Active discussions

Meet the Other Phone. A phone that grows with your child.

Meet the Other Phone.
A phone that grows with your child.

Buy now

Please or to access all these features

Talk
Geeky stuff
Original poster

I have a virus or a trojen or something; What should I download?

23 replies

KatyMac · 22/05/2011 14:21

I have AVG paid for that keeps finding 3 trojans, clearing them up, saying everything is fine & I can't get on MN because my Proxys are wrong

I can however get on Natwest, HMRC etc

So please help me

Oh & my csrss.exe can't be found

OP posts:
Original poster
KatyMac · 22/05/2011 14:58

I need big help the computer keeps being attacked

OP posts:
Original poster
KatyMac · 22/05/2011 15:08

bump

OP posts:
onagar · 22/05/2011 15:08

DO NOT go to your bank if you may have a virus. If you already have then ring your bank because you may have just given away your details to a distant hacker.

I don't know what the best tools are nowadays. is spybot is one that has a good reputation, but you may need something more specific. AVG should be able to clear them up. It may mean AVG has been compromised.

Do you recall any of the names that popped up in AVG?

Original poster
KatyMac · 22/05/2011 15:10

Sorry - cross posted

OP posts:
Original poster
KatyMac · 22/05/2011 15:11

Oh damn it won't even open that page

OP posts:
onagar · 22/05/2011 15:14

when it says csrss.exe can't be found does it give the whole path? There is only supposed to be one in C:\WINDOWS\system32\csrss.exe (at least on XP)

There was probably a virus which named itself csrss.exe elsewhere. AVG will have deleted it so it will be trying to autorun on bootup and naturally it can't be found.

Original poster
KatyMac · 22/05/2011 15:15

"Firefox is configuring to use a proxy server that is refusing connections"

Don't worry I didn't log on (although they do have my OU log in.....maybe they could submit some work for me Grin)

OP posts:
Original poster
KatyMac · 22/05/2011 15:17

Yup it was
C:\docum~\katymac\locals~\temp\csrss.exe

I think

I can't open spybot on the laptop

OP posts:
onagar · 22/05/2011 15:19

Well that's a relief -phew!

If you can get to this AVG page on another computer it will download a CD full of programs to sort it out. It also says there you are entitled to support so you should find a phone number so they can tell you how to best use the CD.

onagar · 22/05/2011 15:23

And yes the C:\docum~\katymac\locals~\temp\csrss.exe was actually the virus so AVG correctly deleted it.

I'm really out of date with this kind of thing. We need one of our resident experts

onagar · 22/05/2011 15:26

oh one thing that might help.
In firefox go to Tools> Options> Advanced tab> Network tab, Settings button and set to Auto-detect proxy settings for this network.

Presumably the virus/trojan messed with it. Maybe the virus IS gone but left the effects behind?

Original poster
KatyMac · 22/05/2011 15:31

That has let me download Spybot

I'll run that before I do anything else

OP posts:
onagar · 22/05/2011 15:50

if the virus/trojan is still active then it will alter the proxy settings again. There is some chance perhaps that AVG has killed it.

Some things AVG won't know to put back after. The proxy settings was one and in your registry you now have a link to run C:\docum~\katymac\locals~\temp\csrss.exe and it will keep trying even though the virus file has gone.

Your next step might be to download and make that CD. Another option would be to use System Restore to put the registry etc back as it was at an earlier time. That might be your best bit in this case.

using system restore on XP

using system restore on Vista

Original poster
KatyMac · 22/05/2011 16:02

System restore won't work Sad

AVG here I come

OP posts:
Original poster
KatyMac · 22/05/2011 16:23

Threat detected!
c\System Volume Information_restore{57366F90-9A7B-47FD-B6B5-E92F52750DA}\RP474\A0103503.EXE

Trojan horse Generic22.BBFV

OP posts:
Original poster
KatyMac · 22/05/2011 16:28

Spybot won't work

Downloading CD

OP posts:
Original poster
KatyMac · 22/05/2011 16:28

Thank you so much for all your help; I would be lost without you

OP posts:
TheOriginalNutcracker · 22/05/2011 16:29

I had a smilar thing recently and downloaded malwarebytes and that got rid.

onagar · 22/05/2011 16:33

You may be lost with me yet. :) I'm still hoping for a real trojan expert to show up.

The c\System Volume Information_restore thing is not good and seems to rule out restoring which would have solved a lot of problems.

I hope the CD is going to help. btw if you don't want to make a CD there is an option to get the USB stick version.

Original poster
KatyMac · 22/05/2011 16:33

I have used both Spybot & Malwarebytes before but in the panic had forgotten the names Blush

OP posts:
onagar · 22/05/2011 17:18

If it's preventing you from reaching certain sites and from running certain files you need to regain control in order to fix anything. That's hopefully where the CD comes in.
If it doesn't help there are some things you can do yourself.
One method it might use to mess with the internet is the host file.

Windows\system32\drivers\etc\host

Deleting that or renaming it for now might allow you to get to more sites.

If the way files of type .exe are run has been tampered with then the Doug Knox site has a registry file that will restore the default settings. This is a direct link to the file

usualsuspect · 22/05/2011 17:21

Malwarebytes gets rid of most things

run it in safe mode

Original poster
KatyMac · 22/05/2011 17:30

Malware is running

AVG recommended something odd with the system restore

Fingers crossed

OP posts:
New posts on this thread. Refresh page