Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove a virus (CSRXX.EXE) off of External HD


  • This topic is locked This topic is locked
3 replies to this topic

#1 Son23

Son23

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:My computer X3
  • Local time:10:24 PM

Posted 18 May 2010 - 04:14 PM

If I posted this in the wrong area, I apologies and please redirect me.

Ok, so I asked this on another microsoft forum, but the help they provided, well, didn't help.

So I had to do a factory restore on my laptop recently because a program called CSRXX.EXE, an apparent worm, took complete control of my computer. This "application" would come up every time I would start my computer. I tried doing system restores, but most of the time the system restore would cause an error and not work. It wouldn't even let me into safe mode. Eventually, my desktop wouldn't come up at all so...there was really no choice.

While all of this was happening, I managed to back up all my important files, mostly pictures, audio, and word documents on my external hard drive (Western Digital Elements 1TB). My external hard drive already had important programs backed up on it as well. I was hoping that this would work, but as it turns out this virus spreads through USB. I went to an online scanner called ESET and when i would look for things to scan the virus appeared on my external hard drive...however the scan didn't see it as a threat because it didn't pick it up. The virus appears as this on the scanner: Posted Image also, according to some research that's how the virus will appear.
(If you can't see the picture well: https://ssl-proxy-updated.herokuapp.com/78b641cc630a25668b627f0bd42b5ded0b0b4c63/687474703a2f2f6939352e70686f746f6275636b65742e636f6d2f616c62756d732f6c3133382f536f6e32382f6578616d706c652d322e706e67/)


*my resources: http://www.threatexpert.com/report.aspx?md...863da1cafea7b3f
http://www.microsoft.com/security/portal/T...tID=-2147337590
http://answers.yahoo.com/question/index?qi...2214425AAVQa3V*


Now I didn't move the files back on my computer, so as far as I know my laptop doesn't have the virus again.

The last forum I was on told me to run a program called Malwarebytes and Spybot, which did not find anything on my external HD. In fact, the only way I can tell if the virus is still there is if I do an ESET scan. The ESET scan won't find the virus during the scan, but if you try to tell the scanner what to scan, the virus can be seen (refer to picture above).

I need the files and programs. I am an artist, writer, and voice actor. I animate toons and voice in my own plus online toons. Plus some pictures I drew I got paid to draw, so I can't afford to lose any of these files. The programs I can always reinstall, but the pictures, documents, and audio I cannot replace...at all. So I am asking, is there any way I can rid myself of this virus without harming my files, or if there is any way to transfer my data without losing my files? Please I really cannot afford to lose these files.



Thank you in advance.

Rob R.
~Son

EDIT: Moved from External Hardware to more appropriate Am I Infected ~ Hamluis.

Edited by hamluis, 18 May 2010 - 05:37 PM.


BC AdBot (Login to Remove)

 


#2 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:10:24 PM

Posted 18 May 2010 - 04:50 PM

Your photobucket image comes up as either deleted or moved.

Only thing I see in your image on your post is desktop.ini in the recycle bin but no sign of a virus being detected in this image.

iff you feel you are infected with a trojan or virus try posting in the BC AII fourms at this link. http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#3 Son23

Son23
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:My computer X3
  • Local time:10:24 PM

Posted 18 May 2010 - 04:59 PM

perhaps it would help if I enlarge it.

if you go into my actual EHD you do not see the recycle bin.

However, the "Recycle bin" doesn't read recycle bin. it reads $RECYCLE.BIN and desktop.ini. That's what the virus does, it creates a fake recycle bin, then uses the desktop.ini to get into explorer.exe and stops it from working.

but I will post in that thread. thank you for redirecting me.

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:24 PM

Posted 18 May 2010 - 10:01 PM

Topic closed as a new one has been posted here: http://www.bleepingcomputer.com/forums/t/317628/how-to-remove-a-virus-csrxxexe-off-of-external-hd/

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users