Unfortunately, malware has infused itself into my system:
XP Home, SP3, up-to-date, dual proc, 4GB RAM (I know - XP cannot take advantage of it all).
csrss.exe would occupy both processors.
Infected when opening a spoofed website with IE8 (also up-to-date).
Known malware files/folders:
The above return when deleted with Administrator account, unable to delete with user/admin account.
1. With Adminstrator account, remove all access to 2251727459.dat. Result: window with focus border flashes many times/second, a dos prompt appears in task bar for each flash (thus difficult to read) with title of "c:WINDOWS/system 32", mouse primary button does not perform as expected (suspect event is being intercepted), and machine is pretty much unusable.
2. With Adminstrator account, restore access to 2251727459.dat and remove all access to WINDOWS/Temp/pdk-SYSTEM/. None of the symptoms appear as described in 1. Appears to be extraneous disk access.
As described in 2., above.
Edited by Orange Blossom, 18 July 2010 - 02:44 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB