Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how can I get cssrs.exe off my system?

Status
Not open for further replies.
charlesives

charlesives

MIS
Jun 6, 2005
2
GB
This is a resident-memory worm. Even when you delete the cssrs.exe file in ths system32 folder it's there again on reboot and loaded as a service.

The commonly recommended way of eliminating it talks about deleting registry keys but there are ABSOLUTELY NO REFERENCES to it in the registry

How does this program stay on the system?
Surely there must be another program that is recreating the file?
What registry entries are loading it? (is the instruction to load it tacked on to a regular MS service?)

Or, more to the point, how can I eliminate it?


WHAT MAN CAN DEVISE, MAN CAN UNRAVEL!

 
Sort by date Sort by votes
try with ewido 3.0
i had similar problem and found a suggestion on tek-tips and it worked for me..

hope it'll work for you too


greets,
Marko 9A6NCM

 
Upvote 0 Downvote
Are you disabling system restore before deletion? If not, do so, then retry your deletion.

Tired of waiting for an answer? Try asking better questions. See: faq222-2244
 
Upvote 0 Downvote
You could try trendmicro's housecall:


or the a2 trojan remover


There may be additional files reloading your problem and one of those might help you in cleaning up the system.



-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
I also tried with trend micro, and it did found more stuff than MSAS but it didn't clean all. So i found a topic that mentioned ewido and tried the 3.0 trial from safe mode and it worked!
Ewido found the startup file for it in 'run', ocupating a "normal" process and I just removed the key and no slow booting no more..
Pitty that one must have 5 diferent software to get rid of those anoying stuff.

charlsives, let us now how it went.. good luck.


greets,
Marko 9A6NCM

 
Upvote 0 Downvote
This is tcharlesives, the guy who did the original post.
Thanks for your suggestions everybody.

Advice came from a different quarter, to use "Security Task Manager" - and it did the job!

(I had to remove the process, remove the quarentined folder then reboot. When I scanned again cssrs.exe was still reported as loading so I removed it again. Nothing appeared in quarentine this time. And when I rebooted again it was gone. It left a residual csrss.exe in the system32 folder but I deleted it & it didn't return. There were however some other bits of dross loading up that weren't part of the operating system & I got rid of these too - maybe they were supporting the cssrs.exe)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
267
2ffat
2ffat
Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
251
Mike Lewis
Mike Lewis
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
242
2ffat
2ffat
ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
774
Yoko Littner
Yoko Littner
iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
298
Oorde
Oorde

Part and Inventory Search

Sponsor

Back
Top