Digital Video Forums

Go Back   Digital Video Forums > General > General Computing

Reply
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Old 9 Jun 2006, 06:32 AM   #16
NOT an online superstore
 
drfsupercenter's Avatar
 
Join Date: Oct 2005
Location: Michigan
Posts: 4,424
Default

http://www.auditmypc.com/process/crss.asp

Apparently I have this CRSS process. It shows up in TaskManager and won't let me end it...

any suggestions for removal?
__________________
CYA Later:

d̃ŗf̉śŭp̣ễr̀šŰǹt̉ếř
Visit my website!!

Cool Characters Make your text cool
My DVD Collection
drfsupercenter is offline   Reply With Quote
Old 9 Jun 2006, 07:40 AM   #17
An Eagles Fan, A MenuShrinker
 
jm1647's Avatar
 
Join Date: Apr 2005
Location: New Jersey
Posts: 3,661
Default

Go to http://security.symantec.com/sscv6/d...d=ie&venid=sym and then do the virus scan. crss is part of windows and is probablty infected by something. When you find out what you have there are removal tools and instructions at symantec.
jm1647 is offline   Reply With Quote
Old 9 Jun 2006, 12:05 PM   #18
NOT an online superstore
 
drfsupercenter's Avatar
 
Join Date: Oct 2005
Location: Michigan
Posts: 4,424
Default

Hmmmm, apparently these errors only happen when viewing my IRC download folder. But all I have in there is TV rips, wtf? like, if I open another window on top of it the error stops reoccuring.

There are other folders too but mainly that one.
Is it safe to say that reformatting is my only option?
drfsupercenter is offline   Reply With Quote
Old 9 Jun 2006, 12:09 PM   #19
Digital Video Expert
Digital Video Expert
 
vw56german's Avatar
 
Join Date: Jun 2005
Location: Minneapolis MN
Posts: 640
Default

ok now is the "crss.exe" truly part of windows or is the correct .exe file "csrss.exe"?? I dont have the crss but I have the csrss. Is this crss some kind of trojan made to look like a real windows app?
vw56german is offline   Reply With Quote
Old 9 Jun 2006, 12:19 PM   #20
NOT an online superstore
 
drfsupercenter's Avatar
 
Join Date: Oct 2005
Location: Michigan
Posts: 4,424
Default

csrss is the real one.

And yes that is correct. Same with a LSASS program, that one is fake too if you have it I think.

Last edited by drfsupercenter; 9 Jun 2006 at 12:36 PM
drfsupercenter is offline   Reply With Quote
Old 9 Jun 2006, 12:31 PM   #22
Super Moderator
 
Chewy's Avatar
 
Join Date: Nov 2003
Location: millenium falcon
Posts: 18,971
Default

http://process.networktechs.com/csrss.exe.php
csrss.exe
Chewy is offline   Reply With Quote
Old 9 Jun 2006, 12:35 PM   #23
NOT an online superstore
 
drfsupercenter's Avatar
 
Join Date: Oct 2005
Location: Michigan
Posts: 4,424
Default

Quote:
How it spreads Network shares
OMG.

That means... the files that I got off the channels in IRC are spreading around to hundreds of people, I was just one of their pawns.

Quote:
It appends data to the said file, which prevents the affected user from accessing any of the following Web sites:

www.symantec.com
securityresponse.symantec.com
symantec.com
This hasn't happened yet, scanning with Symantec now. And AVG is still running tho it said no viruses.

And I am assuming IRC.bot means that it spreads via Internet Relay Chat which I often download files from?
drfsupercenter is offline   Reply With Quote
Old 9 Jun 2006, 12:41 PM   #24
Super Moderator
 
Chewy's Avatar
 
Join Date: Nov 2003
Location: millenium falcon
Posts: 18,971
Default

Quote:
And I am assuming IRC.bot means that it spreads via Internet Relay Chat which I often download files from?
yeah per!
Chewy is offline   Reply With Quote
Old 9 Jun 2006, 12:55 PM   #25
NOT an online superstore
 
drfsupercenter's Avatar
 
Join Date: Oct 2005
Location: Michigan
Posts: 4,424
Default

Dang... I really gotta inform them about that, they may not even know that they are spreading it.

So is there a cure for it or do I have to reformat. I just don't wanna have to worry about losing data and stuff, I would prefer to not reinstall if possible.
drfsupercenter is offline   Reply With Quote
Old 9 Jun 2006, 09:00 PM   #26
Super Moderator
 
Chewy's Avatar
 
Join Date: Nov 2003
Location: millenium falcon
Posts: 18,971
Default

You might kill it, but chances are there's a backdoor open(port) on your pc and as long as you are hooked to the internet it will just reinstall, someone else is probably accessing your computer. You are their BOT. I would try a lot of advanced stuff to gain control back,
this would probably be beyond the scope of this forum and online help, but here's what I would use, a good AV or two, trojan hunter, a squared, ewido,
spybot, adaware, coupled with safe mode, 3 finger salutes, services, regedit
and be disconnected from the internet. All in all it might work but a reload is much faster and much easier.

It's taken many years to get to the point where I could do this. Try to be a little more vigilant next time Danny.

Last edited by Chewy; 9 Jun 2006 at 09:02 PM
Chewy is offline   Reply With Quote
Old 10 Jun 2006, 01:03 AM   #27
NOT an online superstore
 
drfsupercenter's Avatar
 
Join Date: Oct 2005
Location: Michigan
Posts: 4,424
Default

Hmm, I opened ports 1-45000 on my router so that I could download stuff faster. Plus, I set my IRC client to accept only certain types of files, like AVIs, but block DLL and EXE files.

Now, say I do reformat.
I have a 60GB drive I use as a storage drive. So, I could back that drive up, then transfer some of drive C's files to that drive. However, is it possible the virus would have transferred to the storage drive? I use it mainly for DVD ISOs before burning them.

I would assume that deleting drive C's partition and installing Windows on that wouldn't affect the other drive? I don't want that getting messed up as well. I just figure, 60GB is good storage space for large files, it beats using WinRAR to split into 4.7GB.
drfsupercenter is offline   Reply With Quote
Old 10 Jun 2006, 01:56 AM   #28
Super Moderator
 
Chewy's Avatar
 
Join Date: Nov 2003
Location: millenium falcon
Posts: 18,971
Default

Just boot to the cd and when it says you already have windows installed tell
it to delete the c/system partiton. I wouldn't trust any installer you have backed up, they are too easy to be contaminated. Scans don't catch rare
off the way trojans like you get off irc or limewire.
Chewy is offline   Reply With Quote
Old 10 Jun 2006, 05:31 AM   #29
NOT an online superstore
 
drfsupercenter's Avatar
 
Join Date: Oct 2005
Location: Michigan
Posts: 4,424
Default

But, am I safe moving files to my other drive instead of burning them?
drfsupercenter is offline   Reply With Quote
Old 10 Jun 2006, 06:30 AM   #30
NOT an online superstore
 
drfsupercenter's Avatar
 
Join Date: Oct 2005
Location: Michigan
Posts: 4,424
Default

When I told one of my friends on MSN about this, they were like "stop going to dodgy sites". While I don't consider the sites I go to as "dodgy", I was curious, this can't be downloaded just from popups and stuff can it? Is it just transferred through file-sharing programs? That would make me feel much better, LOL.
drfsupercenter is offline   Reply With Quote
Reply

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fake emails? drfsupercenter General Computing 11 7 Jun 2006 12:09 PM
Burning on Fake TYG02 gary172 DVD Blank Media, Burning, Recording Hardware 1 4 Aug 2005 07:47 AM
Fake Files maidenforlife General Discussions 1 6 Jan 2004 07:29 AM
FAKE: James Bond 007 - Die Another Day ^[MUERE OTRO DIA]^ (Spanish DivX 5.0) juan_palermo DVD Encoding and Playback 4 18 Feb 2003 09:55 AM



All times are GMT +10. The time now is 03:30 PM.

Kirsch designed by Andrew & Austin


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0
Copyright © 1999 - 2011 Digital Digest

Visit DivXLand   Visit dvdloc8.com