Sign in with
Sign up | Sign in
Your question

Csrss exe virus

Last response: in Windows XP
Share
April 16, 2011 4:21:16 PM

Hello,Anonymous,
I followed your advice wrt MSCONFIG abd REGEDIT, and removed the CSRSS virus successfully. Two points. I needed to perform both actions BEFORE doing the reboot else it came back again. Secondly I have found a Windows directory called PREFETCH that seems to have been modified at the same time as the infection started, and all the .pf files in it have been modified. Should I delete these files?

More about : csrss exe virus

April 22, 2011 8:03:08 PM

hubbardt said:
Definitely remove it from Prefetch or you may get reinfected

http://www.ehow.com/how_6519995_remove-virus-prefetch.h...

Thanks, but the whole prefetch contents seem to have been modified on the day the virus was downloaded. The files all seem to be valid System files for XP, and there are no executables in it, no any unrecognisable names that might be associated with the CSRSS invasion. I suspect Prefetch is a way that Windows uses to speed up the boot process, so may well create the directory from scratch on occasions, remembering that there was a Microsoft patch / updated at this time as well.
I do not appear to be showing any more after effects from the csrss event, but a virus scan did find another couple of trojans present which were quarantined and submitted to ESET fo their edification. Think I am clear now, but worried in case prefetch contains something sinister. Will google it to try and find out what it does


Related resources
Can't find your answer ? Ask !
a b 8 Security
April 23, 2011 12:04:33 AM

T2forever said:
I suspect Prefetch is a way that Windows uses to speed up the boot process, so may well create the directory from scratch on occasions,


You are correct, somewhat.

Windows established prefetch to speed up program loading, not much for speeding up the boot process.
Delete everything in the prefetch folder and Windows will indeed rebuild it from programs you actually run.


April 24, 2011 4:07:47 PM

Thanks,
I have found a description for this directory on wkiipedia, and I am satisfied that what I saw was just a coincidence, and not due to virus. Thanks for your reassurance as well.
Thisk I am clear now.
!