I think I have a virus.. or something?
12-12-2008, 02:55 PM
#1
Senior Member
Thread Starter
iTrader: (10)
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,274
Total Cats: 0
I think I have a virus.. or something?
My internet started acting really weird last night. Random pages would not load, but others would load perfectly fine, and I knew that they were all available.
Today, whenever I search from my Google search bar, I get this weird pop up. Doesn't come up on any other pages, and doesn't come up if I go to Google and search from there.
Any ideas?
I know someone else posted recently asking about what programs to use to get rid of spy ware/viruses, but any recommendations? Key word - free.
Today, whenever I search from my Google search bar, I get this weird pop up. Doesn't come up on any other pages, and doesn't come up if I go to Google and search from there.
Any ideas?
I know someone else posted recently asking about what programs to use to get rid of spy ware/viruses, but any recommendations? Key word - free.
Reply
0
0
12-12-2008, 03:03 PM
#3
no problems here.
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
__________________
Best Car Insurance | Auto Protection Today | FREE Trade-In Quote
Reply
0
0
12-12-2008, 04:03 PM
#6
Senior Member
Thread Starter
iTrader: (10)
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,274
Total Cats: 0
I think I've tracked it down to csrss.exe, but it wouldn't delete.
Now whenever I search for it on yahoo/google, my search browser gets blocked. Sounds like that antivirus 2009 that someone else had.
WEAK!
Now whenever I search for it on yahoo/google, my search browser gets blocked. Sounds like that antivirus 2009 that someone else had.
WEAK!
Reply
0
0
12-12-2008, 04:24 PM
#8
Senior Member
Thread Starter
iTrader: (10)
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,274
Total Cats: 0
Ok I am officially lost.
All but one of these were deleted
Looked after reboot, and csrss.exe is still running. I'm assuming that means its still on my computer. My net problems are still here.
I saw this in the thread about antivirus 2009:
Does that apply to me? Do I really need to be in safe mode to get rid of these?
All but one of these were deleted
Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 5.1.2600 Service Pack 2
12/12/2008 2:56:06 PM
mbam-log-2008-12-12 (14-56-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 84688
Time elapsed: 49 minute(s), 20 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csrss (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mike\Local Settings\Temp\csrss7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\jlw2rty7.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\e1ch3i5r.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Delete on reboot.
Database version: 1494
Windows 5.1.2600 Service Pack 2
12/12/2008 2:56:06 PM
mbam-log-2008-12-12 (14-56-06).txt
Scan type: Full Scan (C:\|)
Objects scanned: 84688
Time elapsed: 49 minute(s), 20 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\csrss (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\csrss7.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Mike\Local Settings\Temp\csrss7.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\jlw2rty7.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\e1ch3i5r.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\csrss.exe (Trojan.Agent) -> Delete on reboot.
I saw this in the thread about antivirus 2009:
Easy as cake to remove.
Go to bleepingcomputer.com and download Combofix.exe. Run it, dont worry about recovery console, just run it. I cleaned 5 computers with it so far without a hitch.
Download MalwareBytes, run that after.
Download Spybot Search and Destroy, immunize your computer and run the scan.
DO ALL THIS IN SAFE MODE.
Install Avast Antivirus.
Done.
Go to bleepingcomputer.com and download Combofix.exe. Run it, dont worry about recovery console, just run it. I cleaned 5 computers with it so far without a hitch.
Download MalwareBytes, run that after.
Download Spybot Search and Destroy, immunize your computer and run the scan.
DO ALL THIS IN SAFE MODE.
Install Avast Antivirus.
Done.
Reply
0
0
12-12-2008, 04:33 PM
#10
Reply
0
0
12-12-2008, 04:42 PM
#12
In Soviet Russia, bear-**** f***s you.
If this is a recent change, you can do a System Restore to a earlier date. You will lose information saved between then and now, however, the bug will be gone too. Then get something like AVGFree or SpyBot Search and Destroy on your PC.
If this is a recent change, you can do a System Restore to a earlier date. You will lose information saved between then and now, however, the bug will be gone too. Then get something like AVGFree or SpyBot Search and Destroy on your PC.
Reply
0
0
12-13-2008, 10:20 PM
#17
Senior Member
Join Date: Oct 2004
Location: SWAMPS OF FLORIDA !!!
Posts: 1,161
Total Cats: 0
CSRSS7.DLL removal instructions:
1. Temporarily Disable System Restore, Reboot computer in SafeMode.
2. Locate CSRSS7.DLL virus files and uninstall CSRSS7.DLL files program. Follow the screen step-by-step screen instructions to complete uninstallation of CSRSS7.DLL.
3. Delete/Modify any values added to the registry related with CSRSS7.DLL, Exit registry editor and restart the computer.
4.Clean/delete all CSRSS7.DLLinfected file(s):CSRSS7.DLL and related, or rename CSRSS7.DLL virus files.
5.Delete all your IE temp files with CSRSS7.DLL manually, run a whole scan with antivirus program.
I cannot verify that this will work, but it is worth a try.
Alexa virus = POPUPTRAF.RU
1. Temporarily Disable System Restore, Reboot computer in SafeMode.
2. Locate CSRSS7.DLL virus files and uninstall CSRSS7.DLL files program. Follow the screen step-by-step screen instructions to complete uninstallation of CSRSS7.DLL.
3. Delete/Modify any values added to the registry related with CSRSS7.DLL, Exit registry editor and restart the computer.
4.Clean/delete all CSRSS7.DLLinfected file(s):CSRSS7.DLL and related, or rename CSRSS7.DLL virus files.
5.Delete all your IE temp files with CSRSS7.DLL manually, run a whole scan with antivirus program.
I cannot verify that this will work, but it is worth a try.
Alexa virus = POPUPTRAF.RU
Reply
0
0
12-13-2008, 11:40 PM
#18
Senior Member
Thread Starter
iTrader: (10)
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,274
Total Cats: 0
Thanks for the info, i'll give it one more try before I bitch out and re-format lol.
Its good to know the name of the virus at least. Crazy Russians!!
Its good to know the name of the virus at least. Crazy Russians!!
Reply
0
0
12-16-2008, 02:35 AM
#20
Senior Member
Thread Starter
iTrader: (10)
Join Date: Feb 2007
Location: South Eastern Wisconsin
Posts: 1,274
Total Cats: 0
I haven't played with Linux since Middle school, tried a bunch of different forms of Linux OS but never got it set up 100%, ended up going back to Winblows. Is there still a lot of down falls for running Linux, as in product support/drivers for hardware? What about just browsing the internet, you tube/applications and what not.
Reply
0
0
