[access-uk] Re: Removing a Trojan
- From: "Ray's Home" <rays-home@xxxxxxxxxxxxxxxxxx>
- To: <access-uk@xxxxxxxxxxxxx>
- Date: Sat, 4 Mar 2006 09:52:24 -0000
On the other hand Roger, I should have read a bit further! Less haste called
for.
Further down the page I cited before we are told:
Note: csrss.exe is also process which is registered as a number of mass mailing
worms and trojans. These viruses are distributed via the Internet through
e-mail and comes in the form of an e-mail message, in the hopes that you open
it's hostile attachment. The worm has it's own SMTP engine which means it
gathers E-mails from your local computer and re-distributes itself. In worst
cases this worm can allow attackers to access your computer, stealing passwords
and personal data. It is a registered security risk and should be removed
immediately
Should not be disabled, required for essential applications to work properly.
To get control over your running programs we suggest WinTasks 5 Pro
Author: Microsoft Corp
Part Of: Microsoft Windows Operating System
Remove csrss.exe: Use WinTasks
So, some detailed reading required here. But maybe there is a solution
afterall.
Ray
Personal emails: Email me at
mailto:ray-48@xxxxxxxx
----- Original Message -----
From: roger.south
To: access-uk@xxxxxxxxxxxxx
Sent: Saturday, March 04, 2006 8:35 AM
Subject: [access-uk] Removing a Trojan
Hi All
A few days ago my firewall told me an application named csrrs.exe was asking
to access the internet. I have not heard of this before so did a search on
Google to find it's a well known trojan worm. I permanently denied access and
set about removing it. I can't seem to find a removal tool on the web. I then
did searches only to come up with blanks. AVG Pro, Panda, Spybot, AdAware,
CClean, Registry Mechanic and Housecall all fail to find it. A search on my XP
Home also proves negative. But I had call to go to msconfig to check what was
running at start-up and there it is large as life and twice as natural. The
location was given as:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I guess this to be a registry location so went to regedit and did a Find. It
seems to be everywhere in there. I could remove it manually but the registry
makes me very nervous and weak at the knees so I'm looking for any knowledge
you guys may have as to if I'm doing the right thing here, please.
Many thanks
Roger
Other related posts: