My system is Virused!!!

Posted 12/31/2008 6:07 PM
#70549
User avatar

abc_321 Member

Date Joined Nov 2016
Total Posts: 1
I never noticed anything before I thought of defragmenting my computer it popped me a message saying that defrag.mcs dosen't exist cannot be opened or was created by later versions of mmc or you don't have the right and permissions to open it....." After some time I logged normally into my computer but surprisingly my desktop never appeared, hence I launched the task manager by pressing Ctrl + Alt + Del and started explorer.exe manually.

I started invistigating the problem when suddenly a message titled csrss.exe popped up telling me that an error has occured and it's sorry for the inconvinience and had only a close button.....

I searched C:\ drive for csrss.exe and found the following:

csrss.exe 124kb in C:\WINDOWS\system
csrss.exe 124kb in C:\WINDOWs\oobe
csrss.exe 6kb in C:\WINDOWS\system32
csrss.exe 6kb in C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e
CSRSS.EXE-254821BE.pf in C:\WINDOWS\Prefetch


Out of which the first 2 were hidden and modified on 29/11/2008

I later installed SP3 thinking that this will solve my problem but it didn't so I uninstalled it.
However this made the explorer start normally after restart.

Moreover I later found that I cannot launch Computer Management from the Administrative Tools in Control Panel
it told me invalid {.....} so I went to properties and clicked find target in took me to C:\Documents and Settings\All Users\Start Menu instead of system32 and showed me a file named lnkinit32.exe also 124kb and hidden also modified on 29\11\2008.

Some files that I found strange and has matching parameters (124kb, hidden, and modified on 29/11/2008) are:
taskman.exe 124kb in C:\WINDOWS\system
camon.exe 124kb in C:\WINDOWS\system32
winhlp.exe 124kb in C:\WINDOWS\system32
winlog.exe 124kb in C:\WINDOWS\system32
&
autoexec.sol 1kb in C:\ which wasn't hidden


I have no idea as to what kind of virus is this as I tried to delete all the files listed above but they come again every time I restart. Hence Please Help!

Thanks in advance.....

Yours Sincerely,
Momen
Posted 1/1/2009 4:35 AM
#70569
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hello :smile:



Download: CCleaner
[color=#0000ff>http://www.majorgeeks.com/download4191.html[/url]
[color=#0000ff>http://www.ccleaner.com/[/url]

Once installed, run CCleaner click the Windows tab

Select the following:
Internet Explorer:
Temp Internet
History
Recently Typed URLs
Delete Index.dat files

System:
Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data


Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok


Then click Run Cleaner (bottom right) then Exit

Reboot



Please download Malwarebytes' Anti-Malware:

http://www.spywarefri.dk/downloads1/mbam-setup.exe[/color]



Or here:

http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968



to your desktop.



Double-click mbam-setup.exe and follow the prompts to install the program.



At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch




Malwarebytes' Anti-Malware, then click Finish.



If an update is found, it will download and install the latest version.



Please connect all your external hard drive/flash drive before running Malwarebyte



Once the program has loaded, select Perform full scan, then click Scan.



When the scan is complete, click OK, then Show Results to view the results.



Be sure that everything is checked, and click Remove Selected.



When completed, a log will open in Notepad. Please save it to a convenient location.







NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.



Post Malwarebytes' Anti-Malware log

[/3][/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, December 7, 2016, 9:24 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,967 registered members. Please welcome our newest member, ConcepcionJAbbate.
There are currently no users on-line.