BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
My system is Virused!!!
   
BullGuard Antivirus Forum > Virus information > Alerts & New Threats > My system is Virused!!!  
Forum Quick Jump
 
You cannot post new topics in this forum. Post reply to : My system is Virused!!! Printable version of : My system is Virused!!!
[ << Previous Thread | Next Thread >> ]

abc_321
New Member


Date Joined Dec 2008
Total Posts : 1
 
   Posted 12/31/2008 8:07 PM (GMT +2)    Quote: My system is Virused!!!Alert an admin about: My system is Virused!!!
I never noticed anything before I thought of defragmenting my computer it popped me a message saying that defrag.mcs dosen't exist cannot be opened or was created by later versions of mmc or you don't have the right and permissions to open it....." After some time I logged normally into my computer but surprisingly my desktop never appeared, hence I launched the task manager by pressing Ctrl + Alt + Del and started explorer.exe manually.

I started invistigating the problem when suddenly a message titled csrss.exe popped up telling me that an error has occured and it's sorry for the inconvinience and had only a close button.....

I searched C:\ drive for csrss.exe and found the following:

csrss.exe 124kb in C:\WINDOWS\system
csrss.exe 124kb in C:\WINDOWs\oobe
csrss.exe 6kb in C:\WINDOWS\system32
csrss.exe 6kb in C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e
CSRSS.EXE-254821BE.pf in C:\WINDOWS\Prefetch


Out of which the first 2 were hidden and modified on 29/11/2008

I later installed SP3 thinking that this will solve my problem but it didn't so I uninstalled it.
However this made the explorer start normally after restart.

Moreover I later found that I cannot launch Computer Management from the Administrative Tools in Control Panel
it told me invalid {.....} so I went to properties and clicked find target in took me to C:\Documents and Settings\All Users\Start Menu instead of system32 and showed me a file named lnkinit32.exe also 124kb and hidden also modified on 29\11\2008.

Some files that I found strange and has matching parameters (124kb, hidden, and modified on 29/11/2008) are:
taskman.exe 124kb in C:\WINDOWS\system
camon.exe 124kb in C:\WINDOWS\system32
winhlp.exe 124kb in C:\WINDOWS\system32
winlog.exe 124kb in C:\WINDOWS\system32
&
autoexec.sol 1kb in C:\ which wasn't hidden


I have no idea as to what kind of virus is this as I tried to delete all the files listed above but they come again every time I restart. Hence Please Help!

Thanks in advance.....

Yours Sincerely,
Momen
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12981
 
   Posted 1/1/2009 6:35 AM (GMT +2)    Quote: My system is Virused!!!Alert an admin about: My system is Virused!!!
Hello smile
 
Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok

 
Then click Run Cleaner (bottom right) then Exit
Reboot
 
Please download Malwarebytes' Anti-Malware:
 
Or here:
 
 to your desktop.
 
Double-click mbam-setup.exe and follow the prompts to install the program.
                     
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch


Malwarebytes' Anti-Malware, then click Finish.
                     
If an update is found, it will download and install the latest version.
 
Please connect all your external hard drive/flash drive before running Malwarebyte
                     
Once the program has loaded, select Perform full scan, then click Scan.
                     
When the scan is complete, click OK, then Show Results to view the results.
 
Be sure that everything is checked, and click Remove Selected.
 
When completed, a log will open in Notepad. Please save it to a convenient location.
 
 
 
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
 
Post Malwarebytes' Anti-Malware log
 


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 
You cannot post new topics in this forum. Post reply to : My system is Virused!!! Printable version of : My system is Virused!!!
 
Forum Information
Currently it is Friday, October 31, 2014 9:51 AM (GMT +2)
There are a total of 60,719 posts in 13,338 threads.
In the last 3 days there were 4 new threads and 7 reply posts. View Active Threads
Who's Online
This forum has 36598 registered members. Please welcome our newest member, BraydenLogan14.
4 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Budget Kitchens London (0)10/31/2014 7:04:45 AM (rakpenak)
Cheap Kitchen Units In UK (0)10/31/2014 6:48:00 AM (mtkyytpw)
COMPUTER PROBLEMS (2)10/31/2014 3:00:32 AM (Deb1957)
Cheap Kitchen Units In Leeds UK (0)10/31/2014 1:45:44 AM (ceagceog8)
Bullguard dosent update to latest versions (19)10/30/2014 6:35:00 PM (LeoK)