Sign in with
Sign up | Sign in
Your question
Solved

New Laptop...Do I have a Trojan Virus Already?! (Printer Install Problem!)

Last response: in Windows 8
Share
September 5, 2013 12:55:40 PM

If anyone has seen my other threads, I just got a Lenovo Thinkpad T430 laptop. I have only had it for about a week and a half. I have not really done anything on it yet except log into my school account to do some homework and check emails (I bought this computer specifically for taking to class).

I just tried to install my Canon MP620 printer today to print some class notes, but the printer keeps saying it is offline. I called Canon tech support and they logged into my computer using TeamViewer, and said the printer is fine but my network might be corrupted (printer works with all other computers at my house).

So the Canon tech support transferred me to Microsoft tech support, and he did some searching around and explaining and pointed out two "csrss.exe" files that were running in my task manager. He said that these are trojan viruses and mean that my computer has been hacked by some remote location.

Now after doing a few mins. of researched I have quickly learned that there are a necessary part of Windows and don't necessarily mean anything is wrong...but it could mean something is wrong if they have in fact been infected. My question is: how do I know if they have been infected, or if the guy I spoke to just tried to pull my chain for some money? ($300 for 5 year network protection or $500 for lifetime protection)

The printer not working is another issue that I am not really concerned about at the moment. I installed the drivers via Canon's website, but I have the hard disk as well...I am going to try the hard disk now to see if it works. I am just afraid that my brand new laptop is already corrupted.
September 5, 2013 1:13:59 PM

Hard disc for the printer didn't work either...it's saying that it cannot find the printer.
m
0
l
a c 268 D Laptop
a c 387 * Windows 8
September 5, 2013 1:18:08 PM

Something doesn't smell right here.

1. csrss.exe is the client/server runtime subsystem. Part of Windows. The existence of it in Task manager is NOT an indication of a Trojan. Now...I'm sure something could masquerade as csrss.exe, but that is a different story.

2. The Canon tech support 'transferred" you to the Microsoft tech support?

3. You already had TeamViewer installed on your PC?

4. "Who" is trying to get you to buy "what" for $3-$500?

5. Lastly, what malware eradication steps have YOU done?
m
0
l
Related resources
September 5, 2013 1:23:12 PM

You have not mentioned any anti-virus protection, do you have AV on this laptop. Also download malwarebytes and run that scan.

Have you troubleshooted via devices and printers folder?

$300-500 for protection from Microsoft.

Step one, check printer settings
Step two don't call idiots at Canon and Microsoft
Step three - repeat one and two
Step four get AV protection, too many good free ones out there. I prefer bitdefender.
(Yes CSRSS is part of windows)
Check back

Honestly I do not think you have an issue, just a printer "issue"
m
0
l
September 5, 2013 1:49:02 PM

The printer was automatically recognized by the computer. What I did today (first time I had to print something) was download the drivers from the Canon website...but the printer kept saying it was offline, so I called Canon tech support. The Canon tech support rep. is the one who told me to download TeamViewer.

After hanging up with them and saying I could not afford the network protection service at this time, I removed the printer from my laptop, uninstalled the drivers, and re-did everything but with the hard disc (right after I posted this thread). Everything installed, but I got a message saying that the printer could not be located.

I just ran MalwareBytes and it found 37 problems. Don't know how this happened since the computer is new. I did use it while away at a hotel for work last weekend...maybe something happened there? Anyway, I will try to re-do the printer now.

In the meantime, is there anything else I should do? Another antivirus I should download and run?
m
0
l
September 5, 2013 1:50:47 PM

darkbooton said:

Honestly I do not think you have an issue, just a printer "issue"


The printer works fine with my other computers at home though...so could it still possibly be a printer issue do you think?

And for what it's worth, I was told that the McAfee my computer came with was garbage and was instructed to remove it, so I did. Not sure if that was a smart move or not, but what's done is done...
m
0
l
a b D Laptop
September 5, 2013 2:09:02 PM

Hi,

Start by doing a cleanup with malwarebytes, adwcleaner and roguekiller.

If nothing go on bleepingcomputer.com and get combo fix and rootkits finder.
m
0
l
September 5, 2013 2:09:17 PM

I accidentally didn't select all "Found Problems" after the Malwarebytes run, so I did it again immediately after...and this time it found 44 problems. How in the hell would 7 MORE problems - in addition to the original quantity of 37 problems - be found in the time frame of less than 1 minute when I literally did absolutely nothing with the computer?!

They are all from the Vendor "PUP.Optional.SearchProtect"
m
0
l
September 5, 2013 2:22:05 PM

dextermat said:
Hi,

Start by doing a cleanup with malwarebytes, adwcleaner and roguekiller.

If nothing go on bleepingcomputer.com and get combo fix and rootkits finder.


I just ran adwcleaner and it found a bunch of stuff (I guess?)...wasn't familiar with the interface but it scanned really quickly, then read "pending" and I hit the "Clean" button...I then got a popup saying I must restart the computer in order to remove the problems, which I did.

I tried to download Rogue Killer from their website, but got a pop saying "Windows SmartScreen protected file from opening" or something like that... How do I go around this?
m
0
l
September 5, 2013 2:31:43 PM

Upon restarting the computer after running adwcleaner, I got this:

# AdwCleaner v3.002 - Report created 05/09/2013 at 17:28:20
# Updated 01/09/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Kevin - LENOVO-PC
# Running from : C:\Users\Kevin\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\openit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\KeyBar_1.12
Folder Deleted : C:\Program Files (x86)\MixiDJ_V44
Folder Deleted : C:\Users\Kevin\AppData\Local\Conduit
Folder Deleted : C:\Users\Kevin\AppData\Local\cre
Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Kevin\AppData\Local\Temp\CT3298580
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\KeyBar_1.12
Folder Deleted : C:\Users\Kevin\AppData\LocalLow\MixiDJ_V44
Folder Deleted : C:\Users\Kevin\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Kevin\AppData\Roaming\DSite
Folder Deleted : C:\Users\Kevin\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\CT3298580
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\Extensions\{90a1b331-c2b4-4933-9f63-ba7b84d60d58}
Folder Deleted : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\user.js
File Deleted : C:\windows\Tasks\DSite.job
File Deleted : C:\windows\System32\Tasks\DSite
File Deleted : C:\windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpfboklmeiefoedekjeigdcnfbpjeaii
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3291325
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298580
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_gipmblamjgodbimgeafaiegdpfbaeihe]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_bpfboklmeiefoedekjeigdcnfbpjeaii]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A1B331-C2B4-4933-9F63-BA7B84D60D58}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CEF5A3EF-2F71-468B-A2E5-777F09EFA4F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90A1B331-C2B4-4933-9F63-BA7B84D60D58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90A1B331-C2B4-4933-9F63-BA7B84D60D58}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0134AF61-7A0C-4649-AECA-90D776060CB3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90A1B331-C2B4-4933-9F63-BA7B84D60D58}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A51D53C-6F3C-426E-B789-2A21526E6546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CEF5A3EF-2F71-468B-A2E5-777F09EFA4F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1765CD5-0FDD-4089-A6CD-C90AF1119151}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B07F78CA-F6BD-4644-BD73-D94C0C61AE17}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A286F1FC-DFDB-441E-A18D-737ED438E31C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3BB7A61B-CD81-4BA7-BCA9-4F539BBB6881}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90A1B331-C2B4-4933-9F63-BA7B84D60D58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90A1B331-C2B4-4933-9F63-BA7B84D60D58}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{90A1B331-C2B4-4933-9F63-BA7B84D60D58}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{0134AF61-7A0C-4649-AECA-90D776060CB3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90A1B331-C2B4-4933-9F63-BA7B84D60D58}]
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_1.12
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V44
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\KeyBar_1.12
Key Deleted : HKLM\Software\MixiDJ_V44
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.12 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V44 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\8t1307bf.default\prefs.js ]

Line Deleted : user_pref("CT3298580.FF19Solved", "true");
Line Deleted : user_pref("CT3298580.FF19Solved", "true");
Line Deleted : user_pref("CT3298580.FF19Solved", "true");
Line Deleted : user_pref("CT3298580.UserID", "UN51166177330365264");
Line Deleted : user_pref("CT3298580.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3298580.fullUserID", "UN51166177330365264.IN.20130829135946");
Line Deleted : user_pref("CT3298580.installDate", "29/08/2013 13:59:47");
Line Deleted : user_pref("CT3298580.installSessionId", "{130E0F23-DCBC-42B5-AA14-F10812519877}");
Line Deleted : user_pref("CT3298580.installSp", "TRUE");
Line Deleted : user_pref("CT3298580.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3298580.keyword", "true");
Line Deleted : user_pref("CT3298580.originalHomepage", "about:home");
Line Deleted : user_pref("CT3298580.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3298580.originalSearchEngine", "");
Line Deleted : user_pref("CT3298580.originalSearchEngineName", "");
Line Deleted : user_pref("CT3298580.searchRevert", "false");
Line Deleted : user_pref("CT3298580.searchUserMode", "2");
Line Deleted : user_pref("CT3298580.smartbar.homepage", "true");
Line Deleted : user_pref("CT3298580.versionFromInstaller", "10.19.2.5");
Line Deleted : user_pref("CT3298580.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V44 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&CUI=UN51166177330365264&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3298580");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN51166177330365264&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3298580&octid=CT3298580&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298580&SearchSource=2&CUI=UN51166177330365264&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3298580");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3298580");
Line Deleted : user_pref("smartbar.machineId", "O5PKWH7O4UP5PNXQK4LY6PHSUU2M315V5SS4OH3NDKS+VH1FLUHMZNKBMJOJCRFKQHNQ/O4UPQCUKE7P6EWUEA");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3298580&CUI=UN51166177330365264&UM=2&SearchSource=13");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10614 octets] - [05/09/2013 17:27:43]
AdwCleaner[S0].txt - [10259 octets] - [05/09/2013 17:28:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10320 octets] ##########
m
0
l
September 5, 2013 2:44:27 PM

I also just had my Lenovo Solution Center pop up and ask for an update. I did the update, and when I click on the "Security" tag it says that I have an antivirus installed, but not activated...but I do not know how to activate it.

When I open the "Action Center" it says that Windows Defender is turned off. When I click the button that says "Turn On" I just get the hour glass and it does nothing...
m
0
l
September 6, 2013 2:56:08 PM

Windows Defender had itself "On" when I started the computer back up. Now I just have a driver issue that is showing up with the Lenovo Support Issue...WAN Miniport Monitor with Code 31 (??).
m
0
l

Best solution

a b D Laptop
September 6, 2013 3:08:05 PM

Hi. First, Windows defender is iffy at best. Download and install : www.Avast!.com ( the Free Version ). It is a very good AV. On computer, I am running the paid version of SUPERantispyware with it and on another Webroot Spysweeper ( It comes free with my service ). You can also run MSE ( Microsoft Security Essentials ) which isn't bad either and free. As to the printer, I have an HP and when I downloaded the Drivers and stuff, I had to umnplug my printer and then start the download. At some point, it then asked me to plug in my printer and finished the installation. It didn't work when I started from square one with the printer plugged in. Well actually it did with Microsoft's Generic Drivers once the printer was recognized.

When you were in the Hotel, you were most likely using a public WiFi point and you can pick up all sorts of stuff there and privacy is not to be taken for granted. I usually keep my Cookie thing set at Med High. Any higher and I will have problems entering some sites.
Share
September 6, 2013 3:11:25 PM

coastie65 said:
Hi. First, Windows defender is iffy at best. Download and install : www.Avast!.com ( the Free Version ). It is a very good AV. On computer, I am running the paid version of SUPERantispyware with it and on another Webroot Spysweeper ( It comes free with my service ). You can also run MSE ( Microsoft Security Essentials ) which isn't bad either and free. As to the printer, I have an HP and when I downloaded the Drivers and stuff, I had to umnplug my printer and then start the download. At some point, it then asked me to plug in my printer and finished the installation. It didn't work when I started from square one with the printer plugged in. Well actually it did with Microsoft's Generic Drivers once the printer was recognized.


I had a free version of SuperAntiSpyware on my last laptop...is that good? Would that combined with MalwareBytes be sufficient protection?

And the printer actually just started working (which is why I edited my post above). I don't know what I did differently, but the status no longer read "Offline" so I test printed a webpage and it worked perfectly...so I'm not even gonna ask, ha!
m
0
l
a b D Laptop
September 6, 2013 3:54:35 PM

ktrainhurricane said:
coastie65 said:
Hi. First, Windows defender is iffy at best. Download and install : www.Avast!.com ( the Free Version ). It is a very good AV. On computer, I am running the paid version of SUPERantispyware with it and on another Webroot Spysweeper ( It comes free with my service ). You can also run MSE ( Microsoft Security Essentials ) which isn't bad either and free. As to the printer, I have an HP and when I downloaded the Drivers and stuff, I had to umnplug my printer and then start the download. At some point, it then asked me to plug in my printer and finished the installation. It didn't work when I started from square one with the printer plugged in. Well actually it did with Microsoft's Generic Drivers once the printer was recognized.


I had a free version of SuperAntiSpyware on my last laptop...is that good? Would that combined with MalwareBytes be sufficient protection?

And the printer actually just started working (which is why I edited my post above). I don't know what I did differently, but the status no longer read "Offline" so I test printed a webpage and it worked perfectly...so I'm not even gonna ask, ha!


LOL that happens sometimes. Happy to hear it is working for you. I have the Free Version of Superantispyware as well as Malwarebytes for on demand scanners. You do not want two AV programs running actively at the same time. The Free versions of both of them do not offer real time protection. This desktop I am on is running MSE and as I said, I have both as ondemand scanners. Malwarebytes & SUPERantispyware are both good at picking up stuff.
m
0
l
!