CSRSS.EXE and SERVICE.EXE Running 2 Copies

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have a Compaq Presario with Win XP Home. I have (2) files that are
running on the PC in Start-Run-Msconfig-Startup and they are CSRSS.EXE
abd SERVICE .EXE I also have a rogue directory that was created as
c:\windows\ziplogs. In this folder are the running applications od
CSRSS and SERVICE.

I have run Norton anti-virus, AVG antivirus, Spybot and AdAware.
Nothing shows up. The applications are running in both W32 system and
in c:\windows\ziplog. It is obvious the ziplog file is either a virus
or trojan file.

I tried to boot to Safe Mode to try and remove the rogue files. The PC
would not let me do an F-8 and get to Safe Mode. I could do an F-8,
get to the Safe Mode splash screen and the only thing it would let me
do is load the PC normally. I went to Run-MSCONFIG and went to
boot.ini and clcked on the boot to safe mode and that created a mess.
The PC was stuck in a Safe Mode splash screen reboot cycle. All it
would do was display the Safe Mode splash and no matter what you
selected, the PC would reboot and you could get back to Win XP.

I had to remove the drive, stick it in my back-up PC, open Notepad,
find the back-up boot.ini and restore the file. Once I did this and
placed it back in the PC it would boot to Win XP home again.

The PC keeps going low on virtual memory and the page file has
increased to 1.2 gb. I can't figure out what to do nect othere than
to slick the drive and start over. I don't want to do this and hate
the fact that I can't find out just what these files are. I though it
was a variant of the w32 virus and ran both Norton removal tools for
versions A and E and it said that the viruses were not found on the
PC.

Anyone have ANY ideas??? This one has whupped me good.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Search Google - plenty info on CSRSS.EXE and SERVICE.EXE. Evidently files
can be l;legitimate or malware. - check out the removal utility "Stinger" at
McAfees AVERT site.

--
--------------------------------------------------------------------------------------------------------------------------
AL(KB3U) & Darlene Romanosky N. Ft.
Myers, FL
--------------------------------------------------------------------------------------------------------------------------