CSRSS.EXE Virus That Won't Go Away

Archived from groups: microsoft.public.windowsxp.general (More info?)

About every 30 seconds, I get a pop-up message from my anti-virus software
that says:

Dangerous Operation blocked!
Panda Titanium Antivirus 2005 has detected the execution of a dangerous
action and has blocked it.
Program:
Associated file:
C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE

So, I have found the file on my C drive, deleted it and deleted from my
Recycle Bin, but the message still continue sto annoyingly pop up.

The operating system I am using is Windows xp Home Edition, which is
completely up to date with Windowes updates.

Please can someone explain to me (in simple terms!) what I have to do to get
rid of this virus.

Any assistance would be greatly appreciated.

Many thanks

Simon (uget2nome)
26 answers Last reply
More about csrss virus away
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "uget2nome" <uget2nome@discussions.microsoft.com>

    | About every 30 seconds, I get a pop-up message from my anti-virus software
    | that says:
    |
    | Dangerous Operation blocked!
    | Panda Titanium Antivirus 2005 has detected the execution of a dangerous
    | action and has blocked it.
    | Program:
    | Associated file:
    | C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    |
    | So, I have found the file on my C drive, deleted it and deleted from my
    | Recycle Bin, but the message still continue sto annoyingly pop up.
    |
    | The operating system I am using is Windows xp Home Edition, which is
    | completely up to date with Windowes updates.
    |
    | Please can someone explain to me (in simple terms!) what I have to do to get
    | rid of this virus.
    |
    | Any assistance would be greatly appreciated.
    |
    | Many thanks
    |
    | Simon (uget2nome)

    There are anti virus News Groups specifically for this type of discussion.

    microsoft.public.security.virus
    alt.comp.virus
    alt.comp.anti-virus

    If this is adware/spyware -- Please download, install and update the following software...

    Ad-aware SE v1.06
    http://www.lavasoft.de/
    http://www.lavasoftusa.com/

    SpyBot Search and Destroy v1.4
    http://security.kolla.de/

    After the software is updated, I suggest scanning the system in Safe Mode.

    If this is truly a virus...


    Download MULTI_AV.EXE from the URL --
    http://www.ik-cs.com/programs/virtools/Multi_AV.exe

    It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
    http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
    (.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
    simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
    remove viruses, Trojans and various other malware.

    C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
    This will bring up the initial menu of choices and should be executed in Normal Mode. This
    way all the components can be downloaded from each AV vendor’s web site.
    The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

    You can choose to go to each menu item and just download the needed files or you can
    download the files and perform a scan in Normal Mode. Once you have downloaded the files
    needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
    during boot] and re-run the menu again and choose which scanner you want to run in Safe
    Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

    When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
    file.

    To use this utility, perform the following...
    Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
    Choose; Unzip
    Choose; Close

    Execute; C:\AV-CLS\StartMenu.BAT
    { or Double-click on 'Start Menu' in C:\AV-CLS }

    NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
    FireWall to allow it to download the needed AV vendor related files.

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Turn off System Restore then download, install, update and run all of the
    following. When finished reboot and turn System Restore back on. csrss.exe
    is also a valid windows file located in the system32 folder, any other
    location should be deleted.

    Ad-Aware
    http://www.pcbutts1.com/downloads/aawsepersonal.exe

    Spybot search and destroy
    http://www.pcbutts1.com/downloads/spybotsd14.exe

    Ewido Security Suite Trial version
    http://www.pcbutts1.com/downloads/ewidosetup.exe

    Microsoft Windows AntiSpyware (Beta1)
    http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

    If none of the above fixes the issue then download Hijack this, run it, save
    a copy of the log file and cut and paste it back here to this group so that
    I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    to see it not them.


    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    news:548CDE86-1482-4DEF-956F-DD6CBDB39B42@microsoft.com...
    > About every 30 seconds, I get a pop-up message from my anti-virus software
    > that says:
    >
    > Dangerous Operation blocked!
    > Panda Titanium Antivirus 2005 has detected the execution of a dangerous
    > action and has blocked it.
    > Program:
    > Associated file:
    > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    >
    > So, I have found the file on my C drive, deleted it and deleted from my
    > Recycle Bin, but the message still continue sto annoyingly pop up.
    >
    > The operating system I am using is Windows xp Home Edition, which is
    > completely up to date with Windowes updates.
    >
    > Please can someone explain to me (in simple terms!) what I have to do to
    > get
    > rid of this virus.
    >
    > Any assistance would be greatly appreciated.
    >
    > Many thanks
    >
    > Simon (uget2nome)
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Dear All...

    Many thanks for all your advise. I downloaded all of the trials and ran
    them, which took some time. One of them detected an infected file and
    automatically removed it. However, when I start my machine, each time I get
    the following message in a pop-ip box on the desktop:

    "Windows cannot find 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe'. Make sure you
    typed the name correctly, and then try again. To search for a file, click the
    Start button, and then click search."

    I press OK, and then get the following message:

    "Could not run of load 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe' specified in
    the registty. Make sure that the file exists on your computer or remove the
    reference to it in the registry."

    I select OK, and get the same messages a second time, and after that, my
    computer now seems to be working fine.

    Is there something else I need to do to resolve this?

    Once again, many thanks, and any further assistance would be greatly
    appreciated.

    Simon (uget2nome)

    "pcbutts1" wrote:

    > Turn off System Restore then download, install, update and run all of the
    > following. When finished reboot and turn System Restore back on. csrss.exe
    > is also a valid windows file located in the system32 folder, any other
    > location should be deleted.
    >
    > Ad-Aware
    > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >
    > Spybot search and destroy
    > http://www.pcbutts1.com/downloads/spybotsd14.exe
    >
    > Ewido Security Suite Trial version
    > http://www.pcbutts1.com/downloads/ewidosetup.exe
    >
    > Microsoft Windows AntiSpyware (Beta1)
    > http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >
    > If none of the above fixes the issue then download Hijack this, run it, save
    > a copy of the log file and cut and paste it back here to this group so that
    > I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    > to see it not them.
    >
    >
    > HijackThis
    > http://www.pcbutts1.com/downloads/HijackThis.zip
    >
    > --
    >
    >
    > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > NEW Embedded system W/Linux. We now sell DVR cards.
    > See it all at http://www.seedsv.com/products.htm
    > Sharpvision simply the best http://www.seedsv.com
    >
    >
    >
    > "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    > news:548CDE86-1482-4DEF-956F-DD6CBDB39B42@microsoft.com...
    > > About every 30 seconds, I get a pop-up message from my anti-virus software
    > > that says:
    > >
    > > Dangerous Operation blocked!
    > > Panda Titanium Antivirus 2005 has detected the execution of a dangerous
    > > action and has blocked it.
    > > Program:
    > > Associated file:
    > > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    > >
    > > So, I have found the file on my C drive, deleted it and deleted from my
    > > Recycle Bin, but the message still continue sto annoyingly pop up.
    > >
    > > The operating system I am using is Windows xp Home Edition, which is
    > > completely up to date with Windowes updates.
    > >
    > > Please can someone explain to me (in simple terms!) what I have to do to
    > > get
    > > rid of this virus.
    > >
    > > Any assistance would be greatly appreciated.
    > >
    > > Many thanks
    > >
    > > Simon (uget2nome)
    >
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    uget2nome wrote:

    > Dear All...
    >
    > Many thanks for all your advise. I downloaded all of the trials and ran
    > them, which took some time. One of them detected an infected file and
    > automatically removed it. However, when I start my machine, each time I get
    > the following message in a pop-ip box on the desktop:
    >
    > "Windows cannot find 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe'. Make sure you
    > typed the name correctly, and then try again. To search for a file, click the
    > Start button, and then click search."
    >
    > I press OK, and then get the following message:
    >
    > "Could not run of load 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe' specified in
    > the registty. Make sure that the file exists on your computer or remove the
    > reference to it in the registry."
    >
    > I select OK, and get the same messages a second time, and after that, my
    > computer now seems to be working fine.
    >
    > Is there something else I need to do to resolve this?
    >
    > Once again, many thanks, and any further assistance would be greatly
    > appreciated.
    >
    > Simon (uget2nome)
    >
    > "pcbutts1" wrote:
    >
    >
    >>Turn off System Restore then download, install, update and run all of the
    >>following. When finished reboot and turn System Restore back on. csrss.exe
    >>is also a valid windows file located in the system32 folder, any other
    >>location should be deleted.
    >>
    >>Ad-Aware
    >>http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >>
    >>Spybot search and destroy
    >>http://www.pcbutts1.com/downloads/spybotsd14.exe
    >>
    >>Ewido Security Suite Trial version
    >>http://www.pcbutts1.com/downloads/ewidosetup.exe
    >>
    >>Microsoft Windows AntiSpyware (Beta1)
    >>http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >>
    >>If none of the above fixes the issue then download Hijack this, run it, save
    >>a copy of the log file and cut and paste it back here to this group so that
    >>I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    >>to see it not them.
    >>
    >>
    >>HijackThis
    >>http://www.pcbutts1.com/downloads/HijackThis.zip
    >>
    >>--
    >>
    >>
    >>The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >>NEW Embedded system W/Linux. We now sell DVR cards.
    >>See it all at http://www.seedsv.com/products.htm
    >>Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >>"uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    >>news:548CDE86-1482-4DEF-956F-DD6CBDB39B42@microsoft.com...
    >>
    >>>About every 30 seconds, I get a pop-up message from my anti-virus software
    >>>that says:
    >>>
    >>>Dangerous Operation blocked!
    >>>Panda Titanium Antivirus 2005 has detected the execution of a dangerous
    >>>action and has blocked it.
    >>>Program:
    >>>Associated file:
    >>>C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    >>>
    >>>So, I have found the file on my C drive, deleted it and deleted from my
    >>>Recycle Bin, but the message still continue sto annoyingly pop up.
    >>>
    >>>The operating system I am using is Windows xp Home Edition, which is
    >>>completely up to date with Windowes updates.
    >>>
    >>>Please can someone explain to me (in simple terms!) what I have to do to
    >>>get
    >>>rid of this virus.
    >>>
    >>>Any assistance would be greatly appreciated.
    >>>
    >>>Many thanks
    >>>
    >>>Simon (uget2nome)
    >>
    >>
    >>

    Please don't post HJT logs to this newsgroup, it is not the place for
    it. There are specialty forums for that purpose. Here are some links
    for posting HJT logs.

    HijackThis
    http://www.majorgeeks.com/download.php?det=3155

    Forums to Interpret HijackThis Logs:

    http://www.spywareinfo.com/forums/
    http://forum.aumha.org/viewforum.php?f=30
    http://forums.tomcoyote.org/
    http://www.wilderssecurity.com/

    --
    Rock
    MS MVP Windows - Shell/User
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    i think u solve what is being prompted .That is u copy csrss.exe from
    somebody elses system and put it in uy SYSTEM32 folder or use this
    Type msconfig in run box.
    now on General tab click ExpandFile button.
    And restore file
    Ok
    "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    news:782F9C3E-4A8E-46E7-8F99-5A3E7D67E799@microsoft.com...
    > Dear All...
    >
    > Many thanks for all your advise. I downloaded all of the trials and ran
    > them, which took some time. One of them detected an infected file and
    > automatically removed it. However, when I start my machine, each time I
    get
    > the following message in a pop-ip box on the desktop:
    >
    > "Windows cannot find 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe'. Make sure
    you
    > typed the name correctly, and then try again. To search for a file, click
    the
    > Start button, and then click search."
    >
    > I press OK, and then get the following message:
    >
    > "Could not run of load 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe' specified
    in
    > the registty. Make sure that the file exists on your computer or remove
    the
    > reference to it in the registry."
    >
    > I select OK, and get the same messages a second time, and after that, my
    > computer now seems to be working fine.
    >
    > Is there something else I need to do to resolve this?
    >
    > Once again, many thanks, and any further assistance would be greatly
    > appreciated.
    >
    > Simon (uget2nome)
    >
    > "pcbutts1" wrote:
    >
    > > Turn off System Restore then download, install, update and run all of
    the
    > > following. When finished reboot and turn System Restore back on.
    csrss.exe
    > > is also a valid windows file located in the system32 folder, any other
    > > location should be deleted.
    > >
    > > Ad-Aware
    > > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    > >
    > > Spybot search and destroy
    > > http://www.pcbutts1.com/downloads/spybotsd14.exe
    > >
    > > Ewido Security Suite Trial version
    > > http://www.pcbutts1.com/downloads/ewidosetup.exe
    > >
    > > Microsoft Windows AntiSpyware (Beta1)
    > >
    http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-
    A8BD-DBF62EDA9671&displaylang=en
    > >
    > > If none of the above fixes the issue then download Hijack this, run it,
    save
    > > a copy of the log file and cut and paste it back here to this group so
    that
    > > I can analyze it. Ignore anyone who tells you to post it elsewhere. I
    need
    > > to see it not them.
    > >
    > >
    > > HijackThis
    > > http://www.pcbutts1.com/downloads/HijackThis.zip
    > >
    > > --
    > >
    > >
    > > The best live web video on the internet
    http://www.seedsv.com/webdemo.htm
    > > NEW Embedded system W/Linux. We now sell DVR cards.
    > > See it all at http://www.seedsv.com/products.htm
    > > Sharpvision simply the best http://www.seedsv.com
    > >
    > >
    > >
    > > "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    > > news:548CDE86-1482-4DEF-956F-DD6CBDB39B42@microsoft.com...
    > > > About every 30 seconds, I get a pop-up message from my anti-virus
    software
    > > > that says:
    > > >
    > > > Dangerous Operation blocked!
    > > > Panda Titanium Antivirus 2005 has detected the execution of a
    dangerous
    > > > action and has blocked it.
    > > > Program:
    > > > Associated file:
    > > > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    > > >
    > > > So, I have found the file on my C drive, deleted it and deleted from
    my
    > > > Recycle Bin, but the message still continue sto annoyingly pop up.
    > > >
    > > > The operating system I am using is Windows xp Home Edition, which is
    > > > completely up to date with Windowes updates.
    > > >
    > > > Please can someone explain to me (in simple terms!) what I have to do
    to
    > > > get
    > > > rid of this virus.
    > > >
    > > > Any assistance would be greatly appreciated.
    > > >
    > > > Many thanks
    > > >
    > > > Simon (uget2nome)
    > >
    > >
    > >
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Dear Friends...

    Many thanks for all your advise, but I'm sorry, I still don't know what to
    do to solve the problem of these error messages appearing every time I switch
    the machine on. Please can someone explain to me excatly what steps I need to
    take.

    Many thanks.

    "uget2nome" wrote:

    > Dear All...
    >
    > Many thanks for all your advise. I downloaded all of the trials and ran
    > them, which took some time. One of them detected an infected file and
    > automatically removed it. However, when I start my machine, each time I get
    > the following message in a pop-ip box on the desktop:
    >
    > "Windows cannot find 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe'. Make sure you
    > typed the name correctly, and then try again. To search for a file, click the
    > Start button, and then click search."
    >
    > I press OK, and then get the following message:
    >
    > "Could not run of load 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe' specified in
    > the registty. Make sure that the file exists on your computer or remove the
    > reference to it in the registry."
    >
    > I select OK, and get the same messages a second time, and after that, my
    > computer now seems to be working fine.
    >
    > Is there something else I need to do to resolve this?
    >
    > Once again, many thanks, and any further assistance would be greatly
    > appreciated.
    >
    > Simon (uget2nome)
    >
    > "pcbutts1" wrote:
    >
    > > Turn off System Restore then download, install, update and run all of the
    > > following. When finished reboot and turn System Restore back on. csrss.exe
    > > is also a valid windows file located in the system32 folder, any other
    > > location should be deleted.
    > >
    > > Ad-Aware
    > > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    > >
    > > Spybot search and destroy
    > > http://www.pcbutts1.com/downloads/spybotsd14.exe
    > >
    > > Ewido Security Suite Trial version
    > > http://www.pcbutts1.com/downloads/ewidosetup.exe
    > >
    > > Microsoft Windows AntiSpyware (Beta1)
    > > http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    > >
    > > If none of the above fixes the issue then download Hijack this, run it, save
    > > a copy of the log file and cut and paste it back here to this group so that
    > > I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    > > to see it not them.
    > >
    > >
    > > HijackThis
    > > http://www.pcbutts1.com/downloads/HijackThis.zip
    > >
    > > --
    > >
    > >
    > > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > > NEW Embedded system W/Linux. We now sell DVR cards.
    > > See it all at http://www.seedsv.com/products.htm
    > > Sharpvision simply the best http://www.seedsv.com
    > >
    > >
    > >
    > > "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    > > news:548CDE86-1482-4DEF-956F-DD6CBDB39B42@microsoft.com...
    > > > About every 30 seconds, I get a pop-up message from my anti-virus software
    > > > that says:
    > > >
    > > > Dangerous Operation blocked!
    > > > Panda Titanium Antivirus 2005 has detected the execution of a dangerous
    > > > action and has blocked it.
    > > > Program:
    > > > Associated file:
    > > > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    > > >
    > > > So, I have found the file on my C drive, deleted it and deleted from my
    > > > Recycle Bin, but the message still continue sto annoyingly pop up.
    > > >
    > > > The operating system I am using is Windows xp Home Edition, which is
    > > > completely up to date with Windowes updates.
    > > >
    > > > Please can someone explain to me (in simple terms!) what I have to do to
    > > > get
    > > > rid of this virus.
    > > >
    > > > Any assistance would be greatly appreciated.
    > > >
    > > > Many thanks
    > > >
    > > > Simon (uget2nome)
    > >
    > >
    > >
  7. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Dear Friends...

    Thank yo ufor all yoru advise, but I'm sorry I'm still confused as to what I
    should do to prevent these error messages appearing. Please can someone
    explain to me how I solve teh problem?

    Many thanks

    Simon

    "uget2nome" wrote:

    > Dear All...
    >
    > Many thanks for all your advise. I downloaded all of the trials and ran
    > them, which took some time. One of them detected an infected file and
    > automatically removed it. However, when I start my machine, each time I get
    > the following message in a pop-ip box on the desktop:
    >
    > "Windows cannot find 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe'. Make sure you
    > typed the name correctly, and then try again. To search for a file, click the
    > Start button, and then click search."
    >
    > I press OK, and then get the following message:
    >
    > "Could not run of load 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe' specified in
    > the registty. Make sure that the file exists on your computer or remove the
    > reference to it in the registry."
    >
    > I select OK, and get the same messages a second time, and after that, my
    > computer now seems to be working fine.
    >
    > Is there something else I need to do to resolve this?
    >
    > Once again, many thanks, and any further assistance would be greatly
    > appreciated.
    >
    > Simon (uget2nome)
    >
    > "pcbutts1" wrote:
    >
    > > Turn off System Restore then download, install, update and run all of the
    > > following. When finished reboot and turn System Restore back on. csrss.exe
    > > is also a valid windows file located in the system32 folder, any other
    > > location should be deleted.
    > >
    > > Ad-Aware
    > > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    > >
    > > Spybot search and destroy
    > > http://www.pcbutts1.com/downloads/spybotsd14.exe
    > >
    > > Ewido Security Suite Trial version
    > > http://www.pcbutts1.com/downloads/ewidosetup.exe
    > >
    > > Microsoft Windows AntiSpyware (Beta1)
    > > http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    > >
    > > If none of the above fixes the issue then download Hijack this, run it, save
    > > a copy of the log file and cut and paste it back here to this group so that
    > > I can analyze it. Ignore anyone who tells you to post it elsewhere. I need
    > > to see it not them.
    > >
    > >
    > > HijackThis
    > > http://www.pcbutts1.com/downloads/HijackThis.zip
    > >
    > > --
    > >
    > >
    > > The best live web video on the internet http://www.seedsv.com/webdemo.htm
    > > NEW Embedded system W/Linux. We now sell DVR cards.
    > > See it all at http://www.seedsv.com/products.htm
    > > Sharpvision simply the best http://www.seedsv.com
    > >
    > >
    > >
    > > "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    > > news:548CDE86-1482-4DEF-956F-DD6CBDB39B42@microsoft.com...
    > > > About every 30 seconds, I get a pop-up message from my anti-virus software
    > > > that says:
    > > >
    > > > Dangerous Operation blocked!
    > > > Panda Titanium Antivirus 2005 has detected the execution of a dangerous
    > > > action and has blocked it.
    > > > Program:
    > > > Associated file:
    > > > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    > > >
    > > > So, I have found the file on my C drive, deleted it and deleted from my
    > > > Recycle Bin, but the message still continue sto annoyingly pop up.
    > > >
    > > > The operating system I am using is Windows xp Home Edition, which is
    > > > completely up to date with Windowes updates.
    > > >
    > > > Please can someone explain to me (in simple terms!) what I have to do to
    > > > get
    > > > rid of this virus.
    > > >
    > > > Any assistance would be greatly appreciated.
    > > >
    > > > Many thanks
    > > >
    > > > Simon (uget2nome)
    > >
    > >
    > >
  8. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "uget2nome" <uget2nome@discussions.microsoft.com>

    | Dear All...
    |
    | Many thanks for all your advise. I downloaded all of the trials and ran
    | them, which took some time. One of them detected an infected file and
    | automatically removed it. However, when I start my machine, each time I get
    | the following message in a pop-ip box on the desktop:
    |
    | "Windows cannot find 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe'. Make sure you
    | typed the name correctly, and then try again. To search for a file, click the
    | Start button, and then click search."
    |
    | I press OK, and then get the following message:
    |
    | "Could not run of load 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe' specified in
    | the registty. Make sure that the file exists on your computer or remove the
    | reference to it in the registry."
    |
    | I select OK, and get the same messages a second time, and after that, my
    | computer now seems to be working fine.
    |
    | Is there something else I need to do to resolve this?
    |
    | Once again, many thanks, and any further assistance would be greatly
    | appreciated.
    |
    | Simon (uget2nome)
    |
    | "pcbutts1" wrote:

    Please do NOT post the HiJack This (HJT) log as requested. This replier, pcbutts1, has been
    asked nicely, and has then been told bluntly [by an employee of the Microsoft Corporation,
    the host of this server], not to request HJT logs to be posted here.

    HJT logs should *ONLY* be posted in a qualified Web Forum. This is not one of them.

    That being said...

    Please execute; MSCONFIG.EXE and search for a startup item that would have loaded
    VIVNUFFTO\CSRSS.EXE and then disable that item

    If you feel comfortable editing the Registry, you can search for the string;
    VIVNUFFTO\CSRSS.EXE
    find where it is being loaded and remove that key.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  9. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "Swapnesh" <swap_par205@sancharnet.in>

    | i think u solve what is being prompted .That is u copy csrss.exe from
    | somebody elses system and put it in uy SYSTEM32 folder or use this
    | Type msconfig in run box.
    | now on General tab click ExpandFile button.
    | And restore file
    | Ok


    NO !

    CSRSS.EXE was an infector. It was removed from the PC as it should have been. However, the
    application that removed the EXE file failed to remove the Registry entry that called the
    EXE file to execute. therefore it didn't fully do its job. Copying the file from another
    PC is NOT the solution.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  10. Archived from groups: microsoft.public.windowsxp.general (More info?)

    But CSRSS is a system service.and it uses CSRSS.exe.If u want to varify u
    can press CTRL+ALT+DEL.
    u can see there under PROCESS tab.OK
    And it says its a system service .

    Now when window starts it will try to run CSRR.exe and when anything is not
    found it symply tell File not found.

    So give it the file it wants. Though file was infected and was removed u
    can give it a fresh one.Its like giving missing DLL. Havent u tried it yet
    ????
    If n then u should try .
    And has "ugetnome" tried to remove registry and seen that it works ??

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:#NvbDdBrFHA.2876@TK2MSFTNGP12.phx.gbl...
    > From: "Swapnesh" <swap_par205@sancharnet.in>
    >
    > | i think u solve what is being prompted .That is u copy csrss.exe from
    > | somebody elses system and put it in uy SYSTEM32 folder or use this
    > | Type msconfig in run box.
    > | now on General tab click ExpandFile button.
    > | And restore file
    > | Ok
    >
    >
    > NO !
    >
    > CSRSS.EXE was an infector. It was removed from the PC as it should have
    been. However, the
    > application that removed the EXE file failed to remove the Registry entry
    that called the
    > EXE file to execute. therefore it didn't fully do its job. Copying the
    file from another
    > PC is NOT the solution.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
  11. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "Swapnesh" <swap_par205@sancharnet.in>

    | But CSRSS is a system service.and it uses CSRSS.exe.If u want to varify u
    | can press CTRL+ALT+DEL.
    | u can see there under PROCESS tab.OK
    | And it says its a system service .
    |
    | Now when window starts it will try to run CSRR.exe and when anything is not
    | found it symply tell File not found.
    |
    | So give it the file it wants. Though file was infected and was removed u
    | can give it a fresh one.Its like giving missing DLL. Havent u tried it yet
    | ????
    | If n then u should try .
    | And has "ugetnome" tried to remove registry and seen that it works ??
    |

    It is a well established methodology to use the name of legitimate MS Windows Kernel files
    for the name of viral and non-viral malware. This is designed to lure you into a false
    sense of security. You see the name of the excutable running, assume that it is a OS file
    and think it is OK. -- WRONG. One must examine WHERE the excutable is being excuted from.
    Since replacing a a OS Kernel file could break the OS, it has to be executed from a non OS
    standard location.

    In the case of this infector; %windir%\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    %windir%\SYSTEM32\VIVNUFFTO is not a Windows OS folder. It was created by the infector.

    Sample infectors that use the name CSRSS.EXE are...

    C:\CSRSS.EXE
    W32/Buchon.c@MM -- http://vil.nai.com/vil/content/v_130857.htm

    %WinDir%\MSAGENT\WIN32\CSRSS.EXE
    W32/Sober.l@MM -- http://vil.nai.com/vil/content/v_131869.htm

    %WinDir%\CSRSS.EXE
    W32/Melare@MM -- http://vil.nai.com/vil/content/v_100306.htm

    %WinDir%\CSRSS.EXE
    W32/Netsky.ab@MM -- http://vil.nai.com/vil/content/v_124873.htm

    %WinDir%\CSRSS.EXE
    MultiDropper-JW -- http://vil.nai.com/vil/content/v_101115.htm

    %WinDir%\CSRSS.EXE
    Downloader-MC -- http://vil.nai.com/vil/content/v_126644.htm


    An example of a file name that is the most often used is; SVCHOST.EXE. There are *many*
    viral and non-viral infectors that use this name. If this file is found on a Win9x/ME PC
    then you are almost guarateed to be infected. If it is found on a NT based PC then one must
    look at the location of where it is being executed. In addition many use variations upon
    this name such as; SCVHOST.EXE

    Examples:
    If SVCHOST.EXE is found in the root of C: (C:\SVCHOST.EXE) then there is a high chance of
    this being the CodeBlue worm.
    W32/CodeBlue.worm -- http://vil.nai.com/vil/content/v_99202.htm

    If SVCHOST.EXE is found in %windir% then there is a high chance of this being the Cozit
    worm.
    W32/Cozit.worm -- http://vil.nai.com/vil/content/v_99761.htm

    If SVCHOST.EXE is found in %windir%\SYSTEM32\DRIVERS then there is a high chance of this
    being a nachi worm variant.
    W32/Nachi.worm.c -- http://vil.nai.com/vil/content/v_101025.htm


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  12. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Yes, I need to see your hijackthis log run it, save the log and cut and
    paste back here so I can read it.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    news:782F9C3E-4A8E-46E7-8F99-5A3E7D67E799@microsoft.com...
    > Dear All...
    >
    > Many thanks for all your advise. I downloaded all of the trials and ran
    > them, which took some time. One of them detected an infected file and
    > automatically removed it. However, when I start my machine, each time I
    > get
    > the following message in a pop-ip box on the desktop:
    >
    > "Windows cannot find 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe'. Make sure
    > you
    > typed the name correctly, and then try again. To search for a file, click
    > the
    > Start button, and then click search."
    >
    > I press OK, and then get the following message:
    >
    > "Could not run of load 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe' specified
    > in
    > the registty. Make sure that the file exists on your computer or remove
    > the
    > reference to it in the registry."
    >
    > I select OK, and get the same messages a second time, and after that, my
    > computer now seems to be working fine.
    >
    > Is there something else I need to do to resolve this?
    >
    > Once again, many thanks, and any further assistance would be greatly
    > appreciated.
    >
    > Simon (uget2nome)
    >
    > "pcbutts1" wrote:
    >
    >> Turn off System Restore then download, install, update and run all of the
    >> following. When finished reboot and turn System Restore back on.
    >> csrss.exe
    >> is also a valid windows file located in the system32 folder, any other
    >> location should be deleted.
    >>
    >> Ad-Aware
    >> http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >>
    >> Spybot search and destroy
    >> http://www.pcbutts1.com/downloads/spybotsd14.exe
    >>
    >> Ewido Security Suite Trial version
    >> http://www.pcbutts1.com/downloads/ewidosetup.exe
    >>
    >> Microsoft Windows AntiSpyware (Beta1)
    >> http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >>
    >> If none of the above fixes the issue then download Hijack this, run it,
    >> save
    >> a copy of the log file and cut and paste it back here to this group so
    >> that
    >> I can analyze it. Ignore anyone who tells you to post it elsewhere. I
    >> need
    >> to see it not them.
    >>
    >>
    >> HijackThis
    >> http://www.pcbutts1.com/downloads/HijackThis.zip
    >>
    >> --
    >>
    >>
    >> The best live web video on the internet http://www.seedsv.com/webdemo.htm
    >> NEW Embedded system W/Linux. We now sell DVR cards.
    >> See it all at http://www.seedsv.com/products.htm
    >> Sharpvision simply the best http://www.seedsv.com
    >>
    >>
    >>
    >> "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    >> news:548CDE86-1482-4DEF-956F-DD6CBDB39B42@microsoft.com...
    >> > About every 30 seconds, I get a pop-up message from my anti-virus
    >> > software
    >> > that says:
    >> >
    >> > Dangerous Operation blocked!
    >> > Panda Titanium Antivirus 2005 has detected the execution of a dangerous
    >> > action and has blocked it.
    >> > Program:
    >> > Associated file:
    >> > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    >> >
    >> > So, I have found the file on my C drive, deleted it and deleted from my
    >> > Recycle Bin, but the message still continue sto annoyingly pop up.
    >> >
    >> > The operating system I am using is Windows xp Home Edition, which is
    >> > completely up to date with Windowes updates.
    >> >
    >> > Please can someone explain to me (in simple terms!) what I have to do
    >> > to
    >> > get
    >> > rid of this virus.
    >> >
    >> > Any assistance would be greatly appreciated.
    >> >
    >> > Many thanks
    >> >
    >> > Simon (uget2nome)
    >>
    >>
    >>
  13. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "uget2nome" <uget2nome@discussions.microsoft.com>

    | Dear Friends...
    |
    | Thank yo ufor all yoru advise, but I'm sorry I'm still confused as to what I
    | should do to prevent these error messages appearing. Please can someone
    | explain to me how I solve teh problem?
    |
    | Many thanks
    |
    | Simon

    Simon:

    In case you missed it. Do NOT post a HiJack This (HJT) log here ! Do NOT follow pcbutts1's
    direction to do so. His advice is contrary to all the expeerts in this news Group and by
    Microsoft.

    Do execute; MSCONFIG.EXE

    Choose; Startup

    Find the line that loads...
    C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE

    Uncheck the box for that line.

    Click on "Apply" then "Close" then "Restart"..

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  14. Archived from groups: microsoft.public.windowsxp.general (More info?)

    http://www.auditmypc.com/free-spyware-removal.asp

    Look there and see if it helps you. If not, perhaps you need to unplug and
    take the tower in to a repair shop. Not a "Big box computer sales" store,
    but somewhere they can help you.

    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:eW45YdCrFHA.716@TK2MSFTNGP10.phx.gbl...
    > From: "uget2nome" <uget2nome@discussions.microsoft.com>
    >
    > | Dear Friends...
    > |
    > | Thank yo ufor all yoru advise, but I'm sorry I'm still confused as to
    > what I
    > | should do to prevent these error messages appearing. Please can someone
    > | explain to me how I solve teh problem?
    > |
    > | Many thanks
    > |
    > | Simon
    >
    > Simon:
    >
    > In case you missed it. Do NOT post a HiJack This (HJT) log here ! Do NOT
    > follow pcbutts1's
    > direction to do so. His advice is contrary to all the expeerts in this
    > news Group and by
    > Microsoft.
    >
    > Do execute; MSCONFIG.EXE
    >
    > Choose; Startup
    >
    > Find the line that loads...
    > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    >
    > Uncheck the box for that line.
    >
    > Click on "Apply" then "Close" then "Restart"..
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
  15. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Dear Dave...

    Please can you help me, I'm not sure exactly hoe to execute MSCONFIG.EXE
    I use xp Home Edition. Please can you tell me where I can find 'Start Up'
    and find the line that says 'C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE', with
    the check box.

    Is this something I type in a line when I click 'Start' and then choose 'Run'?

    Sorry to be so pinnicky, but I'm, really not very good with these things and
    I want to make sure before I go ahead and do any chanegs!

    Many thanks

    Simon


    "David H. Lipman" wrote:

    > From: "uget2nome" <uget2nome@discussions.microsoft.com>
    >
    > | Dear Friends...
    > |
    > | Thank yo ufor all yoru advise, but I'm sorry I'm still confused as to what I
    > | should do to prevent these error messages appearing. Please can someone
    > | explain to me how I solve teh problem?
    > |
    > | Many thanks
    > |
    > | Simon
    >
    > Simon:
    >
    > In case you missed it. Do NOT post a HiJack This (HJT) log here ! Do NOT follow pcbutts1's
    > direction to do so. His advice is contrary to all the expeerts in this news Group and by
    > Microsoft.
    >
    > Do execute; MSCONFIG.EXE
    >
    > Choose; Startup
    >
    > Find the line that loads...
    > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    >
    > Uncheck the box for that line.
    >
    > Click on "Apply" then "Close" then "Restart"..
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  16. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Simon,

    Click on Start, then run

    In the box that pops up, type " msconfig" without the quotation marks, and
    click ok

    This will bring up the System Configuration Utility.

    Look at the tabs at the top, the one furthers to the right is the startup
    tab, click on it.

    You will see most likely several startup items, with check marks in their
    respective boxes.

    Look for the one David pointed you too,and remove the checkmark from it,
    then click ok.

    You will get a message that you need to restart your system for your changes
    to take effect, click ok to restart your system.

    After it boots up, you will get a message that you are running in selective
    startup, put a check mark in the box to not display that message again, and
    click ok.


    Hope this helps,


    Don Burnette


    uget2nome wrote:
    > Dear Dave...
    >
    > Please can you help me, I'm not sure exactly hoe to execute
    > MSCONFIG.EXE
    > I use xp Home Edition. Please can you tell me where I can find 'Start
    > Up'
    > and find the line that says
    > 'C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE', with the check box.
    >
    > Is this something I type in a line when I click 'Start' and then
    > choose 'Run'?
    >
    > Sorry to be so pinnicky, but I'm, really not very good with these
    > things and I want to make sure before I go ahead and do any chanegs!
    >
    > Many thanks
    >
    > Simon
    >
    >
    >
    > "David H. Lipman" wrote:
    >
    >> From: "uget2nome" <uget2nome@discussions.microsoft.com>
    >>
    >>> Dear Friends...
    >>>
    >>> Thank yo ufor all yoru advise, but I'm sorry I'm still confused as
    >>> to what I should do to prevent these error messages appearing.
    >>> Please can someone explain to me how I solve teh problem?
    >>>
    >>> Many thanks
    >>>
    >>> Simon
    >>
    >> Simon:
    >>
    >> In case you missed it. Do NOT post a HiJack This (HJT) log here !
    >> Do NOT follow pcbutts1's direction to do so. His advice is contrary
    >> to all the expeerts in this news Group and by Microsoft.
    >>
    >> Do execute; MSCONFIG.EXE
    >>
    >> Choose; Startup
    >>
    >> Find the line that loads...
    >> C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    >>
    >> Uncheck the box for that line.
    >>
    >> Click on "Apply" then "Close" then "Restart"..
    >>
    >> --
    >> Dave
    >> http://www.claymania.com/removal-trojan-adware.html
    >> http://www.ik-cs.com/got-a-virus.htm
  17. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "uget2nome" <uget2nome@discussions.microsoft.com>

    | Dear Dave...
    |
    | Please can you help me, I'm not sure exactly hoe to execute MSCONFIG.EXE
    | I use xp Home Edition. Please can you tell me where I can find 'Start Up'
    | and find the line that says 'C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE', with
    | the check box.
    |
    | Is this something I type in a line when I click 'Start' and then choose 'Run'?
    |
    | Sorry to be so pinnicky, but I'm, really not very good with these things and
    | I want to make sure before I go ahead and do any chanegs!
    |
    | Many thanks
    |
    | Simon

    Yes...

    Go to; Start --> Run

    type; MSCONFIG

    Click on OK.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  18. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Swapnesh wrote:

    > But CSRSS is a system service.and it uses CSRSS.exe.If u want to varify u
    > can press CTRL+ALT+DEL.
    > u can see there under PROCESS tab.OK
    > And it says its a system service .
    >
    > Now when window starts it will try to run CSRR.exe and when anything is not
    > found it symply tell File not found.
    >
    > So give it the file it wants. Though file was infected and was removed u
    > can give it a fresh one.Its like giving missing DLL. Havent u tried it yet
    > ????
    > If n then u should try .
    > And has "ugetnome" tried to remove registry and seen that it works ??
    >
    > "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    > news:#NvbDdBrFHA.2876@TK2MSFTNGP12.phx.gbl...
    >
    >>From: "Swapnesh" <swap_par205@sancharnet.in>
    >>
    >>| i think u solve what is being prompted .That is u copy csrss.exe from
    >>| somebody elses system and put it in uy SYSTEM32 folder or use this
    >>| Type msconfig in run box.
    >>| now on General tab click ExpandFile button.
    >>| And restore file
    >>| Ok
    >>
    >>
    >>NO !
    >>
    >>CSRSS.EXE was an infector. It was removed from the PC as it should have
    >
    > been. However, the
    >
    >>application that removed the EXE file failed to remove the Registry entry
    >
    > that called the
    >
    >>EXE file to execute. therefore it didn't fully do its job. Copying the
    >
    > file from another
    >
    >>PC is NOT the solution.
    >>
    >>--
    >>Dave
    >>http://www.claymania.com/removal-trojan-adware.html
    >>http://www.ik-cs.com/got-a-virus.htm
    >>
    >>
    >
    >
    >

    Correct your system date.

    --
    Rock
    MS MVP Windows - Shell/User
  19. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Download Hijack this from the link below, unzip it, double click on the
    unzipped file to run it, save a copy of the log file by clicking on the save
    log button, it will open in notepad. Cut and paste the log back here to this
    group so that I can analyze it. Ignore the replies by Rock or David or
    anyone who tells you to post it elsewhere. I need to see it so I can tell
    you how to fix it not them.


    HijackThis
    http://www.pcbutts1.com/downloads/HijackThis.zip

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    news:A6E9C86C-9772-4782-A9A0-1622FA78D08B@microsoft.com...
    > Dear Friends...
    >
    > Many thanks for all your advise, but I'm sorry, I still don't know what to
    > do to solve the problem of these error messages appearing every time I
    > switch
    > the machine on. Please can someone explain to me excatly what steps I need
    > to
    > take.
    >
    > Many thanks.
    >
    > "uget2nome" wrote:
    >
    >> Dear All...
    >>
    >> Many thanks for all your advise. I downloaded all of the trials and ran
    >> them, which took some time. One of them detected an infected file and
    >> automatically removed it. However, when I start my machine, each time I
    >> get
    >> the following message in a pop-ip box on the desktop:
    >>
    >> "Windows cannot find 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe'. Make sure
    >> you
    >> typed the name correctly, and then try again. To search for a file, click
    >> the
    >> Start button, and then click search."
    >>
    >> I press OK, and then get the following message:
    >>
    >> "Could not run of load 'C:WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.exe' specified
    >> in
    >> the registty. Make sure that the file exists on your computer or remove
    >> the
    >> reference to it in the registry."
    >>
    >> I select OK, and get the same messages a second time, and after that, my
    >> computer now seems to be working fine.
    >>
    >> Is there something else I need to do to resolve this?
    >>
    >> Once again, many thanks, and any further assistance would be greatly
    >> appreciated.
    >>
    >> Simon (uget2nome)
    >>
    >> "pcbutts1" wrote:
    >>
    >> > Turn off System Restore then download, install, update and run all of
    >> > the
    >> > following. When finished reboot and turn System Restore back on.
    >> > csrss.exe
    >> > is also a valid windows file located in the system32 folder, any other
    >> > location should be deleted.
    >> >
    >> > Ad-Aware
    >> > http://www.pcbutts1.com/downloads/aawsepersonal.exe
    >> >
    >> > Spybot search and destroy
    >> > http://www.pcbutts1.com/downloads/spybotsd14.exe
    >> >
    >> > Ewido Security Suite Trial version
    >> > http://www.pcbutts1.com/downloads/ewidosetup.exe
    >> >
    >> > Microsoft Windows AntiSpyware (Beta1)
    >> > http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
    >> >
    >> > If none of the above fixes the issue then download Hijack this, run it,
    >> > save
    >> > a copy of the log file and cut and paste it back here to this group so
    >> > that
    >> > I can analyze it. Ignore anyone who tells you to post it elsewhere. I
    >> > need
    >> > to see it not them.
    >> >
    >> >
    >> > HijackThis
    >> > http://www.pcbutts1.com/downloads/HijackThis.zip
    >> >
    >> > --
    >> >
    >> >
    >> > The best live web video on the internet
    >> > http://www.seedsv.com/webdemo.htm
    >> > NEW Embedded system W/Linux. We now sell DVR cards.
    >> > See it all at http://www.seedsv.com/products.htm
    >> > Sharpvision simply the best http://www.seedsv.com
    >> >
    >> >
    >> >
    >> > "uget2nome" <uget2nome@discussions.microsoft.com> wrote in message
    >> > news:548CDE86-1482-4DEF-956F-DD6CBDB39B42@microsoft.com...
    >> > > About every 30 seconds, I get a pop-up message from my anti-virus
    >> > > software
    >> > > that says:
    >> > >
    >> > > Dangerous Operation blocked!
    >> > > Panda Titanium Antivirus 2005 has detected the execution of a
    >> > > dangerous
    >> > > action and has blocked it.
    >> > > Program:
    >> > > Associated file:
    >> > > C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    >> > >
    >> > > So, I have found the file on my C drive, deleted it and deleted from
    >> > > my
    >> > > Recycle Bin, but the message still continue sto annoyingly pop up.
    >> > >
    >> > > The operating system I am using is Windows xp Home Edition, which is
    >> > > completely up to date with Windowes updates.
    >> > >
    >> > > Please can someone explain to me (in simple terms!) what I have to do
    >> > > to
    >> > > get
    >> > > rid of this virus.
    >> > >
    >> > > Any assistance would be greatly appreciated.
    >> > >
    >> > > Many thanks
    >> > >
    >> > > Simon (uget2nome)
    >> >
    >> >
    >> >
  20. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Dear Don & Dave

    Thank you for your help and advise. I followed your instructions, and this
    is now working perfectly.

    I simply wouldn't have known where to start otherwise!

    Once again, many thanks.

    Kind Regards

    Simon

    "Don Burnette" wrote:

    > Simon,
    >
    > Click on Start, then run
    >
    > In the box that pops up, type " msconfig" without the quotation marks, and
    > click ok
    >
    > This will bring up the System Configuration Utility.
    >
    > Look at the tabs at the top, the one furthers to the right is the startup
    > tab, click on it.
    >
    > You will see most likely several startup items, with check marks in their
    > respective boxes.
    >
    > Look for the one David pointed you too,and remove the checkmark from it,
    > then click ok.
    >
    > You will get a message that you need to restart your system for your changes
    > to take effect, click ok to restart your system.
    >
    > After it boots up, you will get a message that you are running in selective
    > startup, put a check mark in the box to not display that message again, and
    > click ok.
    >
    >
    > Hope this helps,
    >
    >
    > Don Burnette
    >
    >
    >
    > uget2nome wrote:
    > > Dear Dave...
    > >
    > > Please can you help me, I'm not sure exactly hoe to execute
    > > MSCONFIG.EXE
    > > I use xp Home Edition. Please can you tell me where I can find 'Start
    > > Up'
    > > and find the line that says
    > > 'C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE', with the check box.
    > >
    > > Is this something I type in a line when I click 'Start' and then
    > > choose 'Run'?
    > >
    > > Sorry to be so pinnicky, but I'm, really not very good with these
    > > things and I want to make sure before I go ahead and do any chanegs!
    > >
    > > Many thanks
    > >
    > > Simon
    > >
    > >
    > >
    > > "David H. Lipman" wrote:
    > >
    > >> From: "uget2nome" <uget2nome@discussions.microsoft.com>
    > >>
    > >>> Dear Friends...
    > >>>
    > >>> Thank yo ufor all yoru advise, but I'm sorry I'm still confused as
    > >>> to what I should do to prevent these error messages appearing.
    > >>> Please can someone explain to me how I solve teh problem?
    > >>>
    > >>> Many thanks
    > >>>
    > >>> Simon
    > >>
    > >> Simon:
    > >>
    > >> In case you missed it. Do NOT post a HiJack This (HJT) log here !
    > >> Do NOT follow pcbutts1's direction to do so. His advice is contrary
    > >> to all the expeerts in this news Group and by Microsoft.
    > >>
    > >> Do execute; MSCONFIG.EXE
    > >>
    > >> Choose; Startup
    > >>
    > >> Find the line that loads...
    > >> C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    > >>
    > >> Uncheck the box for that line.
    > >>
    > >> Click on "Apply" then "Close" then "Restart"..
    > >>
    > >> --
    > >> Dave
    > >> http://www.claymania.com/removal-trojan-adware.html
    > >> http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
    >
    >
    >
  21. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "uget2nome" <uget2nome@discussions.microsoft.com>

    | Dear Don & Dave
    |
    | Thank you for your help and advise. I followed your instructions, and this
    | is now working perfectly.
    |
    | I simply wouldn't have known where to start otherwise!
    |
    | Once again, many thanks.
    |
    | Kind Regards
    |
    | Simon

    You're welcome Simon and thank you for updating the thread.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  22. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Well, David did all the work, but you are very welcome!

    Glad you got your issue resolved.
    Thanks for letting us know,


    Don Burnette


    uget2nome wrote:
    > Dear Don & Dave
    >
    > Thank you for your help and advise. I followed your instructions, and
    > this is now working perfectly.
    >
    > I simply wouldn't have known where to start otherwise!
    >
    > Once again, many thanks.
    >
    > Kind Regards
    >
    > Simon
    >
    > "Don Burnette" wrote:
    >
    >> Simon,
    >>
    >> Click on Start, then run
    >>
    >> In the box that pops up, type " msconfig" without the quotation
    >> marks, and click ok
    >>
    >> This will bring up the System Configuration Utility.
    >>
    >> Look at the tabs at the top, the one furthers to the right is the
    >> startup tab, click on it.
    >>
    >> You will see most likely several startup items, with check marks in
    >> their respective boxes.
    >>
    >> Look for the one David pointed you too,and remove the checkmark from
    >> it, then click ok.
    >>
    >> You will get a message that you need to restart your system for your
    >> changes to take effect, click ok to restart your system.
    >>
    >> After it boots up, you will get a message that you are running in
    >> selective startup, put a check mark in the box to not display that
    >> message again, and click ok.
    >>
    >>
    >> Hope this helps,
    >>
    >>
    >> Don Burnette
    >>
    >>
    >>
    >> uget2nome wrote:
    >>> Dear Dave...
    >>>
    >>> Please can you help me, I'm not sure exactly hoe to execute
    >>> MSCONFIG.EXE
    >>> I use xp Home Edition. Please can you tell me where I can find
    >>> 'Start Up'
    >>> and find the line that says
    >>> 'C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE', with the check box.
    >>>
    >>> Is this something I type in a line when I click 'Start' and then
    >>> choose 'Run'?
    >>>
    >>> Sorry to be so pinnicky, but I'm, really not very good with these
    >>> things and I want to make sure before I go ahead and do any chanegs!
    >>>
    >>> Many thanks
    >>>
    >>> Simon
    >>>
    >>>
    >>>
    >>> "David H. Lipman" wrote:
    >>>
    >>>> From: "uget2nome" <uget2nome@discussions.microsoft.com>
    >>>>
    >>>>> Dear Friends...
    >>>>>
    >>>>> Thank yo ufor all yoru advise, but I'm sorry I'm still confused as
    >>>>> to what I should do to prevent these error messages appearing.
    >>>>> Please can someone explain to me how I solve teh problem?
    >>>>>
    >>>>> Many thanks
    >>>>>
    >>>>> Simon
    >>>>
    >>>> Simon:
    >>>>
    >>>> In case you missed it. Do NOT post a HiJack This (HJT) log here !
    >>>> Do NOT follow pcbutts1's direction to do so. His advice is
    >>>> contrary to all the expeerts in this news Group and by Microsoft.
    >>>>
    >>>> Do execute; MSCONFIG.EXE
    >>>>
    >>>> Choose; Startup
    >>>>
    >>>> Find the line that loads...
    >>>> C:\WINDOWS\SYSTEM32\VIVNUFFTO\CSRSS.EXE
    >>>>
    >>>> Uncheck the box for that line.
    >>>>
    >>>> Click on "Apply" then "Close" then "Restart"..
    >>>>
    >>>> --
    >>>> Dave
    >>>> http://www.claymania.com/removal-trojan-adware.html
    >>>> http://www.ik-cs.com/got-a-virus.htm
  23. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "Don Burnette" <d.burnette@clothes.comcast.net>

    | Well, David did all the work, but you are very welcome!
    |
    | Glad you got your issue resolved.
    | Thanks for letting us know,
    |
    | Don Burnette
    |

    Ah, but you did however give clear and concise instructions Don !

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  24. Archived from groups: microsoft.public.windowsxp.general (More info?)

    From: "Swapnesh" <swap_par205@sancharnet.in>


    To add to my previous information...

    I pulled the following from email, which is a Virus Total report, I received from helping
    someone else with a suspicious CSRSS.EXE file.


    This was the results of the csrss.exe scan in the c:\windows\ziplog
    directory [ c:\windows\ziplog\csrss.exe ]

    Antivirus Version Update Result
    AntiVir 6.31.1.0 07.29.2005 no virus found
    AVG 718 07.28.2005 no virus found
    Avira 6.31.1.0 07.29.2005 no virus found
    BitDefender 7.0 07.29.2005 no virus found
    CAT-QuickHeal 7.03 07.30.2005 no virus found
    ClamAV devel-20050725 07.29.2005 no virus found
    DrWeb 4.32b 07.29.2005 BackDoor.Generic.977
    eTrust-Iris 7.1.194.0 07.30.2005 no virus found
    eTrust-Vet 11.9.1.0 07.29.2005 no virus found
    Fortinet 2.36.0.0 07.30.2005 no virus found
    F-Prot 3.16c 07.29.2005 no virus found
    Ikarus 0.2.59.0 07.29.2005 no virus found
    Kaspersky 4.0.2.24 07.30.2005 Trojan-Spy.Win32.WinSpy.a
    McAfee 4546 07.29.2005 potentially unwanted program Winspy
    NOD32v2 1.1183 07.29.2005 probably unknown NewHeur_PE virus
    Norman 5.70.10 07.28.2005 no virus found
    Panda 8.02.00 07.29.2005 no virus found
    Sophos 3.96.0 07.30.2005 no virus found
    Sybari 7.5.1314 07.30.2005 Trojan-Spy.Win32.WinSpy.a
    Symantec 8.0 07.29.2005 no virus found
    TheHacker 5.8.2.077 07.29.2005 no virus found
    VBA32 3.10.4 07.29.2005 no virus found


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  25. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Virus reports are not acceptable in this group, you should be banned for
    posting it. There are virus forums for logs like that please use them.

    --


    The best live web video on the internet http://www.seedsv.com/webdemo.htm
    NEW Embedded system W/Linux. We now sell DVR cards.
    See it all at http://www.seedsv.com/products.htm
    Sharpvision simply the best http://www.seedsv.com


    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
    news:O8K2mAQrFHA.2596@TK2MSFTNGP09.phx.gbl...
    > From: "Swapnesh" <swap_par205@sancharnet.in>
    >
    >
    > To add to my previous information...
    >
    > I pulled the following from email, which is a Virus Total report, I
    > received from helping
    > someone else with a suspicious CSRSS.EXE file.
    >
    >
    > This was the results of the csrss.exe scan in the c:\windows\ziplog
    > directory [ c:\windows\ziplog\csrss.exe ]
    >
    > Antivirus Version Update Result
    > AntiVir 6.31.1.0 07.29.2005 no virus found
    > AVG 718 07.28.2005 no virus found
    > Avira 6.31.1.0 07.29.2005 no virus found
    > BitDefender 7.0 07.29.2005 no virus found
    > CAT-QuickHeal 7.03 07.30.2005 no virus found
    > ClamAV devel-20050725 07.29.2005 no virus found
    > DrWeb 4.32b 07.29.2005 BackDoor.Generic.977
    > eTrust-Iris 7.1.194.0 07.30.2005 no virus found
    > eTrust-Vet 11.9.1.0 07.29.2005 no virus found
    > Fortinet 2.36.0.0 07.30.2005 no virus found
    > F-Prot 3.16c 07.29.2005 no virus found
    > Ikarus 0.2.59.0 07.29.2005 no virus found
    > Kaspersky 4.0.2.24 07.30.2005 Trojan-Spy.Win32.WinSpy.a
    > McAfee 4546 07.29.2005 potentially unwanted program Winspy
    > NOD32v2 1.1183 07.29.2005 probably unknown NewHeur_PE virus
    > Norman 5.70.10 07.28.2005 no virus found
    > Panda 8.02.00 07.29.2005 no virus found
    > Sophos 3.96.0 07.30.2005 no virus found
    > Sybari 7.5.1314 07.30.2005 Trojan-Spy.Win32.WinSpy.a
    > Symantec 8.0 07.29.2005 no virus found
    > TheHacker 5.8.2.077 07.29.2005 no virus found
    > VBA32 3.10.4 07.29.2005 no virus found
    >
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
  26. Just go to this site I built, http://connectionwizard.comoj.com/ there are the programs you need (FREE) and full instructions telling you how to install and uninstall them. When you are done you will be able to get you updates again, your machine will be like you first bought it as well. Take Care
Ask a new question

Read More

Antivirus Windows XP