|
Csrss.exe Virus Mass Mailer (1/4/09) So somehow I was stupid enough to get a virus on my computer. I started noticing weird performance when my browser (firefox and ie) wouldn't do anything when I typed in an address, followed a link, etc -- I'd get a blank page. I found in my event viewer a TCP/IP warning "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." I checked how many connections I had using netstat -a in the command prompt and found that I was connected to 100's of yahoo mail accounts, and others that whizzed past the screen that I couldn't make out. After some research, I found that I had an unusual process called csrss.exe running. Usually csrss.exe runs from c:/windows/system32 but it seems that I now also had another copy at c:/windows (the same applied to winlogon.exe which should be under the system32 folder). Ad-Aware found this:
Many sites seems to recognize that csrss.exe is a windows process and is safe, but that's not always the case. You should see something odd in the Task Manager if you do have this, two instances of csrss.exe running, one from username SYSTEM, and one under your username. You may not be able to kill this process, you may need to go to safe mode. This website also discusses csrss.exe to a short extent. |
|
|
Copyright 2006-2008 Ramacorp.org | Contact Us | Links | Privacy Policy |
