Tech Support Forum - View Single Post

Mike · 08-08-2008, 03:18 PM

Hi there,

Did you run any tools other than what I asked you to? Reason being is that one of the files I wanted is gone now.

McAfee is still installed as well - have you removed it through Add or remove programs? Or did you run the DSS scan before uninstalling it?

You have RegistryBooster 2 installed, registry cleaners are pretty dangerous and it is something I would recommend you uninstall, this is up to you though.

I would like to get a file for analysis if it is still present:

Please go to Uploadmalware to upload a suspicious file for analysis.

Enter your username from this forum
Copy and paste the link to this thread
Browse for this filename: C:\windows\system32\csrssd.exe
In the comments, please mention that I asked you to upload this file
Click on Send File

You may need to show hidden files, which you can do by following the instructions found here.

Or take a look and see if it is present at C:\Windows\csrssd.exe

If you found it, after uploading it please delete the file.

Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present):

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\RunServices: [Windows DLL Loader And Verifier] csrssd.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0179241218217010) (0179241218217010mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017924~1.EXE (file missing)

Now please close all open windows except HJT and press "Fix checked".

Then,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Once again, post back with Main.txt as well please

08-08-2008, 03:18 PM	#10 (permalink)
Mike Analyst, Security Team Join Date: Jun 2008 Posts: 71 OS: XP SP2	Re: wserv32.exe and csrssd.exe Hi there, Did you run any tools other than what I asked you to? Reason being is that one of the files I wanted is gone now. McAfee is still installed as well - have you removed it through Add or remove programs? Or did you run the DSS scan before uninstalling it? You have RegistryBooster 2 installed, registry cleaners are pretty dangerous and it is something I would recommend you uninstall, this is up to you though. I would like to get a file for analysis if it is still present: Please go to Uploadmalware to upload a suspicious file for analysis. Enter your username from this forum Copy and paste the link to this thread Browse for this filename: C:\windows\system32\csrssd.exe In the comments, please mention that I asked you to upload this file Click on Send File You may need to show hidden files, which you can do by following the instructions found here. Or take a look and see if it is present at C:\Windows\csrssd.exe If you found it, after uploading it please delete the file. Please open HijackThis again and choose "Do a system scan only". Please put a check next to each of the following entries (if still present): O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\RunServices: [Windows DLL Loader And Verifier] csrssd.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O23 - Service: McAfee Application Installer Cleanup (0179241218217010) (0179241218217010mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\017924~1.EXE (file missing) Now please close all open windows except HJT and press "Fix checked". Then, Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Once again, post back with Main.txt as well please __________________ Last edited by Mike; 08-08-2008 at 03:20 PM.