Tech Support Forum banner
Status
Not open for further replies.
1 - 5 of 5 Posts

·
Registered
Joined
·
36 Posts
Discussion Starter · #1 ·
I have been getting Trojan warning for over a week everytime I run NOD on-demand scan, and I delete the trojan file everytime (they are in the system32 folder), but they keep coming back.

Finally tonight when I turned on the computer NOD pop up saying that an HQS trojan was created by the cssrss process in windows/system32/

I looked through there and saw csrss and cssrss processes, and I believe csrss is a legitimate MS process.

My question is : can I go in and delete cssrss ? Is it a legitimate MS process infected?
 

·
T-Shirt Winner
Joined
·
4,773 Posts

·
TSF Security Manager, Emeritus
Joined
·
52,196 Posts
csrss.exe in system32 and system32\dllcache is a legit process. It should be 6,144 bytes on most XP machines.

cssrss.exe is not legit, as grumpygit has pointed out.

There's quite possibly something else on the system alongside...but in addition to deleting the file, you need to remove the loading point(s).

If you require assistance, follow the instructs in the link grumpygit has already provided.
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #4 ·
First of all thank you for your replies.
I've been trying to do as instructed and scan with Panda ActiveScan but
IE and Firefox keep getting aborted when I'm about 30% complete (going from C to D drive)
and when the browser process was aborted then all data is lost.

So far after C drive scan I get about 7 infected files (mostly from RP3x files) but not getting scan complete is really frustrating. Is it because I don't have enough RAM (I have 512 MB)?

How do I remedy this situation and at least get scan completion?
 

·
Registered
Joined
·
36 Posts
Discussion Starter · #5 ·
Finally got Active Scan to run to completion.
I also use the Disinfect function to disinfect several trojan downloader in RP32... etc.
I am doing the DSS scan now and will post all logs in the Hijack this forum.

Thanks again.
 
1 - 5 of 5 Posts
Status
Not open for further replies.
Top