Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unable to remove Malware

  • Please log in to reply
No replies to this topic

#1 Buzz1cy


  • Members
  • 55 posts
  • Local time:09:48 PM

Posted 18 July 2010 - 01:13 AM


Unfortunately, malware has infused itself into my system:
XP Home, SP3, up-to-date, dual proc, 4GB RAM (I know - XP cannot take advantage of it all).

Initial symptoms:
csrss.exe would occupy both processors.

Infected when opening a spoofed website with IE8 (also up-to-date).

Known malware files/folders:

The above return when deleted with Administrator account, unable to delete with user/admin account.

Other attempts:
1. With Adminstrator account, remove all access to 2251727459.dat. Result: window with focus border flashes many times/second, a dos prompt appears in task bar for each flash (thus difficult to read) with title of "c:WINDOWS/system 32", mouse primary button does not perform as expected (suspect event is being intercepted), and machine is pretty much unusable.
2. With Adminstrator account, restore access to 2251727459.dat and remove all access to WINDOWS/Temp/pdk-SYSTEM/. None of the symptoms appear as described in 1. Appears to be extraneous disk access.

Current situation:
As described in 2., above.


Edited by Orange Blossom, 18 July 2010 - 02:44 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users