Hello, let's clean a few more items as this was getting into your csrss.exe process
area. You are still infected.
Csrss.exe is the Microsoft client server runtime which generates worker threads for client requests. The confusion over csrss.exe comes from Trojans or viruses that use the same executable name (.exe) as that of csrss.
Your HOSTS file
may be infected. Reset the HOSTS file
As this infection also changes your Windows HOSTS file, we want to replace this file with the default version for your operating system.
Some types of malware will alter the HOSTS file as part of its infection. Please follow the instructions provided in How do I reset the hosts file back to the default?
To reset the hosts file automatically,go HERE
button. Then just follow the prompts in the Fix it wizard.
in the File Download
dialog box or save MicrosoftFixit50267.msi
to your Desktop and double-click on it to run. Then just follow the promots in the Fix it wizard.
Please download the TDSS Rootkit Removing Tool
) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v184.108.40.206) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 220.127.116.11 of the tool.
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
- If TDSSKiller does not run, try renaming it.
- To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
- Click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
- A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.18.104.22.168_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
Finally run an online scan.I'd like us to scan your machine with ESET OnlineScan
NOTE: In some instances if no malware is found there will be no log produced.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
- Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Click the button.
- Accept any security warnings from your browser.
- Under scan settings, check and check Remove found threats
- Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push
- Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Push the button.
How is it now?