- Added by a variant of the SERVU-O TROJANSERVU-O TROJAN
- a hacked version of a legitimate FTP server application.
The Trojan reads configuration data from a file called tcp_systemstart.sys.csrss.exe
- Microsoft Client Server Runtime Process (legitimate file) or any number of bad processes
Click on the Startup Programs
link at the top of this page and search for this file, to see what else it could be.
What "trojan remover" did you download, and try?
I suggest you try:ewido security suite
- offers protection against urgently growing threats like Trojans, Worms, Dialers, Hijackers, Spyware and Keyloggers.
When installing ewido security suite
, under Additional Options
uncheck:Install background guardInstall scan via context menuHow to remove a Trojan, Virus, Worm, or other Malware
If this doesn't help, I suggest you post a HijackThis log for examination.
Read How to post a HijackThis Log
.Please read, and follow, all directions carefully.
Then, run a log, and post it in the HijackThis forum
, at this link
. Do not
, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please
, be patient, these people are volunteers. They will help you out, as soon as possible
Once you have made the post, please
, DO NOT
make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies
. If you make another post, there will be 1 reply
. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
If you follow these instructions, you shouldn't have to reinstall Windows.