Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [SOLVED] csrss.exe- Is it fake? Is it a virus?
New Posts  All Forums:Forum Nav:

[SOLVED] csrss.exe- Is it fake? Is it a virus?

post #1 of 38
Thread Starter 
I found csrss.exe in System32, where it should be.
but I ran a HijackThis Scan and it says the csrss.exe process is running from
C:\\Documents and Settings\\Administrator\\Application Data\\csrss.exe
Is this normal?
When I open \\Application Data\\ I cannot see csrss.exe anywhere

Here is my HijackThis Log:
Quote:
Logfile of HijackThis v1.99.1
Scan saved at 8:38:11 PM, on 5/19/2011
Platform: Windows XP SP3, v.5857 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21115)

Running processes:
C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\Explorer.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Unlocker\\UnlockerAssistant.exe
C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe
C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
C:\\WINDOWS\\system32\\hkcmd.exe
C:\\Program Files\\Radica\\Stylin' Studio\\SS_MW.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\TortoiseSVN\\bin\\TSVNCache.exe
C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe
C:\\Program Files\\Real\\RealPlayer\\update\
ealsched.exe
C:\\Program Files\\RocketDock\\RocketDock.exe
C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe
C:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Program Files\\Western Digital\\WD SmartWare\\WD Drive Manager\\WDDMStatus.exe
C:\\Program Files\\Western Digital\\WD SmartWare\\Front Parlor\\WDSmartWare.exe
C:\\Program Files\\Adobe\\Photoshop Elements 7.0\\PhotoshopElementsFileAgent.exe
C:\\xampp\\apache\\bin\\httpd.exe
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
C:\\Program Files\\Java\\jre6\\bin\\jqs.exe
c:\\xampp\\mysql\\bin\\mysqld.exe
C:\\Program Files\\Styler\\Styler.exe
c:\\Program Files\\Common Files\\Protexis\\License Service\\PsiService_2.exe
C:\\Program Files\\Alcohol Soft\\Alcohol 52\\StarWind\\StarWindServiceAE.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe
C:\\Program Files\\Western Digital\\WD SmartWare\\WD Drive Manager\\WDDMService.exe
C:\\Program Files\\Western Digital\\WD SmartWare\\Front Parlor\\WDSmartWareBackgroundService.exe
C:\\xampp\\apache\\bin\\httpd.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\system32\\wscntfy.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Program Files\\Windows Sidebar\\sidebar.exe
C:\\Documents and Settings\\Administrator\\Application Data\\csrss.exe
C:\\Documents and Settings\\Administrator\\Application Data\\csrss.exe
C:\\Documents and Settings\\Administrator\\Application Data\\csrss.exe

C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe
C:\\Program Files\\Windows Live\\Contacts\\wlcomm.exe
C:\\Program Files\\Mozilla Firefox\\firefox.exe
C:\\Program Files\\Mozilla Firefox\\plugin-container.exe
C:\\Program Files\\Hunt Virus Utilities\\HijackThis.exe

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =
F2 - REG:system.ini: Shell=Explorer.exe "C:\\Documents and Settings\\Administrator\\Application Data\\csrss.exe"
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 7.0\\ActiveX\\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\Documents and Settings\\All Users\\Application Data\\Real\\RealPlayer\\BrowserRecordPlugin\\IE\
pbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\\Program Files\\Common Files\\Microsoft Shared\\Windows Live\\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre7\\bin\\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugi n.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\\Program Files\\Styler\\TB\\StylerTB.dll
O4 - HKLM\\..\\Run: [UnlockerAssistant] "C:\\Program Files\\Unlocker\\UnlockerAssistant.exe"
O4 - HKLM\\..\\Run: [GrooveMonitor] "C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"
O4 - HKLM\\..\\Run: [egui] "C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe" /hide /waitservice
O4 - HKLM\\..\\Run: [SoundMAXPnP] C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe
O4 - HKLM\\..\\Run: [HotKeysCmds] C:\\WINDOWS\\system32\\hkcmd.exe
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe
O4 - HKLM\\..\\Run: [SS_MW] C:\\Program Files\\Radica\\Stylin' Studio\\SS_MW.exe
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
O4 - HKLM\\..\\Run: [iTunesHelper] "C:\\Program Files\\iTunes\\iTunesHelper.exe"
O4 - HKLM\\..\\Run: [KernelFaultCheck] %systemroot%\\system32\\dumprep 0 -k
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] "C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"
O4 - HKLM\\..\\Run: [TkBellExe] "C:\\Program Files\\Real\\RealPlayer\\update\
ealsched.exe" -osboot
O4 - HKLM\\..\\Run: [MSWUpdate] "C:\\Documents and Settings\\Administrator\\Application Data\\csrss.exe"
O4 - HKLM\\..\\Run: [Kernel Driver] C:\\Documents and Settings\\Administrator\\Application Data\\services.exe
O4 - HKCU\\..\\Run: [RocketDock] "C:\\Program Files\\RocketDock\\RocketDock.exe"
O4 - HKCU\\..\\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"
O4 - HKCU\\..\\Run: [Pando Media Booster] C:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe
O4 - HKCU\\..\\Run: [AlcoholAutomount] "C:\\Program Files\\Alcohol Soft\\Alcohol 52\\AxAutoMntSrv.exe" -automount
O4 - HKCU\\..\\Run: [Google Update] "C:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe" /c
O4 - HKCU\\..\\Run: [MSWUpdate] "C:\\Documents and Settings\\Administrator\\Application Data\\csrss.exe"
O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun
O4 - HKCU\\..\\Run: [Kernel Driver] C:\\Documents and Settings\\Administrator\\Application Data\\services.exe
O4 - Startup: Styler.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\\Program Files\\Western Digital\\WD SmartWare\\WD Drive Manager\\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\\Program Files\\Western Digital\\WD SmartWare\\Front Parlor\\WDSmartWare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~2\\Office12\\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~1\\MICROS~2\\Office12\\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~2\\Office12\\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\\program files\\bonjour\\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} (ZemiDetectHardware Control) - http://global.4story.com/Active_X/Ze...ctHardware.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files\\Microsoft Office\\Office12\\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\WI1F86~1\\MESSEN~1\\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\\Program Files\\Common Files\\Microsoft Shared\\Help\\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\\PROGRA~1\\WI1F86~1\\MESSEN~1\\MSGRAP~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\\Program Files\\Skype\\Toolbars\\Internet Explorer\\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\\PROGRA~1\\COMMON~1\\Skype\\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\\Program Files\\Windows Live\\Mail\\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\\PROGRA~1\\COMMON~1\\MICROS~1\\OFFICE12\\MSOXML MF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\\System32\\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\\WINDOWS\\SYSTEM32\\igfxdev.dll
O20 - Winlogon Notify: WBSrv - C:\\Program Files\\Stardock\\Object Desktop\\WindowBlinds\\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\\system32\\wpdshserviceobj.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\\Program Files\\Adobe\\Photoshop Elements 7.0\\PhotoshopElementsFileAgent.exe
O23 - Service: Apache2.2 - Unknown owner - C:\\xampp\\apache\\bin\\httpd.exe" -k runservice (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\\Program Files\\Bonjour\\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\\xampp\\FileZillaFTP\\FileZillaServer.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\\Program Files\\Common Files\\Macrovision Shared\\FLEXnet Publisher\\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\\Program Files\\Google\\Update\\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\\Program Files\\Java\\jre6\\bin\\jqs.exe" -service -config "C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\jqs.conf (file missing)
O23 - Service: mysql - Unknown owner - c:\\xampp\\mysql\\bin\\mysqld.exe
O23 - Service: NBService - Nero AG - C:\\Program Files\\Nero\\Nero 7\\Nero BackItUp\\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\\WINDOWS\\system32\\GameMon.des.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\\Program Files\\Common Files\\Protexis\\License Service\\PsiService_2.exe
O23 - Service: ServiceLayer - Nokia. - C:\\Program Files\\PC Connectivity Solution\\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\\Program Files\\Alcohol Soft\\Alcohol 52\\StarWind\\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\\Program Files\\Common Files\\Ulead Systems\\DVD\\ULCDRSvr.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\\Program Files\\Western Digital\\WD SmartWare\\WD Drive Manager\\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\\Program Files\\Western Digital\\WD SmartWare\\Front Parlor\\WDSmartWareBackgroundService.exe
There are some other things running from this directory too.
I'm confused since I thought these processes would be running from System32. Can someone who's experienced please help me understand this?
Edited by Varrkarus - 5/24/11 at 5:51am
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
post #2 of 38
I know that the fake antivirus going around uses that filename, honestly dont know enough about it to be able to tell from your hijack this data but I know I have fought that file name on quite a few occasions
Codex Gigas
(22 items)
 
  
CPUMotherboardGraphicsGraphics
I7 930 Asus P6 X58D xfx 5870 MSI 5870 Lightning 
RAMHard DriveHard DriveHard Drive
Corsair Xms3 8gb WD Caviar blue Western Digital RE3 Western Digital RE 
CoolingOSMonitorMonitor
5 120mm Cooler master R4 Blade Master Windows 7 ultimate 64bit Viewsonic VX2233WM Viewsonic VX2239WM 
MonitorKeyboardPowerCase
Viewsonic VX2239WM Razer Lycosa Mirror 650w Antec Truepower New Antec 900 
MouseMouse PadAudioAudio
Logitech Mx620 Laser Desk Logitech x-530 Creative Xfi Titanium HD 
OtherOther
Logitech G-27 Saitek x-52 
  hide details  
Reply
Codex Gigas
(22 items)
 
  
CPUMotherboardGraphicsGraphics
I7 930 Asus P6 X58D xfx 5870 MSI 5870 Lightning 
RAMHard DriveHard DriveHard Drive
Corsair Xms3 8gb WD Caviar blue Western Digital RE3 Western Digital RE 
CoolingOSMonitorMonitor
5 120mm Cooler master R4 Blade Master Windows 7 ultimate 64bit Viewsonic VX2233WM Viewsonic VX2239WM 
MonitorKeyboardPowerCase
Viewsonic VX2239WM Razer Lycosa Mirror 650w Antec Truepower New Antec 900 
MouseMouse PadAudioAudio
Logitech Mx620 Laser Desk Logitech x-530 Creative Xfi Titanium HD 
OtherOther
Logitech G-27 Saitek x-52 
  hide details  
Reply
post #3 of 38
Thread Starter 
So I plugged in my USB to tranfer some work I was doing and BAM!
My antivirus, ESET NOD32, comes up with an alert saying a virus was created on my USB.

Here is a screenshot:


There's definitely something going on with csrss.exe but I don't know how to fix it :\\
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
post #4 of 38
I just ran a HijackThis and there is indeed not even a csrss.exe entry in it. Do a full scan using the AV and if it doesn't pick it up use HijackThis to kill the O4 csrss.exe entry because there shouldn't be one. At least, I don't have one so I don't think it should be there.
Tiny Fun
(8 items)
 
4P Folding Rig 1
(16 items)
 
4P Folding Rig 2
(11 items)
 
CPUMotherboardGraphicsRAM
i7-4770K @ 4.0GHz MSI Z87I EVGA GTX 660 Ti Corsair Vengeance 16GB 
Hard DriveCoolingOSCase
Samsung 840 Pro 256GB Swiftech Apogee Drive II Windows 8 Enterprise x64 Cooler Master Elite 120 Advanced 
CPUCPUCPUCPU
AMD Opteron 6274 ES 2.2GHz 16-Core AMD Opteron 6274 ES 2.2GHz 16-Core AMD Opteron 6274 ES 2.2GHz 16-Core AMD Opteron 6274 ES 2.2GHz 16-Core 
MotherboardGraphicsRAMHard Drive
SuperMicro H8QGi+-F Matrox G200eW 16x2 (32GB) Crucial Ballistix DDR3 1600MHz Crucial C300 64GB 
OSPowerCase
Linux Mint 15 Cinnamon 64-bit Enermax Galaxy Evo 1250W Spotswood Tech Tray 
CPUCPUCPUCPU
AMD Opteron 6176 SE 12-Core 2.3GHz AMD Opteron 6176 SE 12-Core 2.3GHz AMD Opteron 6176 SE 12-Core 2.3GHz AMD Opteron 6176 SE 12-Core 2.3GHz 
MotherboardGraphicsRAMHard Drive
Supermicro H8QGL-IF+ Matrox G200eW Kingston Server 16x1GB DDR3 Corsair Nova 32GB 
OSPower
Linux Mint 15 Cinnamon 64-bit Cooler Master Silent Pro 1000W 
  hide details  
Reply
Tiny Fun
(8 items)
 
4P Folding Rig 1
(16 items)
 
4P Folding Rig 2
(11 items)
 
CPUMotherboardGraphicsRAM
i7-4770K @ 4.0GHz MSI Z87I EVGA GTX 660 Ti Corsair Vengeance 16GB 
Hard DriveCoolingOSCase
Samsung 840 Pro 256GB Swiftech Apogee Drive II Windows 8 Enterprise x64 Cooler Master Elite 120 Advanced 
CPUCPUCPUCPU
AMD Opteron 6274 ES 2.2GHz 16-Core AMD Opteron 6274 ES 2.2GHz 16-Core AMD Opteron 6274 ES 2.2GHz 16-Core AMD Opteron 6274 ES 2.2GHz 16-Core 
MotherboardGraphicsRAMHard Drive
SuperMicro H8QGi+-F Matrox G200eW 16x2 (32GB) Crucial Ballistix DDR3 1600MHz Crucial C300 64GB 
OSPowerCase
Linux Mint 15 Cinnamon 64-bit Enermax Galaxy Evo 1250W Spotswood Tech Tray 
CPUCPUCPUCPU
AMD Opteron 6176 SE 12-Core 2.3GHz AMD Opteron 6176 SE 12-Core 2.3GHz AMD Opteron 6176 SE 12-Core 2.3GHz AMD Opteron 6176 SE 12-Core 2.3GHz 
MotherboardGraphicsRAMHard Drive
Supermicro H8QGL-IF+ Matrox G200eW Kingston Server 16x1GB DDR3 Corsair Nova 32GB 
OSPower
Linux Mint 15 Cinnamon 64-bit Cooler Master Silent Pro 1000W 
  hide details  
Reply
post #5 of 38
Thread Starter 
I've scanned the computer already and the anti-virus didn't detect anything >.<
I could kill off the process but I'm scared because it is normally part of the system. :\\
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
post #6 of 38
Well you can at least feel somewhat lucky, the particular piece of malicious software i am talking about locks you out of everything, lucky you can even access your anti-virus, so if it is a version of that virus. Its not as potent as some strains that are out there
Codex Gigas
(22 items)
 
  
CPUMotherboardGraphicsGraphics
I7 930 Asus P6 X58D xfx 5870 MSI 5870 Lightning 
RAMHard DriveHard DriveHard Drive
Corsair Xms3 8gb WD Caviar blue Western Digital RE3 Western Digital RE 
CoolingOSMonitorMonitor
5 120mm Cooler master R4 Blade Master Windows 7 ultimate 64bit Viewsonic VX2233WM Viewsonic VX2239WM 
MonitorKeyboardPowerCase
Viewsonic VX2239WM Razer Lycosa Mirror 650w Antec Truepower New Antec 900 
MouseMouse PadAudioAudio
Logitech Mx620 Laser Desk Logitech x-530 Creative Xfi Titanium HD 
OtherOther
Logitech G-27 Saitek x-52 
  hide details  
Reply
Codex Gigas
(22 items)
 
  
CPUMotherboardGraphicsGraphics
I7 930 Asus P6 X58D xfx 5870 MSI 5870 Lightning 
RAMHard DriveHard DriveHard Drive
Corsair Xms3 8gb WD Caviar blue Western Digital RE3 Western Digital RE 
CoolingOSMonitorMonitor
5 120mm Cooler master R4 Blade Master Windows 7 ultimate 64bit Viewsonic VX2233WM Viewsonic VX2239WM 
MonitorKeyboardPowerCase
Viewsonic VX2239WM Razer Lycosa Mirror 650w Antec Truepower New Antec 900 
MouseMouse PadAudioAudio
Logitech Mx620 Laser Desk Logitech x-530 Creative Xfi Titanium HD 
OtherOther
Logitech G-27 Saitek x-52 
  hide details  
Reply
post #7 of 38
post #8 of 38
Thread Starter 
Quote:
Originally Posted by Kand View Post
So you're saying run ComboFix?
Will my computer keep all of my files, settings, data, etc. after running it?
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
post #9 of 38
Thread Starter 
I don't know if this is from the virus or not, but my World of Warcraft account got banned as well. The email address I used to create my World of Warcraft account also got a warning message and I had to verify my identity. Stupid thing :\\
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
post #10 of 38
Quote:
Originally Posted by Varrkarus View Post
So you're saying run ComboFix?
Will my computer keep all of my files, settings, data, etc. after running it?
Yes I am. It wont mess with any of your files. It's not a format operation, just a very robust and thorough scan.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [SOLVED] csrss.exe- Is it fake? Is it a virus?