Trojan on laptop, how do I get rid of it?

[Getrag]

I seem to have gained the following, from looking on task manager:

 

csrss.exe

winlogon.exe

 

These won't shut when I try to end task and from reading online they seem the likely culprits. Can't open anything up including adaware, spybot, firefox etc. Just about opened up and got onto task manager. Very frustrating. How do I go about, getting rid of this. The idiots guide please

 

Cheers.

[nevins]

INFECTED RUNAWAY!!

 

On a serious note get yourself some adware, malware removal tools normally come in most protection packages nowdays

[Angarak]

Download and install Malware Bytes from http://www.malwarebytes.org/mbam.php

 

The legit csrss.exe file is located in the folder C:\Windows\System32. Win32.sys is the kernel-mode portion. Csrss stands for Client/Server Run-Time Subsystem, and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and implementing some portions of the 16-bit virtual MS-DOS environment. In other cases, csrss.exe (outside legit location) is a virus, spyware, trojan or worm!

 

The legit winlogon.exe file is located in the folder C:\Windows\System32. Winlogon is a part of the Windows Login subsystem, and is necessary for user authorization and Windows activation checks. In other cases, winlogon.exe (outside of legit location) is a virus, spyware, trojan or worm!

[Getrag]

I have these, I can't currently open anything.

[Getrag]

Thank you but how do I do this when, on trying to open firefox, it won't let me and instead asks me what programme I want to open it with.

[MattP]

unleash the greeks

 

( a poor joke right there)

 

i apologize lol

[Angarak]

Can you boot up into SAFE MODE WITH NETWORKING?

 

If so, try running windows update and if IE opens up - use that to access the link to malwarebytes.

 

Failing that, go to a neighbours house with a USB pen drive and get them to download it and then you can install it on your PC - note that some trojans will try to prevent Malwarebytes from loading up either by looking for the default installation directory (c:\Program Files\Malwarebytes' Anti-Malware) or by the EXE name (mbam.exe).

 

So, when installing, install it into a custom directory, for example: c:\program files\batman

 

If mbam.exe wont load up - rename it to something else such as batman.exe and try running it.

[MattP]

if possible can you not restore to an earlier date or is at 100% cpu all the time and any application that can help unresponsive

[Getrag]

Thank you, managed to get online again. Gonna download that programme. Then need to beef up my security.

[Getrag]

Not sure but managed to get malware. It found 19 nasties that adaware and spybot missed.

 

This, btw, started while trying to find a working link on the legit site sidereel to watch tv shows.

[Hoppy]

Can you do a system restore??

[Getrag]

After running the above programmes it seems to have sorted it. Think I'm gonna add zone-alarm. Should that interfere with what Vista has?

[Angarak]

You dont want to have more than one Anti-Virus/Firewall package running on your computer at once, they may fight each other lol.

 

If you install a 3rd party solution (recommended!) then make sure you disable any microsoft based solutions that come with the Operating System. The OS may disable its own services once it realises you are installing a 3rd party solution (like XP disables the windows firewall for example).

[Getrag]

Vista comes with Norton protection centre, is this enough. Its past its free subscription period. So Im best switching that off and going with Zone-alarm for example?

[Angarak]

Well, from the sounds of it Norton didnt do a good job if you found 19 items with MalwareBytes - unless those 19 items where only cookies, but cookies wouldnt cause the issues you initially had.

 

So in answer to your question, if you install a Zone-Alarm product, disable the norton one (better yet uninstall the norton one completely).

 

Im assuming your getting a Zone Alarm product that has both a firewall and anti-virus?

[Attero]

csrss.exe and winlogon.exe are necessary applications for Windows to be running. Do not attempt to shut them down.

[Getrag]

Attero - Thanks, I did read that and I havent but I suspected from their activity etc on the task manager and from some reading that they may be not as they seemed.

 

Angarak - I would get a zone-alarm firewall +/- antivirus or AVG.

 

Cheers guys.

[Abz]

Getrag, although the malware removal tool may have removed majority of the malware on the PC, still traces of this could be sitting in the registry. You might notice certain programs behave oddly or have trouble running as important library files (.dll) get damaged in the process.

 

Ideally I would get all the data off the PC & then rebuild the PC. Get Norton off it is pretty rubbish bit of AV software. AVG I believe is free but if you are going to be paying then I would recommend either Sophos or McAfee. Unistalling Norton is such a bummer plus when installing new AV software.

[Getrag]

So bottom line is best backing up files then reinstalling.

[Abz]

So bottom line is best backing up files then reinstalling.

 

Yep, the removal tools do just that but they leave behind corrupt files & traces of the malware/viruses. You can work on it fine now but for the long run I would recommend at least backup up your data. Myself personally I would not be happy using it for important stuff like checking bank details or logging into eBay or my e-mail accounts until the PC was rebuilt fresh.

[VIL]

So bottom line is best backing up files then reinstalling.

 

Unfortunately yes...once you have definately identified and infection (whatever it might be) there is a strong possibility it has opened up a backdoor onto your machine.

 

The backdoor might be a way in to keep re-infecting the machine so you get into a perpetual cycle of cleaning followed by re-infection or a way to stick trojans on the machine such a keyloggers, password grabbers etc.

 

To be 100% sure:

Back up your data, rebuild the machine, get some good AV/spyware/desktop firewall such as McAfee, set a system restore point (incase you need to go back to a known good state at anytime in the future), then scan your old data back onto the machine to ensure no re-infection.

 

Is a ball ache but the only way to be certain..

[Angarak]

...but if you are going to be paying then I would recommend either Sophos or McAfee...

 

I'd also add FSecure Internet Security 2010 to that list, it doesnt strangle your machines performance like others (ie: norton).