControlSet\Services

here you will find the entries for load all services and drivers so you MUST be very careful and not delete anything by mistake. Have a look and see if you can find any entry that looks like this trojan and exprt the key and then delete it.

I would also go to www.simplysup.com/trojanremover and download the evaluation copy of TrojanRemover and run that ASAP.

I had the same problem... you can delete that fxsvc file using a command prompt and a simple DEL FXSVC.EXE

Deleting the file at the command prompt does not
work. (access denied)

using regedit on NT, I could not find anthing useful.

Doing a disk scan with Trojanremover did not turn
up any bad files (inclu fxsvc.exe)

scanning this specific file with trojan remover allows
a delete on reboot option, which did work.

----

Norton AV detected the file recently, but was unable
to do anything to it.

does anyone know what this file does?

Just open registry, search for fxsvc in the local machine section, delete 2 entries that you will find in the services sections (should be 2 of them in different places). You can't delete the ones in the legacy stuff. Cheers!

I removed this virus from Windows 2K PC's.

It was "easy" after trying all the hard stuff! And I believe you must have Admin rights ?

In Normal Windows,left double click "MY Computer", left double click "C drive" go to/open C:\WINNT,(Show all files) once there, right click the file "Fxsvc.exe", then left click "CUT", using the up folder, back up one time, so you are at Local Disk (C:),(this is called C root), right click 1x in right-hand side only in the white area do not touch any icons there. Now left click "PASTE". You have now moved "Fxsvc.exe" file from WINNT to C root. OK, now press Ctrl+Alt+Del, click "Shutdown", click "Shutdown and Restart" click OK. By pressing "F8" just after the the PC restarts with the black screen, you will get a screen called Advance Options Menu. Use keyboard arrow keys to move & highlight "Safe Mode with Command Prompt" press "Enter". Next screen asks you to select operating system Windows 2000 should already be highlighted, press "Enter", wait for it to get to (signon)(Ctrl+Alt+Del)sign in if needed, it'll take awhile. Wait some more, now a CMD.exe window will pop open, use keyboard and press keys "CD (Space)\", so you will be at C:\> root prompt. Now type Del (Space)/f (space) Fxsvc.exe. Looks like this: C:\>Del /f Fxsvc.exe, now press "Enter". Poof, magic it's gone. PS if you want to see delete commands type in like this: C:\>del(space) /?, press Enter. Now Ctrl+Alt+Del, and click Shutdown, then highlight "restart", press (OK) Enter.
Just let the PC boot up normally.(Login)
Usually there will also be "TMP" files that are infected and need to be removed, do it this way: Left click "Start Button", move mouse pointer to "Search", slide right to "For Files or Folders", left click it, Type in (star, dot, tmp), *.tmp in the little bar (Box) window Search for files or folders named. Make sure that is the little bar window that says "Look in:" that it is "Local Harddrives (C:)". Left click "Search Now" button. In the right hand white window, "Search Results", you should see all the "tmp" files. Now left click 1x the word "Edit" in the upper left hand corner of screen menu bar, just under the Blue bar that says Search Results. Left click "Select All". Now left click 1x, the word "File", just to the left of the word Edit, now left click 1x, the word "Delete", a popup "Confirm Multiple File Delete" window, asks you Are you sure you want to send these (X amount) items to the Recycle Bin? You click "Yes" or press "Enter". If you get another popup window that says "Confirm File Delete", asking you if your sure you want to move a read-only file to the Recycle Bin?, you left click 1x, "Yes to All". Ok now close search results windows "X" it. OK, almost done. Now right click 1x the "Recycle Bin" Icon, left click 1x the words, "Empty Recycle Bin ". I suggest you restart your PC, and run your virus scan program again. This worked for me, LOL results may vary, if it doesn't work you did something wrong ! PS you owe me turkeys'.