Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with multiple rogue malware & csrss.exe


  • This topic is locked This topic is locked
5 replies to this topic

#1 jonnjonny

jonnjonny

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 25 May 2016 - 04:28 PM

Platform: Windows 10 Home Version 1511 (X64)
Processor: AMD Phenom™ II X4 840T Processor 2.90 GHZ
RAM: 6GBS (5.75 GB usable)
System type: 64-bit operating system, x64-based processor
Video card: ATI RADEON HD 4200
 
I've had this computer for a while and had not hooked it up in a while so I decided to, and once I hooked it up to the internet I noticed a lot of problems.  Hooked it up 5/21/16, since then I have been trying to remove this myself searching endlessly throughout forums like yours and malwaretips and reddit.  I don't think I have benefited myself much.
 
Just to note this computer was windows vista before I clean installed windows 7 and then updating to windows 10, in hopes that the problem would go away but It hasn't.  I have noticed the internet sometimes not allowing me to download AV's and the search engines are bleeped.  Also extremely high cpu and ram usage off the bat. 
 
When I had the windows vista I noticed csrss.exe winlogon.exe and another exe in the task manager with no descriptions and also Sha1 and sha256 but it would disappear as soon as I noticed it.
Clean installing to windows 7 multiple items were installed on my desktop and the computer was slow.
In Hopes thinking it would disappear alas windows 10 update.  I've run multiple av's and malware removal products and I have noticed that this keeps jumping from AV to AV in my task manager (amount of cpu and ram)
 
It doesn't allow me to update windows defender also or get any windows update
I believe it is deep in my system and it hides when it wants to not be seen. 
 
Should I just full clean wipe my system and start new?

Attached Files


Edited by jonnjonny, 25 May 2016 - 05:19 PM.


BC AdBot (Login to Remove)

 


#2 jonnjonny

jonnjonny
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 25 May 2016 - 05:05 PM

Also just redownloaded farbar from the preperation guide and its saying that this program is not regularly download and can hard my computer



#3 polskamachina

polskamachina

  • Malware Response Team
  • 4,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 28 May 2016 - 11:51 PM

Hi jonnjonny :)

 

My name is polskamachina and I would like to welcome you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.

I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
polskamachina



#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 31 May 2016 - 10:06 PM

Hi jonnjonny :)
 
Let's begin by getting a fresh scan:

  • Please run FRST64 again.
  • When the window opens, tick the check box, Addition.txt
  • Click on Scan
  • When the scan completes, please copy and paste FRST.txt and Addition.txt into your next reply to me.
  • Also, please do not take any other corrective actions or run any other scans on your own unless instructed to do so.

Regarding your comment:

Also just redownloaded farbar from the preperation guide and its saying that this program is not regularly download and can hard my computer

That message is very common and it's just your anti-virus program warning you about FRST. If you have the option to allow FRST to run every time, reply, Yes.

In summary I will need the following logs from you :

  • First.txt
  • Addition.txt

Let me know if you have any questions.

 

polskamachina



#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 03 June 2016 - 09:52 AM

Hi jonnjonny :)

 

It's been a while since you've checked in. Did you need any more help with this? If not, this topic will be closed in 48 hours.
 
Please let me know if you have any questions.
 
polskamachina



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:36 AM

Posted 05 June 2016 - 01:15 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users