I would like to know how remove the above virus, Avast has now encoutered it on two systems, XP Pro and Windows ME, in the ME machine it had infected a file called “csrss.exe” Avast has also found it to have infected “explorer.exe” then seemed to switch back to infecting “csrss.exe” and seems to be stopping “ctrl-alt-del”, any fuction using the “windows key” and also effecting the shut down.
It came via a file named “tennis” which was sent via MSM.
the “csrss.exe” file is located in the c: windows directory and had these properties
Company Name - EM
File Version - 1.0.0.0
Value - 1.00
Internal - csrss
Product name - EXPLORER
Win32:trojan-gen{vb} ME system
Win32:trojan-gen{UPX!} Xp system
It seems to be a kind of sd-bot. Start your PC in safe mode and let Avast scan your system. Put the files reported as “trojan-gen” in the viruschest or just rename them. Then search the registry for the filenames of the “Trojans” and delete the references to these files.
Just one more thing is there any reason way Avast will not let me do a “boot-time scan” The version is registered, but the option is “grayed out” IE not available? ???
Hi out there,
I too have a similar problem: Win32:Trojan-gen{UPX!}, and it is located in my C:\Windows\winlogon.exe and another in C:\System Information_restore{EC17F582-FB-4C2F-ACCA-9D86A44095E4}\RP587. I have moved them to the Virus Chest. Should I delete them and will my system still boot up if I shut it down? It will not repair. My system has slowed down to crawl. Please help!
You will be able to delete, or better first rename the file in safe mode. You maybe need to delete some entries in the registry too. It could be a deborm variant, but to find out use this link: http://www.kaspersky.com/remoteviruschk.html
Raman,
I am thankful for the response. Any thoughts on the registry files that I may have to delete?
The second post was to identify a new problem (Avast 4 crash), by touching on the first problem, which I was trying to fix and thus led to the crash. Any thoughts on this?
That may be cause, because of the virus, Anyway avast should work in safe mode too!? But first please “visit” the link i gave and follow the instruction. To give you a more valuable answer we need the “real” name of the Malware.
Sorry i did not read your post correctly enough. Uninstall all AV-Programms you do not need or try to deactivate all entries belong to antitrojanshield(?) and NAI/Mcafee, by using MSCONFIG.EXE . Try it should not be “dangerous”. But first of all get rid of the Virus. Does Avast or mcafee still find the Virus in safe mode?
Raman,
I’ve gotten rid of the virus or aleast it does not show up anymore with the reloaded Avast. All other AV programs are deactivated.
Now, my system is using so much time trying to load Internet Explorer 6.0 (1-2 mins) and crashing evertime I it does load or just hangs up. I get “IE has encountered an error and must shut down”, an error reporter but no solution from Mircosoft.
All other office programs are also slow to load, and startup is taking for ever to load my desktop. My system is barely reacting to commands. Do have other damage that cannot be detected by my AV?
Not easy to say, could be a some problems between your Mcafee antitrojan Avast combination. Did you uninstall the AV-Programm which you do not want to use anymore?
You should only one AV-Programm for all. If you want a second or third one you have to choose costume installation and install only the Scanner and the updater of these Products…
BTW: Did you use the link i gave to identify the malware/Trojans you had?