I just want you to know what’s happened to my laptop for a few days. I was getting a network shield alert from avast for a couple of days about a process “C:\Windows\system32\crrss.exe” is trying to connect to http:/ /yourteen.info/2/z.php (see attached screen shot)
I usually don’t shutdown my computer, I just go to sleep mode so I didn’t see any problem except the annoying alert from avast. I cleaned all the cache data of my Opera browser and close all of the open sites, no luck. I thought I should restart my computer this evening so maybe avast catches any virus or trojan on bootscan. After my login screen everything went black except the mouse cursor. Ctrl+Alt+Del works though. I couldn’t see my desktop. I then realized somethings going on.
I have no idea how or where it comes from but the threat is real. Avast prevented it to connect to the site but it doesn’t catch it as a bad file when it scans it.
I searched this forum, there are a lot of subjects about “cSRss.exe” but nothing about “cRRss.exe”. It’s a sneaky and a new one, there are some warnings on Google if you search for “crrss.exe”.
upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the url in the address bar and post it here for us to see
I updated above with log from Malwarebytes , I have from Avast but looking where in Avast to find logs…
p.s. but logon.exe from user/user I was deleting like 20 times, every few minutes, and Malwarebytes didn’t show me CRRS process , but Avast did…
And it blocked the link like 10 times…
Sorry to hear your problem zambala. I didn’t clean this virus by myself but my brother cleaned it by following the instructions of Sanjay C Rajure in here. After applying his guides, set the avast boot time scan to work on next startup. Avast cleans the other harmful files which Mr. Rajure didn’t mention.
P.S. @Pondus: I reviewed my first post in this topic now and I realized I forgot to mention that my brother had already cleaned up the virus by the time I sent the message. I just felt like to report it.