Results 1 to 9 of 9
  1. #1
    Star Lounger
    Join Date
    Dec 2009
    Location
    Clinton, NJ
    Posts
    58
    Thanks
    0
    Thanked 0 Times in 0 Posts

    csrss.exe file problems

    Yesterday, one of my researchers picked up a virus. We were able to remove most of it with Malwarebytes and MSE, but there seems to be a residual file somewhere blocking access to the internet through Firefox and Explorer. We can get e-mails. We saw a file in the temp file called csrss.exe. That has been deleted but the registry is still looking for it as I get 2 warnings when we reboot. Running XP home sp3. I didn't notice anything glaring on the process explorer but I have to admit that I don't know what they all mean anyway. Any ideas?

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Have you tried a sytem restore to a time previous to the infection?

  3. #3
    Star Lounger
    Join Date
    Dec 2009
    Location
    Clinton, NJ
    Posts
    58
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have not tried that. If I do, will it remove e-mails received or other new files we have saved since then?

  4. #4
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Are you really sure you've cleaned the system? If so, check the following:

    Open Internet Explorer > Tools > Internet options > Connections > LAN settings and uncheck 'Use proxy server' then apply it and OK your way back out - test again.

    If that's successful, do the same with Firefox; Tools > Options > Advanced > Connections > Settings and select No proxy, OK both and test.

    Obviously, if you DO use proxy settings, find out what they are and replace the hijacked ones with the correct settings.

    Careful use of Autoruns should enable you to track down the triggers for the missing malware files to stop the boot time error messages - careful - misuse of Autoruns will kill Windows.

  5. #5
    Star Lounger
    Join Date
    Dec 2009
    Location
    Clinton, NJ
    Posts
    58
    Thanks
    0
    Thanked 0 Times in 0 Posts
    That worked!!!!
    Thanks. Any thoughts on how to remove the need for XP to continue to look for the csrss.exe files in the registry? I downloaded a cleaner (PC Health Advisor) and ran it but it didn't pick that up

  6. #6
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Use Autoruns that I linked to earlier, take your time, if you uncheck something you shouldn't, you could make more problems.

  7. #7
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts

    Lightbulb AutoRuns Forum

    Hi : IF needed, Autoruns has a Support Forum that may help !? See : http://forum.sysinternals.com/autoruns_forum16.html
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  8. #8
    Super Moderator satrow's Avatar
    Join Date
    Dec 2009
    Location
    Cardiff, UK
    Posts
    4,490
    Thanks
    284
    Thanked 577 Times in 480 Posts
    Quote Originally Posted by SpiritWind View Post
    Hi : IF needed, Autoruns has a Support Forum that may help !? See : http://forum.sysinternals.com/autoruns_forum16.html
    Agreed; also, Autoruns has a save feature, you could zip and upload the resulting file somewhere and I or someone else with Autoruns experience could check and modify the file and re-upload so it could be imported back to your Autoruns without the malware trigger points enabled. Then, you could use the Compare feature in Autoruns to set your own PC up correctly.

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    You can still do the System Restore, it will clean any vestige of the infection. System Restore does not affect any documents or email messages.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •