I haven't used my laptop in about a year (besides as an access point for my desktop). Because of this, Java was severely outdated. I went to my University and attempted to connect to the internet, I couldn't get it to work. I ended up using their network connection wizard, which was a Java applet. I had heard that certain updates of Java had security vulnerabilities with applets, but I figured since I was using a trusted applet from my university I would be fine.
The first thing that happened is that my wireless icon on my taskbar changed from the wireless bars to the icon you have when you have an ethernet cable connected. Okay, no big deal probably just a bug right? I went on using my laptop for the rest of the day, and accessed a lot of sensitive information with it including my bank account and my campus information service. I got home and plugged the ethernet cable back into my laptop (that's how I use my laptop's wifi card) but internet on my desktop wasn't working. This happens sometimes, so I restarted both computers but the problem persisted. I thought maybe the wizard messed with my network settings, and went to the Network Connections section of control panel to try to fix it; but it didn't show any of my networks. It was completely blank. I googled the problem, and discovered it may be a problem with my wireless card. I opened Device Manager as instructed, and it was blank as well.
At this point I decided a System Restore was a good idea, so I searched it and got an error saying "Windows cannot find 'C:\WIndows\system32\rstrui.exe'. Make sure you typed the name correctly, and then try again." So I navigated to system32, located the exe and opened it. Same error.
I still wasn't suspicious of a virus at this point, so I tried sfc /scannow. Sfc returned no problems. At this point I decided to do a virus scan using Microsoft Security Essentials. I did a quick scan and it showed no results. I then checked my processes for any rogue processes, and everything looked normal until I tried to open the file location of csrss.exe, and nothing happened. I noticed that the UserName and Description field were empty for csrss.exe, and at this point I was suspicious of a virus. I noticed that winlogon.exe also had no UserName or Description, and wouldn't let me open the file location either.
I've changed all my passwords of services I accessed during this time period. I'm just wondering what my next step should be.
The operating system is WIndows 7. Oh, it also says "3 days until automatic activation. Activate windows now" in the properties of Computer, even though my windows has been activated for well over a year.
Is this a sophisticated virus or just some kind of freak bug?
Thanks for your help.
EDIT: I checked another computer and verified the two processes I thought were rogue were on that computer as well, with the same blank fields and the inability to open file location. Still, could this be a virus? I also just started a malwarebytes scan.
Edited by xedrak, 25 August 2014 - 11:03 PM.