WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Highjackthis log please help
Started by
Derek V
, May 20 2006 02:31 AM
30 replies to this topic
#16
Derek V
-
- Authentic Member
-
- 16 posts
New Member
Posted 20 May 2006 - 12:03 PM
Register to Remove
#17
Derek V
-
- Authentic Member
-
- 16 posts
New Member
Posted 20 May 2006 - 12:09 PM
One more thing, I have this CWS virus named feads, and I can't get rid of it. I try using CWS Shredder, and SBC yahoo antivirus, but It can't erase
#18
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 20 May 2006 - 12:19 PM
Can you find/delete this file?
C:\WINDOWS\SYSTEM32\CSRRS.EXE <-- this file
EXTREMELY IMPORTANT!!!
The may be a file in there named csrss.exe
That file is a VALID WINDOWS application.
BE SURE AND DELETE THE CORRECT FILE!!!
Please note the difference in the file names!!!
Some malware files may be "hidden".
Be sure to show hidden files when looking.
Then empty it from the recycle bin.
Then run the program you ran earlier that was picking up some things, and let me know what it finds.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#19
Derek V
-
- Authentic Member
-
- 16 posts
New Member
Posted 20 May 2006 - 12:29 PM
I see the file, but I cannot delete it. It says application could not be run in Win32 mode? Maybe I need to run safe mode?
#20
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 20 May 2006 - 12:31 PM
Don't "run" it, <right-click> on it and choose "Delete".
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#21
Derek V
-
- Authentic Member
-
- 16 posts
New Member
Posted 20 May 2006 - 12:37 PM
I right click and clicked delete this time it says cannot delete CSRSS: Access is denied make sure the disk is not full or write-protected and that the is not currently in use. Im going to restart, and try again.
#22
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 20 May 2006 - 12:41 PM
<right-click> on it and choose "Properties"
In the window that opens, look towards the bottom.
Next to Attributes:, if there is a check in the "Read-only" box, remove the check then click "Apply" then "OK", then try to delete it again.
In the window that opens, look towards the bottom.
Next to Attributes:, if there is a check in the "Read-only" box, remove the check then click "Apply" then "OK", then try to delete it again.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#23
Derek V
-
- Authentic Member
-
- 16 posts
New Member
Posted 20 May 2006 - 12:47 PM
No same thing, anymore ideas?
#24
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 20 May 2006 - 12:51 PM
Download Killbox from here:
Killbox.zip © Option^Explicit
Unzip it.
CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!
Now, run Killbox.
In Killbox select "Delete on Reboot".
Paste the next line into the "Full Path of File to Delete" text box.
C:\WINDOWS\SYSTEM32\CSRRS.EXE
Click the red dot with the white X in it, in the upper right of Killbox, then click "Yes", and "Yes" again.
When the machine reboots be sure it's gone.
Killbox.zip © Option^Explicit
Unzip it.
CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!
Now, run Killbox.
In Killbox select "Delete on Reboot".
Paste the next line into the "Full Path of File to Delete" text box.
C:\WINDOWS\SYSTEM32\CSRRS.EXE
Click the red dot with the white X in it, in the upper right of Killbox, then click "Yes", and "Yes" again.
When the machine reboots be sure it's gone.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#25
Derek V
-
- Authentic Member
-
- 16 posts
New Member
Posted 20 May 2006 - 12:52 PM
I wonder am I'm trying to delete the correct one. It says CSRSS client server runtime process. It doesn't say .exe. There's no exe.
Register to Remove
#26
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 20 May 2006 - 12:53 PM
See my last post.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#27
Derek V
-
- Authentic Member
-
- 16 posts
New Member
Posted 20 May 2006 - 12:57 PM
It says the file doesn't excist. I think that wasn't the .exe file, so I think my PC is clean now?
#28
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 20 May 2006 - 01:00 PM
I just ran the program Xoftspy and it found 4 objects. One was a browser highjacker, worm, and two data miners. When I earse them they tend to come back. How could I prevent this from coming back? I have zone alarm pro, but I guess it does not seem to prevent viruses.
Run that program again, and let me know what it finds.
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#29
Derek V
-
- Authentic Member
-
- 16 posts
New Member
Posted 20 May 2006 - 01:08 PM
It found nothing, it came out clean. I have to make sure I always open zone alarm pro before browsing. Thank You Micah if I have anymore problems I hope you are here. Thanks to you my pc is virus free, and running smoothly again. Thank You
#30
Micah_6:8
-
- Authentic Member
-
- 10,060 posts
Evilware Emancipator
- Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!
Posted 20 May 2006 - 02:31 PM
Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
