July 13th, 2003, 01:12 AM
cscrss.exe Backdoor Virus?
Alright, I ran the Trend Micro online virus scanner and it ran across my csrss.exe file being infected. Obviously I can't just delete it. I checked out the folder it's in and came across a file called csrss.exe.manifest file as well. I'm not sure what this means. I checked out the source in notepad and here's what I got:
If you look closely, you can see "Evil Karma is GOD " in there, leading me to assume something is amiss. Before I attempt to repair it or download a virus scanner that can clean it, does anyone have any suggestions?
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="126.96.36.199"
type="win32" /> <description>Windows Core Component Kernel32 -
Evil Karma is GOD ;).</description> <dependency>
<dependentAssembly> <assemblyIdentity type="win32"
language="*" /> </dependentAssembly> </dependency> </assembly>
July 13th, 2003, 01:27 AM
There are 2 viruses that I found through google that tamper with the csrss.exe the first one
is the Melare worm and the second one is the ladex worm .
For removal instructions you can check out the websites they give you the way to do it but you best use some antivirus program like symantec antivirus or Mcafee , or Sophos or f-secure (need I go on )
then you don't have to do all that work
The melare worm is low risk and spreads through mail mostly ..the other is a bit more serious and uses (or tries to use shares)
Hope this helps a little
Back when I was a boy, we carved our own IC's out of wood.
July 13th, 2003, 03:00 AM
Thank you kindly.