Hello all and all... hello... or something like that.


Anyway, over the past few months I have been getting pop ups on my laptop, these pop ups tell me to go to some shit site or other and download some crap or whatever. The first month it was telling me to go to fake Microsoft websites and download patches, I did. Not really, I'm not that stupid. But now this month it is telling me I have spyware and to buy software from this website [could it be one big plot, the spyware program 'people' putting spyware on someones computer to buy their product?!].

So here is the problem, spyware programs don't seem to detect it, nor does any anti-virus programs. So I then went in heavy handed to delete the fooker myself. So when the pop up came up [insert pop like sound] I pressed the infamous 'Ctrl, Alt and Delete' to see what process this pop up was coming from... and it was... none other than... 'csrss.exe'. Never heard of the thing.

So I go to end it and it says 'Title - Unable to Terminate Process - This is a critical system process. Task Manager cannot end this process.'. SHIT!

So I then look around in my computer to find it and to delete it, but, as it's running in the background, I can't delete, file in use. Hahaha, FUCK!

So [man I'm starting a lot of paragraphs begining with 'So] I then ran 'msconfig' to see if I could stop it on system start up and then delete it... but surprise, surprise, it's not there!

So, nukeblaze, what do ya' think?

Thanks in advance. :)


Oh yea, the file is located in C:\WINDOWS\system32
Also I'm running Windows XP Home SP1 and the computer is a l33t laptop by Rock.

PS Read my note



























NOTE: I will get another screenshot of the pop up soon... soon as in when it pops up.

Try downloading the new version of Adaware. It's called Adaware SE, it detects a whole bunch of crap that my old version didn't. www.lavasoft.de

First off, make sure your copied of Spybot and adware are fully updated.

Second- Hit start, settings, control pannel, admin tools, services, scroll down to the single word "Messanger". If it is running, right click and end the process, then click "properties to set the startup type as "disabled".

You may want to run these two virus tools to check for the Nimdia Virus. Keep in mind, these are specialized tools and will work better than the generic Norton protection in that they were made for this virus. Why am I asking you to look for this? The reason is that this virus has been known to hide itself in this windows task.

You will find both tools at the top of Symantec's page:

http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.e@mm.removal.tool.html

-----Try both tools.


-----------------------------------------------------------------------

What anti-virus software are you running? Is it still able to be updated regularly?

Keep in mind, csrss.exe is a legitiment file for windows Nt/2000/xp.

Download HijckThis! and post the log it gives you.:

http://www.majorgeeks.com/download3155.html

Ok, I did the two checkers that you posted, they didn't find it. I did that messenger thing too.

I have done the adware one too, that didn't find it [although it found some others :)].

I'm running the free version of AVG and the paid version of Titanium Panada Antivirus.

EDIT: Nevermind, this post wasnt meant to be.

Any more help would be greatly... like, cool.

On second thought, can the download idea.



I want you go to go start, run , type: "msinfo32" and then click ok.


In here go to the tools tab and click the system file checker. Let it run and I should tell you if any system files where changed, namely csrss. You will need your windows XP CD to repair them.

You can also try typing in "sfc /scannow" in the "run" box. This program will require you to have your windows XP CD in the drive and will compare the file in question to the file on your computer bit to bit instead of with digital signing.


IT seems there are a few viruses out there that disable norton's detection to them and mutate the csrss system file.

Has it been fixed ?

I will try this tomorrow, even if it doesn't work thanks Nuke for helping. :)

Well, the 'system file checker' isn't on the tools menu on msinfo32!

And I did the scan now and it didn't ask for my XP CD and just ran, after it finished it just went and then nothing appeared to happen.

Probably becuase of the small diffrence between windows XP home and pro, which I have.

I reccomend placing the CD in the CD drive and running repair mode....>NOT FORMAT MODE! REPAIR mode will replace many system files automaticly and may lick whatever is living comfortable inside Svcss.

Here is in in-depth guide at repair mode so I won;t have to type everything:::

http://www.michaelstevenstech.com/XPrepairinstall.htm


Please keep in mind, Repair mode is 99% effective in not messing up or deleting any files, but I still have to warn you about that 1%. I have never encountered a problem with it, nor do I know anyone that has for your refrence.

I will try this sometime tomorrow, again, thanks.

Oh, I figured you would be lookin for a welder or blacksmith.....you know....to help you with your "broken sword"?

BA HA HA HA. jk

I don't get it.

I will try it tomorrow.

Ok, I think it's fixed. I haven't had any pop ups for like..... a billion years!

Thanks so much Nuke!