It's surprisingly easy to hide malware in torrent software.
You would be a lot better off paying for the software next time.
You would be a lot better off paying for the software next time.
Windows cannot find 'C:WINDOWS\config\csrss.exe'.
First off i'm new here and I want to thank anyone in advance for any help!!
I downloaded a norton antivirus torrent for my girlfriends computer and I think it came with a virus or trojan or spyware.
Everytime I start her computer now it tell me...
Windows cannot find 'C:WINDOWS\config\csrss.exe'. make sure you types the name correctly, and then try again. To search for a file, click the START button
Now the internet is super slow and I cant even go to regular sites like myspace, google, or yahoo.:upset:
I also have a second problem. I accepted a a winrar from someone on msn messenger and now my computer sends it out to all the people on my msn messenger buddy list when i'm on.:4-dontkno
PLEASE HELP AND THANKS IN ADVANCE!!! O AND WE HAVE WINDOWS XP.
I downloaded a norton antivirus torrent for my girlfriends computer and I think it came with a virus or trojan or spyware.
Everytime I start her computer now it tell me...
Windows cannot find 'C:WINDOWS\config\csrss.exe'. make sure you types the name correctly, and then try again. To search for a file, click the START button
Now the internet is super slow and I cant even go to regular sites like myspace, google, or yahoo.:upset:
I also have a second problem. I accepted a a winrar from someone on msn messenger and now my computer sends it out to all the people on my msn messenger buddy list when i'm on.:4-dontkno
PLEASE HELP AND THANKS IN ADVANCE!!! O AND WE HAVE WINDOWS XP.
- Status
- Not open for further replies.
1 - 20 of 26 Posts
Well it was my first time useing torrents so I was just downloading music and stuff, but I learned my lessen
Can you please help me?
Can you please help me?
Well it's just a microsoft runtime file.Well it was my first time useing torrents so I was just downloading music and stuff, but I learned my lessen
Can you please help me?
If you have your windows cd, you could just do a repair.
It's only a few steps, and it can fix quite a few problems.
Thanks man but how do I do that??? I'm not to savy when it comes to comp.:sigh:
I suggest you read through this once, so you'll have a feel for it before you start. It's not complicated, but if you don't read it first, you could misunderstand something and jump the gun in the wrong direction.Thanks man but how do I do that??? I'm not to savy when it comes to comp.:sigh:
XP Repair install
_______________
1) Boot the computer using the XP CD. You may need to change the boot order in the system BIOS so
the CD boots before the hard drive. Check your system documentation for steps to access the BIOS and
change the boot order.
________________________________________________________________________________________
2) When you see the "Welcome To Setup" screen, you will see the options below
This portion of the Setup program prepares Microsoft
Windows XP to run on your computer:
1) To setup Windows XP now, press ENTER.
2) To repair a Windows XP installation using Recovery Console, press R.
3) To quit Setup without installing Windows XP, press F3.
-------YOU WANT TO PRESS ENTER HERE---------
Do not choose "To repair a Windows XP installation using the Recovery Console, press R",
(you Do Not want to load Recovery Console).
________________________________________________________________________________________
3) Accept the License Agreement and Windows will search for existing Windows installations.
________________________________________________________________________________________
4) Select the XP installation you want to repair from the list and press R to start the repair.
If Repair is not one of the options, END setup.
________________________________________________________________________________________
5) Setup will copy the necessary files to the hard drive and reboot.
After the reboot - Do not press any key to boot from CD when the message appears.
Setup will continue as if it were doing a clean install, but your applications and settings will remain intact.
Done.
________________________________________________________________________________________
Thanks man...i'll let you know how i did!!!:wave:
Hello elferoz2k5
Note it is located in 'C:WINDOWS\config
The legitimate csrss.exe file is located in the folder C:\Windows\System32. In other cases, csrss.exe is a virus, spyware, trojan or worm!
Run your antivirus and spyware programs and if they do not find and delete it please do the following.......
Please follow our 5 Step process outlined here:
http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html
After running through all the steps, please post the requested logs in the HijackThis Log Help forum.
http://www.techsupportforum.com/security-center/hijackthis-log-help/
If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
I think this is the worm or trojan you downloaded.Windows cannot find 'C:WINDOWS\config\csrss.exe'.
Note it is located in 'C:WINDOWS\config
The legitimate csrss.exe file is located in the folder C:\Windows\System32. In other cases, csrss.exe is a virus, spyware, trojan or worm!
Run your antivirus and spyware programs and if they do not find and delete it please do the following.......
Please follow our 5 Step process outlined here:
http://www.techsupportforum.com/sec...read-before-posting-malware-removal-help.html
After running through all the steps, please post the requested logs in the HijackThis Log Help forum.
http://www.techsupportforum.com/security-center/hijackthis-log-help/
If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
THANKS Dunedin!!!!!!!!!!!!
I'll do all the 5 steps next weekend, because I work alot during the week and then i'll reply...but thanks alot bro...I'm realllllllyyyyy Thankful:wave:
I'll do all the 5 steps next weekend, because I work alot during the week and then i'll reply...but thanks alot bro...I'm realllllllyyyyy Thankful:wave:
csrss.exe is not malware when it's located in that folder.
Hi Rob 1 :smile:
I think it is malware
If it is running in msconfig
http://www.sysinfo.org/startuplist.php?filter=csrss.exe
"The legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder "
http://www.neuber.com/taskmanager/process/csrss.exe.html
.
I think it is malware
If it is running in msconfig
http://www.sysinfo.org/startuplist.php?filter=csrss.exe
"The legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder "
http://www.neuber.com/taskmanager/process/csrss.exe.html
.
elferoz2k5 :smile:
I`m going on holiday on Friday so I won`t be able to answer you next week.
There are lots of others to help though :smile:
Good luck. I hope you manage to get it cleaned up.
I`m going on holiday on Friday so I won`t be able to answer you next week.
There are lots of others to help though :smile:
Good luck. I hope you manage to get it cleaned up.
Thanks, Dunedin! You are correct!!
@Rob 1, config\csrss.exe is assuredly malware in that location.
http://www.threatexpert.com/reports.aspx?find=Config\csrss.exe
The OP is experiencing a message from Windows complaining of a file missing at startup. An orphaned registry item is the likely cause of the error message, either in a winlogon\\shell or other startup location.
@ elferoz2k5 -
You'd do well indeed to follow Dunedin's instructions when you get the time. Even if this entry is orphaned, there may be more dross left behind.
@Rob 1, config\csrss.exe is assuredly malware in that location.
http://www.threatexpert.com/reports.aspx?find=Config\csrss.exe
The OP is experiencing a message from Windows complaining of a file missing at startup. An orphaned registry item is the likely cause of the error message, either in a winlogon\\shell or other startup location.
@ elferoz2k5 -
You'd do well indeed to follow Dunedin's instructions when you get the time. Even if this entry is orphaned, there may be more dross left behind.
The problem isn't that the file showed up in the malware location during a spyware scan though. It's a file that windows is not able to locate.Thanks, Dunedin! You are correct!!
@Rob 1, config\csrss.exe is assuredly malware in that location.
http://www.threatexpert.com/reports.aspx?find=Config\csrss.exe
The OP is experiencing a message from Windows complaining of a file missing at startup. An orphaned registry item is the likely cause of the error message, either in a winlogon\\shell or other startup location.
@ elferoz2k5 -
You'd do well indeed to follow Dunedin's instructions when you get the time. Even if this entry is orphaned, there may be more dross left behind.
This is why:
With the registry entry present, Windows is complaining.
Just because there's an error from Windows does not mean it's a Windows file which is missing.
There are many cases on the boards of users with "file missing" messages, many of which stem from orphaned startups.
Something, perhaps the OP's resident, already deleted the file.The OP is experiencing a message from Windows complaining of a file missing at startup. An orphaned registry item is the likely cause of the error message, either in a winlogon\\shell or other startup location.
With the registry entry present, Windows is complaining.
Just because there's an error from Windows does not mean it's a Windows file which is missing.
There are many cases on the boards of users with "file missing" messages, many of which stem from orphaned startups.
I could see where Norton deleted/quarantined a virus and caused this.
But windows not finding the file, doesn't sound like an active virus to me.
It would be easy enough for thread starter to install AVG or Avast, and run a scan to double check what Norton has cleaned up.
But windows not finding the file, doesn't sound like an active virus to me.
It would be easy enough for thread starter to install AVG or Avast, and run a scan to double check what Norton has cleaned up.
@ Rob 1 -
I'm not sure you're understanding what I'm trying to tell you.
I'm not saying it's an active infection (though from the OP's comments, there may well be more on the machine). I'm saying the registry has an orphan at startup. The file is missing from a Windows startup procedure. It matters not that the file was from an infection. The startup remains. The Windows message appears. There are two ways to take care of that. Restore the file (not desirable, because that file is malware) or remove the offending orphan from the registry. This can be done manually if one knows their way around the registry, or with removal tools at our disposal.
Where in the registry can be determined once elferoz2k5 posts logs in the HJT forum.
Also, your suggestion of installing a second or third antivirus is not the best idea, if you mean to suggest to install another AV at the same time as Norton. Having more than one resident antivirus application installed at one time can cause system issues.
It would also not likely address the OP's situation.
Let's not hijack this thread any longer.
@ elferoz2k5 -
Please also change your MSN Messenger password.
I'm not sure you're understanding what I'm trying to tell you.
I'm not saying it's an active infection (though from the OP's comments, there may well be more on the machine). I'm saying the registry has an orphan at startup. The file is missing from a Windows startup procedure. It matters not that the file was from an infection. The startup remains. The Windows message appears. There are two ways to take care of that. Restore the file (not desirable, because that file is malware) or remove the offending orphan from the registry. This can be done manually if one knows their way around the registry, or with removal tools at our disposal.
Where in the registry can be determined once elferoz2k5 posts logs in the HJT forum.
Also, your suggestion of installing a second or third antivirus is not the best idea, if you mean to suggest to install another AV at the same time as Norton. Having more than one resident antivirus application installed at one time can cause system issues.
It would also not likely address the OP's situation.
Let's not hijack this thread any longer.
@ elferoz2k5 -
Please also change your MSN Messenger password.
You're right about that. I should have added, that when I do that I always delete the program when I'm done.@ Rob 1 -
I'm not sure you're understanding what I'm trying to tell you.
I'm not saying it's an active infection (though from the OP's comments, there may well be more on the machine). I'm saying the registry has an orphan at startup. The file is missing from a Windows startup procedure. It matters not that the file was from an infection. The startup remains. The Windows message appears. There are two ways to take care of that. Restore the file (not desirable, because that file is malware) or remove the offending orphan from the registry. This can be done manually if one knows their way around the registry, or with removal tools at our disposal.
Where in the registry can be determined once elferoz2k5 posts logs in the HJT forum.
Also, your suggestion of installing a second or third antivirus is not the best idea, if you mean to suggest to install another AV at the same time as Norton. Having more than one resident antivirus application installed at one time can cause system issues.
It would also not likely address the OP's situation.
Let's not hijack this thread any longer.
@ elferoz2k5 -
Please also change your MSN Messenger password.
I also run Symantec antivirus, and on the odd occasion where something didn't look right, i've ran alternate scans to double check that all was good.
This includes going from PestPatrol, to Spybot S&D and Adaware.
And of course, runnning Hijackthis is always a good bet.
I've thought plenty about this sort of thing, and it even occurs to me that all of the people who post here could have a brief comment in their sig along the lines of:
You should be running:
Antivirus
Antispyware
Firewall (software or hardware)
Hey guys sorry i'm just getting back to you, but I tried to do that 5 step thing and when I did step 2 with that panda program it gave me an error with internet explorer and firefox!! So it did not finish.
IDK WHAT TO DO. I can't even access my yahoo email or myspace and i can't even search on google.
Any tips??????
Thanks in advance;-)
IDK WHAT TO DO. I can't even access my yahoo email or myspace and i can't even search on google.
Any tips??????
Thanks in advance;-)
Hi elferoz2k5 -
As Dunedin noted above,
As Dunedin noted above,
and as we state in Step 1....If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
All the steps are important, but the logs we really need to begin analysis are in Step 5.It is appreciated that the level of infection may not allow you to complete all these steps. Therefore, if for some reason you cannot perform one of the steps, move on to the next step and advise the Analyst accordingly when you post the requested logs.
1 - 20 of 26 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Recommended Communities
