Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [SOLVED] csrss.exe- Is it fake? Is it a virus?
New Posts  All Forums:Forum Nav:

[SOLVED] csrss.exe- Is it fake? Is it a virus? - Page 4

post #31 of 38
Thread Starter 
Quote:
Quote:
Originally Posted by Spooony View Post
Run OTL
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
Manually delete any remaining logs or tools.
I downloaded OTL from the link you gave but it is named otl.h, not otl.exe.
I tried renaming it to otl.exe but nothing happened...


Quote:
Quote:
Originally Posted by Spooony View Post
Go to start -> run and enter the following with your XP disk in the tray
sfc.exe /purgecache
sfc.exe /scannow
Is this required? I don't have a copy of my XP disk since my computer is second-hand.

Can I just skip these two steps?


ALSO
*Do I use Defogger again and re-enable??*
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
post #32 of 38
Quote:
Originally Posted by Varrkarus View Post
I downloaded OTL from the link you gave but it is named otl.h, not otl.exe.
I tried renaming it to otl.exe but nothing happened...




Is this required? I don't have a copy of my XP disk since my computer is second-hand.

Can I just skip these two steps?


ALSO
*Do I use Defogger again and re-enable??*
OTL
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
www.itxassociates.com/OT-Tools/OTL.com
www.itxassociates.com/OT-Tools/OTL.scr

Yes you can. Just update your av and do a full scan. How is the the system. Is it running ok now?
Edited by Spooony - 5/23/11 at 11:45am
post #33 of 38
hitman pro trial boot scan, thats really accurate for stuff like that, takes awhile though
The Soldier
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 evga x58 3 way-sli dual lan evga gtx 280 + 9500 physx/perma fold corsair dominator 6 gig tri channel 1600 
Hard DriveOptical DriveOSMonitor
ocz agility g.1 60, 1tb 7200 WDB, 2tb 5900RPM Sea lite-on bluray combo windows 7, ultimate 64bit philips 230E 
KeyboardPowerCaseMouse
G19 logitech corsair TX 750 watts cooler master haf 932 mx revoulution logitech + R.A.T. 7 
Mouse Pad
goliathus 
  hide details  
Reply
The Soldier
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 evga x58 3 way-sli dual lan evga gtx 280 + 9500 physx/perma fold corsair dominator 6 gig tri channel 1600 
Hard DriveOptical DriveOSMonitor
ocz agility g.1 60, 1tb 7200 WDB, 2tb 5900RPM Sea lite-on bluray combo windows 7, ultimate 64bit philips 230E 
KeyboardPowerCaseMouse
G19 logitech corsair TX 750 watts cooler master haf 932 mx revoulution logitech + R.A.T. 7 
Mouse Pad
goliathus 
  hide details  
Reply
post #34 of 38
How is it a virus? All of Windows have crss.exe unless you looking at a different name? Please specify.
post #35 of 38
Quote:
Originally Posted by 78@pwnt4lif3 View Post
How is it a virus? All of Windows have crss.exe unless you looking at a different name? Please specify.
You are correct. But it needs to run from a system folder. Any folder else its malware. His is running from everywhere except his system folder

HKLM\\..\\Run: [MSWUpdate]"C:\\Documents and Settings\\Administrator\\Application Data\\csrss.exe
Edited by Spooony - 5/23/11 at 11:43am
post #36 of 38
Thread Starter 
Quote:
Originally Posted by Spooony View Post
Yes you can. Just update your av and do a full scan. How is the the system. Is it running ok now?
Yeah, the system seems to be virus-free and running fine
I'll give you a lot of REP+ for all your time and effort.
Thanks!
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
post #37 of 38
Thread Starter 
And Thank You to everyone else who helped as well
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[Intel] i5 2500K - 4.5GHz @ 1.27v [Asus] P8P67-Pro [Asus] GTX580 DirectCU II 900/1800/2100 @ 1.088v [G.Skill] Ripjaws-X 8GB 1600 CL8 
Hard DriveHard DriveOptical DriveCooling
[Crucial] M4 64GB SSD [Samsung] Spinpoint F3 1TB [Pioneer] DVR-219L [Noctua] NH-D14 
OSMonitorMonitorKeyboard
[Windows] 7 Ultimate 64-bit [Dell] U2711 27" [Dell] 1907FP 19" [Microsoft] Digital Media Keyboard 
PowerCaseMouseMouse Pad
[Corsair] HX-750 [NZXT] Phantom - White [Acer] Generic Mouse Wooden Desk 
AudioAudioAudio
[Soloman] 2.1 Set [Audio-Technica] ATH-M50 [Zalman] ZM-MIC1 
  hide details  
Reply
post #38 of 38
Quote:
Originally Posted by Varrkarus View Post
And Thank You to everyone else who helped as well
you picked it up from a infected email. Remember to uninstall your old java in install the updates when available. update you Adobe flash and run your browser in sandboxie for extra protection. If they get thru exploits you still got it in a jar so to speak. they get through java and Adobe exploits these days. Glad you sorted it out remember to update Combofix once a week because it expires after a time and keep them safe somewhere in case of emergency.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [SOLVED] csrss.exe- Is it fake? Is it a virus?