FreeLists / access-uk / [access-uk] Re: Removing a Trojan

["Ray's Home" <rays-home@xxxxxxxxxxxxxxxxxx>]

I'll start by stating my lack of exspertise here Roger, but the first thing 
that came up when I just did a search was a Microsoft article  which says, in 
part:

csrss.exe is the main executable for the Microsoft Client/Server Runtime Server 

I found this at:

http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

I'm not saying that what you have got isn't a trogen, simply that it might not 
be.  I'm sure others will come uup with THE answer.

By the way, I've tried Trogen Hunter and it used to play up something awful 
with my internet access so I uninstalled it.

HTH.


Ray

Personal emails:  Email me at
mailto:ray-48@xxxxxxxx

  ----- Original Message ----- 
  From: roger.south 
  To: access-uk@xxxxxxxxxxxxx 
  Sent: Saturday, March 04, 2006 8:35 AM
  Subject: [access-uk] Removing a Trojan


  Hi All

  A few days ago my firewall told me an application named csrrs.exe was asking 
to access the internet. I have not heard of this before so did a search on 
Google to find it's a well known trojan worm. I permanently denied access and 
set about removing it. I can't seem to find a removal tool on the web. I then 
did searches only to come up with blanks. AVG Pro, Panda, Spybot, AdAware, 
CClean, Registry Mechanic and Housecall all fail to find it. A search on my XP 
Home also proves negative. But I had call to go to msconfig to check what was 
running at start-up and there it is large as life and twice as natural. The 
location was given as:

  SOFTWARE\Microsoft\Windows\CurrentVersion\Run



  I guess this to be a registry location so went to regedit and did a Find. It 
seems to be everywhere in there. I could remove it manually but the registry 
makes me very nervous and weak at the knees so I'm looking for any knowledge 
you guys may have as to if I'm doing the right thing here, please.



  Many thanks 



  Roger