[access-uk] Re: Removing a Trojan
- From: "George Bell" <george@xxxxxxxxxxxxxxxxxxx>
- To: <access-uk@xxxxxxxxxxxxx>
- Date: Sat, 4 Mar 2006 11:10:55 -0000
Hi Roger,
You are wise to be nervous about hacking the Registry.
Norton have a Removal Tool at:-
http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.a
o.html Note that csrrs.exe is mentioned in the "technical
details" section.
McAfee also mention it at
http://vil.nai.com/vil/content/print100785.htm
I also found it mentioned by Trend and Sopos.
George.
________________________________
From: access-uk@xxxxxxxxxxxxx
[mailto:access-uk@xxxxxxxxxxxxx] On Behalf Of roger.south
Sent: 04 March 2006 08:36
To: access-uk@xxxxxxxxxxxxx
Subject: [access-uk] Removing a Trojan
Hi All
A few days ago my firewall told me an application named
csrrs.exe was asking to access the internet. I have not
heard of this before so did a search on Google to find it's
a well known trojan worm. I permanently denied access and
set about removing it. I can't seem to find a removal tool
on the web. I then did searches only to come up with blanks.
AVG Pro, Panda, Spybot, AdAware, CClean, Registry Mechanic
and Housecall all fail to find it. A search on my XP Home
also proves negative. But I had call to go to msconfig to
check what was running at start-up and there it is large as
life and twice as natural. The location was given as:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
I guess this to be a registry location so went to regedit
and did a Find. It seems to be everywhere in there. I could
remove it manually but the registry makes me very nervous
and weak at the knees so I'm looking for any knowledge you
guys may have as to if I'm doing the right thing here,
please.
Many thanks
Roger
Other related posts: