Hi Roger, You are wise to be nervous about hacking the Registry. Norton have a Removal Tool at:- http://www.symantec.com/avcenter/venc/data/w32.hllw.gaobot.a o.html Note that csrrs.exe is mentioned in the "technical details" section. McAfee also mention it at http://vil.nai.com/vil/content/print100785.htm I also found it mentioned by Trend and Sopos. George. ________________________________ From: access-uk@xxxxxxxxxxxxx [mailto:access-uk@xxxxxxxxxxxxx] On Behalf Of roger.south Sent: 04 March 2006 08:36 To: access-uk@xxxxxxxxxxxxx Subject: [access-uk] Removing a Trojan Hi All A few days ago my firewall told me an application named csrrs.exe was asking to access the internet. I have not heard of this before so did a search on Google to find it's a well known trojan worm. I permanently denied access and set about removing it. I can't seem to find a removal tool on the web. I then did searches only to come up with blanks. AVG Pro, Panda, Spybot, AdAware, CClean, Registry Mechanic and Housecall all fail to find it. A search on my XP Home also proves negative. But I had call to go to msconfig to check what was running at start-up and there it is large as life and twice as natural. The location was given as: SOFTWARE\Microsoft\Windows\CurrentVersion\Run I guess this to be a registry location so went to regedit and did a Find. It seems to be everywhere in there. I could remove it manually but the registry makes me very nervous and weak at the knees so I'm looking for any knowledge you guys may have as to if I'm doing the right thing here, please. Many thanks Roger