Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\windows\config\csrss.exe Is Not A Valid Win32 Application


  • Please log in to reply
9 replies to this topic

#1 alkami

alkami

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 May 2008 - 10:31 AM

Hi Everyone,

I have been getthing this error upon computer startup.

"C:\windows\Config\csrss.exe is not a valid win32 application"

Following some instruction on another post "http://www.bleepingcomputer.com/forums/index.php?showtopic=138893&st=0&gopid=828844&#entry828844"

Here is my entry in registry

Location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

shell = Explorer.exe C:\Windows\config\csrss.exe
Userinit = C:\windows\system32\\userinit.exe


Wondering why Shell = Explorer.exe points to C:\windows\config\csrss.exe


Any advice in this is much appreciated.

BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 AM

Posted 19 May 2008 - 10:48 AM

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system.


Afew more clues might help with reccomending a remedy
Chewy

No. Try not. Do... or do not. There is no try.

#3 alkami

alkami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 May 2008 - 10:58 AM

The exact error message is = C:\windows\config\csrss.exe is not a valid Win32 application

OS = WinXp Pro SP2

The error message comes up as a pop up window upon computer startup.

Upon clicking on my username on the welcome window is takes longer than usual to get into Windows where I can see my Desktop. When I get into my Desktop, is there that the error window pops up.

Things I did day before:

(1) Did windows update
(2) Did a full system scan from using the safety scan from Windows Live OneCare (webbase)

! of the above definitely mess something up I assume

#4 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 AM

Posted 19 May 2008 - 11:17 AM

http://www.bleepingcomputer.com/forums/ind...mp;#entry811062

and since you didn't tell us what real time resident protection you are running(if any)

you might also try this

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Chewy

No. Try not. Do... or do not. There is no try.

#5 alkami

alkami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 20 May 2008 - 03:29 AM

Sorry about that, I currently do not have any virus or firewall program installed for the computer.Will follow the instruction on the first link and post my results here.

Thanks once again.

#6 alkami

alkami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 20 May 2008 - 04:06 AM

**First scan**


Malwarebytes' Anti-Malware 1.12
Database version: 768

Scan type: Quick Scan
Objects scanned: 45624
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 138

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Documents and Settings\Jeremy\Local Settings\Temp\yqa2.tmp (BackDoor.ProRat) -> Unloaded module successfully.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Downloader) -> Data: c:\windows\config\csrss.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\Jeremy\Local Settings\Temp\yqa2.tmp (BackDoor.ProRat) -> Delete on reboot.
C:\WINDOWS\Temp\auc2B.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\avaB.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bcd1FF.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bzu256.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cfa6.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cku25A.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\clu257.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dda15.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dia5.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dla4.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dna1.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\doaB.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dra2.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\dsu265.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\eee2E6.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\end297.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\esa270.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\etc28.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\evn2B.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\faaC.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fhu25D.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fkb1C.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\flc23.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fob18.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\fraF.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\froA1.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gaf7E.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ghc27.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\giaF.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gib1E.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gjaA.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gxa9.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hba13.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hea7.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hga13.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hna1.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hnc21.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hoa6.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hqa9.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hsa3.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hsaD.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hua13.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iac20.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ifc5C.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\iia4.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ijc25.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ikaA.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ikaD.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jgu262.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jia4.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jra2.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jxc24.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kjc62.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kvh8A.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lca18.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lsoA3.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mga14.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mod200.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\muc2A.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mvc2D.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\naa7.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nab19.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ncv269.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\npa16.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nuaB.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nwu259.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nxa5.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ohaC.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opa12.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\opb1E.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ora2.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\paa7.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pgu264.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pqa4.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pta12.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pva4.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pyaC.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qda10.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qeaE.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qia12.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qpa17.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qqd1FE.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qta6.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qtb1F.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qtu260.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\qvb1D.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rma8.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rsa2.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rvb1D.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\scaA.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sfaE.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sje119.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\svu25C.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\szc22.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tea15.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tqv268.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tra14.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tta5.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tva3.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tvc26.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tza3.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tzpA8.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ucb17.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ufm9E.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ula8.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uma1.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\umaD.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uta5.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\uwaE.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vgu261.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vja6.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vma1.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vna1.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vwa11.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vxa3.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vxb1B.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vyaF.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wfc29.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wie2E7.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xcb1E.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xed1FC.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xga7.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xka10.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xxa9.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yca5.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yhaC.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ylb1A.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yma9.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yob1F.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yqaF.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\yra14.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ywa3.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zev266.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zga6.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\zka7.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ztaD.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Config\csrss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


**Second Scan**


Malwarebytes' Anti-Malware 1.12
Database version: 768

Scan type: Quick Scan
Objects scanned: 45338
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Documents and Settings\Jeremy\Local Settings\Temp\ipa2.tmp (BackDoor.ProRat) -> Unloaded module successfully.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\Jeremy\Local Settings\Temp\ipa2.tmp (BackDoor.ProRat) -> Delete on reboot.
C:\WINDOWS\Temp\chaF.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\flaB.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gfa11.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gjaD.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ita6.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jma1.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\jua4.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kyaA.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mic10.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\moa14.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nra3.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\oqa12.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pvaE.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\rxaC.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\sfa7.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\vda13.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\waa8.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wsa10.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xha5.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xaa15.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.

#7 alkami

alkami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 20 May 2008 - 04:13 AM

**Third Scan**



Malwarebytes' Anti-Malware 1.12
Database version: 768

Scan type: Quick Scan
Objects scanned: 45390
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Documents and Settings\Jeremy\Local Settings\Temp\ita5.tmp (BackDoor.ProRat) -> Unloaded module successfully.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\Jeremy\Local Settings\Temp\ita5.tmp (BackDoor.ProRat) -> Delete on reboot.
C:\WINDOWS\Temp\avaA.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\bva3.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ehaB.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\faa6.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\hla7.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\lxb16.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mma1.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mna4.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tra2.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\utaC.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xja9.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\xxa8.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\ffaD.tmp (BackDoor.ProRat) -> Quarantined and deleted successfully.

#8 alkami

alkami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 20 May 2008 - 04:21 AM

Looks like everytime I ran a scan it will detect more or less but still detect something.

By the way, after system restart I can now login to my desktop fast and no longer any stalling. Desktop loads up fast as well.

Thanks once again.

#9 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:05:53 AM

Posted 20 May 2008 - 08:04 AM

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

Backdoor trojans are pretty serious and often associated with rootkits, I would like you to run Sdfix, follow the instructions exactly, you might want to print them out
Chewy

No. Try not. Do... or do not. There is no try.

#10 alkami

alkami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 26 May 2008 - 09:45 AM

I followed the instructions and manage to find out that I got the "Backdoor.ProRat" trojan in my computer. Running hijack this and got the log file and got it analyzed.

FInally install Panda activirus to clear it out. Looks like Windows's safety scanner could not detect it at all.


The system is all clean now.

Thank you very much for all the help.

Now I am attemtping to clean my dad's computer that is infected with some virus that I am looking into having it removed. IE got hijacked as well loading "Sujin.com.np" webpage on load up and the IE title has the name as well.

Looks like I really need to invest in some antivirus proggie on the double.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users