Computer Locked Down

S

StraySlayer

New Member
Hey guys, thanks for taking the time to look through this. Anyway, recently I've noticed my Desktop (Running Windows 7) was acting far slower than normal. While I beared with it for a day out of laziness, when I eventually did investigate I found a suspicious csrss.exe running in processes. I did a full system scan with Microsoft Security Essentials and had 23ish pieces of malware found, and after removing them the suspicious exe was still running. I tried then to manually delete it, but a pop up exclaimed that the operation was forbidden. I then had to leave for a bit, and when I returned a few hours later everything was so slow I decided to use a hard restart and boot it in Safe Mode while I tried to find out how to remove the csrss file. However, now in Safe Mode, I can't use Explorer.exe (and thus can't really do anything, I'm denied access to any kind of file browsing) and starting it up normally is impossible.

Anyone have any idea what to do? Is it looking like its time to reinstall Windows?
 
Can you run anything? If so please do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

infection-found.jpg


To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

scan-completed.jpg


If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.
 
Would I be able to install and run the program in SafeMode? I'm under the impression right now it'd be impossible for me to run it normally, the screen just remains black.

But until then, I'll try and see if I can do that. Once again thanks.
 
I too have the csrss.exe program running. Have you found if this program is the culprit? I ran the program johnb posted but it found nothing.
 
Last edited:
knockout34 said:
I too have the csrss.exe program running. Have you found if this program is the culprit? I ran the program johnb posted but it found nothing.
Click to expand...

See the following:

This is the user-mode portion of the Win32 subsystem; Win32.sys is the kernel-mode portion. Csrss stands for Client/Server Run-Time Subsystem, and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and implementing some portions of the 16-bit virtual MS-DOS environment. http://www.neuber.com/taskmanager/process/csrss.exe.html

Note: The csrss.exe file is located in the folder C:\Windows\System32. In other cases, csrss.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.
Click to expand...
 
You must log in or register to reply here.
Back
Top