Possible Virus ! !

Tysonator · 3 Jan 2011 at 16:45

Hi all,

I can not load either IE8 or Firefox on my User desk top ( which is Admin status ), how ever I can get on to teh web if I use the guest user account.

When I load my desk top I get an error message,
C:\ Users \ UserName \ App Data \ Local \ Temp \ csrss.exe

The AVG anti virus picked up the csrss.exe file in this directory and removed it.
Then I went into MSCONFIG and stopped conhost in this directory from loading.
Then I ran CCleaner, rebooted.

However I still can not get on to the web vis IE8 or Firefox.
In IE8 I get the following message

What do I need to do to restore / fix my User Account to get IE8 and Firefox working please ?

Also is this file save A237.exe, it is in the same directory as the csrss.exe file that was removed.
There does not seem to be much info on the web about ! ! :confused:

PapaLazaru · 3 Jan 2011 at 16:53

http://www.bleepingcomputer.com/forums/topic160044.html

Deleted member 77746 · 3 Jan 2011 at 16:55

Possibly need to do a system restore. Search for system restore from your start menu and roll it back few weeks.

Crowort · 3 Jan 2011 at 17:15

Have you made sure the proxy is set the automatically detect settings?

Tysonator · 3 Jan 2011 at 17:49

Crowort said:
Have you made sure the proxy is set the automatically detect settings?

Where is that setting in IE Options please ?

iDroid84
I have a Retore point from a few days ago I can use, as the Internet was working then.

My may concern is how do I get the IE & FireFox working if I have this problem in the future ?
As it seems to be related to User Accounts !

Crowort · 3 Jan 2011 at 18:37

To reset proxy in IE

Code:

Tools
Internet options
Connection
Lan Settings
Click automatically detect settings
uncheck use proxy server for your lan

A mix of malwarebytes and MSE tends to fix just about anything like this. Sometimes it works better from another user account.

Tysonator · 3 Jan 2011 at 18:54

I have done a System restore and still can not access IE or FireFox under my own User account !

I have amend the IE8 settings to 'Automatically detect Settings' which has work.
Do you know where the same option is in FireFox ?
I have had a look and can not find it !

The only sloution I have is to unistall and reintall Firefox !

Deleted member 77746 · 3 Jan 2011 at 18:57

Why don't you create a new user and see if you can get access. If you can just transfer the needed files over to the new account and delete the broken account.

SiriusB · 3 Jan 2011 at 20:13

A system restore is not always a good way to go with viruses, as you could very well end up restoring the infected files.

My advice would be to run Malwarebyte's Antimalware and then see if it managed to fix everything. Running Combofix may also work, but please double-check it will run correctly on 64-bit.

Crowort · 3 Jan 2011 at 21:02

For firefox (these viruses normally don't mess with this so didn't tell you how before)

Code:

Tools
Options
Advanced Tab
Network Tab
Settings
Select 'use system proxy settings'

Tysonator · 3 Jan 2011 at 21:09

Crowort said:
For firefox (these viruses normally don't mess with this so didn't tell you how before)

Code:

Tools Options Advanced Tab Network Tab Settings Select 'use system proxy settings'

OK, I have reset FireFox and that can now get access to the web, so thanks you Crowort, big help.
It seems that both IE8 & FF had the connections setting changed ! !

The system restore

SiriusB A system restore is not always a good way to go with viruses, as you could very well end up restoring the infected files.

When I actioned the system restore the infected files did appear again, and AVG detected them and removed them.
Sweet !

Crowort · 3 Jan 2011 at 21:28

Glad to hear these worked from you. It took me ages to find out why I couldn't get IE to work the 1st time I came across this. Easy when you know how eh? Anyway I'd give malwarebytes a run now just to make sure. I've had AV remove these only for a reinfection to happen a day or so later.

Deleted member 77746 · 4 Jan 2011 at 10:29

Push comes to shove if you need to be 100% sure just format.

Tysonator · 4 Jan 2011 at 13:05

Crowort said:
Glad to hear these worked from you. It took me ages to find out why I couldn't get IE to work the 1st time I came across this. Easy when you know how eh? Anyway I'd give malwarebytes a run now just to make sure. I've had AV remove these only for a reinfection to happen a day or so later.

That it just what I was thinking, it is easy when you know how !
I did scan through IE settings and nothing looked out of place.
I have turn on the User Account Security settings just to stop any new programmes from installing if a Virus is still on my PC.

I will run the malwarebytes program just to be safe.
As I am not totally convince that the PC is completely clean.

I still have a message on my desk top a when I login;

C:\ Users \ UserName \ App Data \ Local \ Temp \ csrss.exe
File may have been moved or Registery needs updating to remove reference.

So I take it I need to adjust the registery to remove this reference ?
I have amended MSCONFIG to stop 'conhost' from starting up, which is the Virus program I believe is the offending file, as the location is a User folder !

I also run CCleaner before I close down my PC now as well !

Duke · 4 Jan 2011 at 13:25

Use MSCONFIG again (or the one within CCleaner which sometimes lists more items) to remove everything from start up bar antivirus & nvidia software.

Admiral Huddy · 19 Jan 2011 at 14:13

Tyson, Did you fix this?

Tools>Internet Options> Advanced Tab> Click on Reset