The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.

    Theres something suspicous about my services

    Discussion in 'Windows OS and Software' started by Saisei, Jul 24, 2009.

  1. Saisei

    Saisei Notebook Deity

    Reputations:
    108
    Messages:
    869
    Likes Received:
    1
    Trophy Points:
    31
    I have multiple copies of csrss which werent there when i first installed win7, there was just 1 before but sometimes there's 3.Winlogon and winit dont have that little icon there suppose to.I need help finding the fake services.
    pic.jpg
     
    Saisei, Jul 24, 2009
    #1
  2. kegobeer

    kegobeer 1 hr late but moving fast

    Reputations:
    836
    Messages:
    3,682
    Likes Received:
    0
    Trophy Points:
    105
    kegobeer, Jul 24, 2009
    #2
  3. Saisei

    Saisei Notebook Deity

    Reputations:
    108
    Messages:
    869
    Likes Received:
    1
    Trophy Points:
    31
    Is csrss suppose to by itself or with conhost.exe?
     
    Saisei, Jul 24, 2009
    #3
  4. kegobeer

    kegobeer 1 hr late but moving fast

    Reputations:
    836
    Messages:
    3,682
    Likes Received:
    0
    Trophy Points:
    105
    I don't know. Google for conhost.exe, and also review the link I posted.
     
    kegobeer, Jul 24, 2009
    #4
  5. Saisei

    Saisei Notebook Deity

    Reputations:
    108
    Messages:
    869
    Likes Received:
    1
    Trophy Points:
    31
    malware bytes found csrss is a backdoor trojan located in system32/drivers

    Files Infected:
    C:\Windows\system32\Drivers\csrss.exe (Backdoor.IRCBot) -> Delete on reboot.
    C:\install.exe (Trojan.Agent) -> Quarantined and deleted successfully.
     
    Saisei, Jul 24, 2009
    #5
  6. kegobeer

    kegobeer 1 hr late but moving fast

    Reputations:
    836
    Messages:
    3,682
    Likes Received:
    0
    Trophy Points:
    105
    Looks like it might be time to update your antivirus/antispyware software!
     
    kegobeer, Jul 24, 2009
    #6
  7. newsposter

    newsposter Notebook Virtuoso

    Reputations:
    801
    Messages:
    3,881
    Likes Received:
    0
    Trophy Points:
    105
    and stay away from everything flash for a week or so, bad vuln at the moment.
     
    newsposter, Jul 24, 2009
    #7
  8. Saisei

    Saisei Notebook Deity

    Reputations:
    108
    Messages:
    869
    Likes Received:
    1
    Trophy Points:
    31
    What's vuln? :confused:
     
    Saisei, Jul 24, 2009
    #8
  9. gerryf19

    gerryf19 I am the walrus

    Reputations:
    2,275
    Messages:
    3,990
    Likes Received:
    0
    Trophy Points:
    105
    vulnerability

    There is a critical flash vulnerability right now.

    rename or delete the following

    "%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll"
    "%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll"
     
    gerryf19, Jul 24, 2009
    #9
  10. Saisei

    Saisei Notebook Deity

    Reputations:
    108
    Messages:
    869
    Likes Received:
    1
    Trophy Points:
    31
    Should I delete adobe? You just reminded me that i did install adobe.
     
    Saisei, Jul 24, 2009
    #10
  11. gerryf19

    gerryf19 I am the walrus

    Reputations:
    2,275
    Messages:
    3,990
    Likes Received:
    0
    Trophy Points:
    105
    no...if you rename those files for now, you should be fine. These files allow a flash exploit to open a adobe reader file to infect a machine

    Some websites are saying disable flash, but adobe says renaming these files until they get it patched is the solution
     
    gerryf19, Jul 24, 2009
    #11
  12. Shyster1

    Shyster1 Notebook Nobel Laureate

    Reputations:
    6,926
    Messages:
    8,178
    Likes Received:
    0
    Trophy Points:
    205
    Does that apply to all flash uses on every single website, or just on suspect or tainted websites?
     
    Shyster1, Jul 24, 2009
    #12
  13. DarkSilver

    DarkSilver MSI Afterburner

    Reputations:
    378
    Messages:
    2,249
    Likes Received:
    0
    Trophy Points:
    55
    Disabling Adobe stuffs from start-up may fix your problems too. Disable them via services.msc.
    Moreover, you can have faster boot-up with Adobe stuffs disabled from starting up.
    But I am not sure this tweak can really FIX your problems.
     
    DarkSilver, Jul 24, 2009
    #13
  14. kegobeer

    kegobeer 1 hr late but moving fast

    Reputations:
    836
    Messages:
    3,682
    Likes Received:
    0
    Trophy Points:
    105
    kegobeer, Jul 24, 2009
    #14
  15. Saisei

    Saisei Notebook Deity

    Reputations:
    108
    Messages:
    869
    Likes Received:
    1
    Trophy Points:
    31
    That actually helped, thanks rep+.
     
    Saisei, Jul 24, 2009
    #15
  16. Shyster1

    Shyster1 Notebook Nobel Laureate

    Reputations:
    6,926
    Messages:
    8,178
    Likes Received:
    0
    Trophy Points:
    205
    Thanks! As the old saying goes - arm yourself with knowledge. These make me feel a little better, as I've got UAC running like it should, and don't tend to browse a lot of untrusted websites.
     
    Shyster1, Jul 24, 2009
    #16