Solve : csrssc.exe and csrcs.exe [NOT csrss.exe]?

1.	Solve : csrssc.exe and csrcs.exe [NOT csrss.exe]?
Answer» Well, today I was trying to play RTC Wolfenstein ONLINE when every time I pressed any key on the keyboard the game would crash and exit me out. Anyway I tried restarting my PC but till the same thing happened so I ran Kaspersky Full Scan and Kaspersky found a bunch of Trojans (my license EXPIRED like a week ago and I was too lazy to get another one so my my computer was unprotected for like a week.) Anyway I deleted the Trojans and restarted my PC and tried to Wolfenstein again and it still does the same thing, so I was about to scan again when Kaspersky gave me alert about csrcs.exe and csrssc.exe(not csrss.exe, which is the system file so no onegets confused!) I know that those two files shouldn't be there and Kaspersky doesn't delete them but instead only restricts their operation. I need help on removing those files please. UPDATE: Kaspersky detected a Trojan but cannot delete because the pathway is write protected so I had Kaspersky block its EXECUTION. Should I post a HijackThis log?If Kaspersky is out of date then it's almost the same as having NO antivirus. You should install a free antivirus that will give just as much protection as any paid solution. Remember to only install one antivirus! 1) Avast! Home Free Edition 2) AVG Free Edition 3) Avira AntiVir Personal ---------- Download random's system information tool (RSIT) by random/random from and save it to your Desktop. Double click on RSIT.exe to run. Click Continue at the disclaimer screen. Once it has finished, two logs will open. log.txt <will be maximized and info.txt <will be minimized Please post the contents of both logs in the next reply. Don't worry I have the license for Kasperksy now and its updated, but it couldn't delete the Trojan because the pathway was write protected. Here is log.txt: http://www.megaupload.com/?d=CTMKZ1EY Here is info.txt: http://www.megaupload.com/?d=276JJEV2 Sorry for the download links, the files were too long to post.If you have to upload any more then please use MediaFire.com. That site has too many pop-ups and junk. Could be where you got the virus. Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet EXPLORER, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log and a new HijackThis log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Ok did what you said and ran ComboFix, performed its scan, and rebooted my PC. After that I tried play Wolfenstein and the old problem seems to be resolved. Here is the ComboFix log: log.txt Here is RSIT log: log.txt Everything seems to be good, is there anything else I should do? And thanks for the help! Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: File:: c:\windows\ekikiqaqoju.dll c:\windows\Okimuqoboxe.dll c:\windows\ST4UNST.EXE c:\windows\Setup1.exe c:\windows\ST6UNST.EXE c:\windows\ST6UNST.000 c:\windows\msdownld.tmp C:\WINDOWS\zip.exe C:\WINDOWS\VFIND.exe C:\WINDOWS\SWXCACLS.exe C:\WINDOWS\SWSC.exe C:\WINDOWS\SWREG.exe C:\WINDOWS\sed.exe C:\WINDOWS\NIRCMD.exe C:\WINDOWS\grep.exe C:\WINDOWS\fdsv.exe Folder:: C:\khq Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nxirodowurafox"=- "Ebubitigokid"=- 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeOk did what you said here is the second log file: log.txt Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. ---------- Download ATF Cleaner by Atribune to your Desktop. Alternate download link Note: Vista users must use Run As Administrator Under Main: Select Files to Delete choose: Select All. Click the Empty Selected button. If you use Firefox browser click Firefox at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt. If you use Opera browser click Opera at the top and choose: Select All Click the Empty Selected button. If you would like to keep your saved passwords click No at the prompt. Click Exit on the Main menu to close the program. Note that your system will run slower for a reboot or two after having used this tool so don't panic. ---------- Download OTCleanIt.exe and save it to your Desktop. Double-click OTCleanIt.exe. Click the CleanUp! button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes, if not delete it yourself. . Important:** Restart the computer before continuing. ---------- Scan with Panda ActiveScan This scanner requires Internet Explorer Once you are on the Panda site click the Scan your PC now button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Select the appropriate Yes or No to receiving marketing information Click the Free Online Scan button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report in your next reply. I ran into this ARTICLE, hope it will help: <Removed>

Answer»

Well, today I was trying to play RTC Wolfenstein ONLINE when every time I pressed any key on the keyboard the game would crash and exit me out. Anyway I tried restarting my PC but till the same thing happened so I ran Kaspersky Full Scan and Kaspersky found a bunch of Trojans (my license EXPIRED like a week ago and I was too lazy to get another one so my my computer was unprotected for like a week.) Anyway I deleted the Trojans and restarted my PC and tried to Wolfenstein again and it still does the same thing, so I was about to scan again when Kaspersky gave me alert about csrcs.exe and csrssc.exe(not csrss.exe, which is the system file so no onegets confused!) I know that those two files shouldn't be there and Kaspersky doesn't delete them but instead only restricts their operation. I need help on removing those files please.

UPDATE: Kaspersky detected a Trojan but cannot delete because the pathway is write protected so I had Kaspersky block its EXECUTION. Should I post a HijackThis log?If Kaspersky is out of date then it's almost the same as having NO antivirus. You should install a free antivirus that will give just as much protection as any paid solution.

Remember to only install one antivirus!

1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal

----------

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

Don't worry I have the license for Kasperksy now and its updated, but it couldn't delete the Trojan because the pathway was write protected.

Here is log.txt:
http://www.megaupload.com/?d=CTMKZ1EY

Here is info.txt:
http://www.megaupload.com/?d=276JJEV2

Sorry for the download links, the files were too long to post.If you have to upload any more then please use MediaFire.com. That site has too many pop-ups and junk. Could be where you got the virus.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet EXPLORER, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.Ok did what you said and ran ComboFix, performed its scan, and rebooted my PC. After that I tried play Wolfenstein and the old problem seems to be resolved.

Here is the ComboFix log:
log.txt

Here is RSIT log:
log.txt

Everything seems to be good, is there anything else I should do? And thanks for the help! Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

File::
c:\windows\ekikiqaqoju.dll
c:\windows\Okimuqoboxe.dll
c:\windows\ST4UNST.EXE
c:\windows\Setup1.exe
c:\windows\ST6UNST.EXE
c:\windows\ST6UNST.000
c:\windows\msdownld.tmp
C:\WINDOWS\zip.exe
C:\WINDOWS\VFIND.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\grep.exe
C:\WINDOWS\fdsv.exe

Folder::
C:\khq

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nxirodowurafox"=-
"Ebubitigokid"=-
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeOk did what you said here is the second log file:
log.txt

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
Important: Restart the computer before continuing.

----------

Scan with Panda ActiveScan

This scanner requires Internet Explorer

Once you are on the Panda site click the Scan your PC now button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Select the appropriate Yes or No to receiving marketing information
Click the Free Online Scan button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report in your next reply.
I ran into this ARTICLE, hope it will help: <Removed>

Solve : csrssc.exe and csrcs.exe [NOT csrss.exe]?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment