csrss.exe is this the virus? Avast did not detect.

I was online, got several error messages from a website wanting me to scan my computer and I logged off, used Malwarebytes got nothing then did a scan with Avast in that boot mode thing and nothing. I am noticing csrss.exe in my task list for I think the first time but the task list won’t let me close it.

WHAT IS THE USE OF MALWAREBYTES OR AVAST if it does not detect and clean viruses? Am I supposed to download virus freeware each time I want to scan for something?

How can I tell if I do have a virus that either of these programs are not noticing?

Thanks
:slight_smile:


Please tell us exactly where csrss.exe is located on your computer. The reason is that in the proper location, this is a valid MS file.

http://en.wikipedia.org/wiki/Client/Server_Runtime_Subsystem

In other locations, it can be any number of malware -

http://www.threatexpert.com/files/csrss.exe.html


Csrss.exe is the name of a Microsoft process. It runs when Windows is running. Stands for Client Server Runtime Server subsystem. The normal file location is C:\Windows\System32. If it is found elsewhere, it is likely to be malware.

WHAT IS THE USE OF MALWAREBYTES OR AVAST if it does not detect and clean viruses? Am I supposed to download virus freeware each time I want to scan for something?
Not much use at all. Fortunately, between the two of them there's not much they miss. Considering there are something like 40000 malicious files produced each day.
How can I tell if I do have a virus that either of these programs are not noticing?
Odd computer behaviour. Slowdowns. Any "your computer may be at risk" message, that [i]isn't[/i] from the MS security centre. A new, unknown process alerted by your firewall trying to connect to the internet. Redirects of web pages. Runny nose, sneezing, joint pain, sore throat, a temperature.

Got any of those symptoms? If not, you might have avoided it.
Without knowing the error messages and the website, and other stuff like the browser and configuration, we can’t know much more than that.

What were you doing on-line at the time ?

What was the site reporting this ?

  • change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

And exactly what was it reporting as Tarq57 asked ?

If you weren’t specifically doing an on-line scan, then the chances are this is simply a fake alert to scare you (and it worked).

How would a site know you were infected without having done a scan ?
How would a site know you were infected without having downloaded and installed the processes to do a scan ?
Answer it couldn’t know.

So as Tarq57 said unless you are experiencing unusual behaviour/symptoms/slowdown, etc. then it is likely this was a fake alert, but that rather depends on your answer as to what you were doing on-line.

The site wanted to download you a fake AV i think but if you did not download it i think nothing is installed on your pc. ;D If im not wrong…

Offering advice after DavidR is redundant.

I don’t remember. I think I was trying to log off anyway or checking my messages at an art webpage.

What was the site reporting this ? - change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

I don’t know.

It just said I have some malicious software and I should scan.

If you weren't specifically doing an on-line scan, then the chances are this is simply a fake alert to scare you (and it worked).

Not scared at all. Annoyed and pissed off.

And is there a way to STOP Avast from downloading upgrades of virus lists every time I log on? I am on dial up and AVAST slows my computer down. I have to stop typing or browsing and wait until it is done. It is annoying.

The computer sits there and grinds until that stupid blue notice appears then grinds until it closes then grinds until it plays that voice then grinds until it does whatever its doing and finally stops being slow or stuck and I can continue.

I did a scan and this is the result for locations of that csrss.exe thing. Do I have to delete any of these?

http://img214.imageshack.us/img214/8461/resultsh.jpg

I’m curious about any resolution to the problem reported in your thread about webshlock.txt.
Specifically the last question, did you scan again then, and have MBAM remove what was found?
(This may or may not have relevance, but is a loose end.)

And is there a way to STOP Avast from downloading upgrades of virus lists every time I log on? I am on dial up and AVAST slows my computer down. I have to stop typing or browsing and wait until it is done. It is annoying.
"program settings>update (basic)" and tick the circle that says "ask when update is available". (Once you get a notification, you should put a bit of time aside to update, reasonably soon.)
I did a scan and this is the result for locations of that csrss.exe thing. Do I have to delete any of these?
No. They all look legit.

Did you update to SP3? You’re more vulnerable without it.
A user can prevent these scam type applications from installing and trying to run by blocking, or at least asking, for scripts to run in the browser settings. I find the “NoScript” add-on in Firefox does the job well.


As Tarq mentioned above, those are all valid Microsoft files and you should not mess with them at all.


The avast VPS updates are incremental and should measure in the KBs rather than MBs so it shouldn’t take that long even on dial-up.

The auto update is also CPU restricted (depending on your OS ?) but it will use some memory and that may be more likely your problem. What is your CPU and RAM ?

I’m on dial-up and I delay the update process, stopping it is not advisable.

You need to edit (using notepad) the [InetWD] section of the C:\Program Files\Alwil Software\Avast4\Data\avast4.ini file and add the following line (depending on your connection type):
Dial-up connections, add this line:
RASWaitSeconds=600 and
UseRAS=1 if not present (or edit UseRAS=0 to UseRAS=1)

[InetWD] UseRAS=1 RASWaitSeconds=600
When complete save the changes, avast's self-defence module will ask for confirmation, etc. answer Yes.

The figure is seconds and the above equates to ten minutes, you could try that and adjust downwards or upwards if required, 300, 900, etc.


And is there a way to STOP Avast from downloading upgrades of virus lists every time I log on? I am on dial up and AVAST slows my computer down. I have to stop typing or browsing and wait until it is done. It is annoying.

The computer sits there and grinds until that stupid blue notice appears then grinds until it closes then grinds until it plays that voice then grinds until it does whatever its doing and finally stops being slow or stuck and I can continue.

Hi Barbara -

Like you and David, I am also on dial-up and, like you, I am in the US. But, I have no slow down of my computer during avast updates. In fact, I do not even know it is updating until that “stupid blue notice” appears. So, for me that blue notice is not stupid as it lets me know that avast is updating as it should.

As David asked, please tell us the speed rating of your CPU (1.2, 1.8, 2.4, etc) and the amount of RAM (512 mb, 1 gb, etc) installed in your computer as these are most likely the reason for the slow down during updating. Another reason could be the amount of programs that start-up when you turn on your computer.

Also, let us know the OS (Windows 2000, XP, etc) of your computer, please.


I’ll cope with the slowing down of Avast.

What bothers me now is this. I just got another of those warning messages and it asked if I wanted to scan I clicked the red x icon to CLOSE the damn thing and it downloaded something into my computer anyway.

Here are the screen caps. Are some of you here doing this on purpose?

This is the error message and I clicked the red x to close the thing not the OK.

http://img405.imageshack.us/img405/6146/image8t.jpg

This is the screen that appeared after it had quickly downloaded something and scanned.

http://img377.imageshack.us/img377/6404/image9.jpg

I do not actually USE this Juno webbrowser it is how I have to connect to the internet. I keep it in the background and use Firefox. Their browser is based on IE. I hate Juno’s software but cannot close it or I log off.

I downloaded and upgraded MBAM and it did not detect anything as I recall.

I have not been able to detect any viruses even though my computer acts slow and unusual.

Answer CharleyO’s questions.

please tell us the speed rating of your CPU (1.2, 1.8, 2.4, etc) and the amount of RAM (512 mb, 1 gb, etc) installed in your computer as these are most likely the reason for the slow down during updating. Another reason could be the amount of programs that start-up when you turn on your computer.

Also, let us know the OS (Windows 2000, XP, etc) of your computer, please.


Also what is the Service Pack of the operating system (OS).


Here are the screen caps. Are some of you here doing this on purpose?

Since we tend to be helpful, why on earth would any of us do something like this on purpose? ???

Answering our questions is the best way to get help from us. We like to help people when we can.
But, you have to be willing to help us help you.


I do not know the speed of my cpu and my os is Windows XP. But THAT isn’t important, what is important is what was this virus message I posted screencaps of because I used Malware and Avast after posting that and logging off and they did not say I had any viruses.

I don’t care about the slowness of Avast issue as much as I care about being certain it will do its job.

Hi Barbara

I think you’re problem is that you are using both Firefox and Juno. I don’t know much about Juno but it is likely to come bundled with various features including virus scanner that are set to run by default regardless of whether you want to USE it or not. In which case it may be sparking off at any hint of the wrong word or object, sometimes picking up small stuff - that mbam and avast would take care of anyway if they were in fact nasty. Possibly stuff that Firefox doesn’t look for as it doesn’t scan for viruses, which may make things worse for Juno because Juno probably recognises that it isn’t the only browser presence. Or the only scanner when mbam and avast come to do their stuff.

So, because Juno cannot decypher what is going on, it is shouting out warnings to you, who does actually know what these other things are. But of course this is not helping you much unless you can reset Juno to not scan and therefore not recognise the presence of Firefox or your virus detectors. If this is the case what you need is to do is to reset Juno to only do its hookup for your dialup, and have its extra features disabled. This will leave your other programs like avast free to cover the browser territory without sparking Juno off all the time. Perhaps someone who knows Juno or the Help and Support at Juno can help you with the best way to do this. You may have to uninstall Firefox to reset Juno, then install Firefox again. Unfortunately I do not know the ins and outs of Juno. I’m just trying to help.

Usually with my clients the problems occur the other way round. I set up their antivirus / antispyware defence and then they go and download some browser that has virus scanning capability, which then works away at my defence setup at every hint of movement that occurs in browser teritory, until eventually the new browser has taken over antivirus responsibility, and avast in particular ends up limping along out of a job and of no real use to anyone. Browser territory then becomes a very unstable, unsafe environment open to exploitation by any kind of malware. Enough to say that viruses start slipping throught the net (like sheep through a hole in the fence) :slight_smile: So this is what I find happens when there are no longer clearly defined road rules in browser territory. And prior to infection, when I get there early enough, all sorts of weirdo messages and things are going off.

I cannot say for sure this is your problem. But maybe this will help.

BTW on dialup you are safer because your hookup starts again each time you connect, as opposed to broadband / Lan which is continuous from the previous time you connected. At the same time, if the weirdo stuff starts going off each time you connect, then the extra features on Juno may very likely be your problem. Probably best reset Juno mean and lean as just the connect function to internet, and let Firefox free to handle all the browser duties. Granted this may possibly already be what you are doing and the problem lies elsewhere. But I would say Juno Help and support would be your first stop.

mkis might well be correct.
While he was posting, I took a slightly different approach, that is, to “Google” the URL that appeared in your browser as posted in your second picture here.

I’m going to assume that you didn’t type (or have saved as a favorite) “newwayscanner.info”.

Your browser has been re-directed to this page, probably, which is, as you probably already know, for a malicious scam.

“Googling” the URL led to a few hits…quite few. It appears the malware is quite new…perhaps even from as early as August this year, and is thus not widespread, which is (if that is correct) why the scanners aren’t detecting it.
The Google hits I looked at suggested that some users with other AV’s failed to have it detected, also, so you are not alone.
(I realize that may not actually make you feel less annoyed.)

You might want to post a HijackThis log here. I’m not trained in the use, but there are folk who help here that are. It might be a way to find out what process is involved, stop it, and in the process send a sample to Avast. (Further info/instructions would be forthcoming.)

An alternative (less palatable, IMO), would be to wait until the scanners get samples and update their detections, so it can be removed by what you have installed already.

If you need instructions on posting a HjT log, please advise.

What firewall do you use?

That is the kind of stuff that started happening when the youngsters downloaded extra browsers to run as residents in their user accounts. They became exploited.

Probably some tidy up needed - so HijackThis may shed some light. And definitely need SP3 and updated Windows and other programs, Java, Adobe, and so on to tighten up defence.

Showing the CPU speed helps the people helping you to better diagnose the situation and provide better resolution for you.

To view the CPU speed on the System Properties tab, right-click My Computer, and then click Properties.
Click the General tab.
CPU information is listed in the first or second line of the Computer area.

System information can be also by going to Control Panel then System then reading the Computer: information at the bottom of the General tab.