how to delte virus .exe file in system32 folder of c:\windows

Status
Not open for further replies.
M

mind021

Broken In
my friend has got a virus named csrss.exe
it creates a music folder in d drive and in it creates music.exe

when i traced d origin of it i found a csrss.exe file in his msdata folder inside temp folder
when i tried 2 delete the file and other contents d file disappeared n den reappeared
d hide n seek game continued and at last i lost

then i tried finding other places where the backup would b dere
i found few places n i deleted all of them..except 1 in c:\windows\system32 folder
here i was not able to delete csrss.exe file
i wish to delete it
so can any1 tell me how??
 
debsuvra

debsuvra

is NOT a PC/Mac
mind021 said:
my friend has got a virus named csrss.exe
it creates a music folder in d drive and in it creates music.exe

when i traced d origin of it i found a csrss.exe file in his msdata folder inside temp folder
when i tried 2 delete the file and other contents d file disappeared n den reappeared
d hide n seek game continued and at last i lost

then i tried finding other places where the backup would b dere
i found few places n i deleted all of them..except 1 in c:\windows\system32 folder
here i was not able to delete csrss.exe file
i wish to delete it
so can any1 tell me how??
Click to expand...

csrss.exe is the main executable for the Microsoft Client/Server Runtime Server Subsystem. This process manages most graphical commands in Windows. This program is important for the stable and secure running of your computer and should not be terminated.

Also csrss.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.

Scan with anti trojan and anti spywares like Spybot to get rid of that ****ing Sh*t.:grin:
 
OP
M

mind021

Broken In
k...
would something like kaspersky work???

anyways
i am going to try it myself and get the answer
thank you friend
 
nvidia

nvidia

-----ATi-----
Use Sysinternals Process explorer and see if there is another crsss.exe file running which looks suspicious. If you find anything like it, then end the process and delete all the files that you think is associated with it. :D
 
OP
M

mind021

Broken In
well i did luk
but didnt get any suspicious process running which i could end
yes...there was a csrss.exe process running...but with username as "system"..which i m sure is a process very important for computer to work...so i couldn't end it
 
anandk

anandk

Distinguished Member
if yr csrss.exe is located in the system32 folder, then its defntly the legit MS file; else its malware.

scanning with any good av and as will help you. finish off with a ccleaner run.
 
P

PirateAccess

Broken In
Better format your machine....It spreads through LAN if you are in network and you will also loose your administrator rights to certain things like

Creates Auturun.ini and exe's in the root on the removeable drive when you first connect to an infected computer. On connecting to another the computer, it is executed, and starts replicating itself.

It cretes exe's with the same name as the arent folder, and also uses the default windows icon, which makes it very tough to identify the infected files.

Anti-virus updates will not work, as it adds the address of the websites to the windows hosts file, blocking it (open C:\Windows\System\drivers\etc\hosts in notepad)
It has a list of keywords, like "regedit" "google" "mcafee" etc, which if detected anywhere in the system memory.. will cause a shutdown...

But my friend said Kaspersky detected it and cleaned it all up...
 
OP
M

mind021

Broken In
thnx a lot frnds...
welll...i cldnt remove d virus/malware..so my frnd had 2 format it
hope its fine now..

thnx again to all
 
Status
Not open for further replies.
Top Bottom