Quote:
Originally Posted by HKNewBi  Guys,
Hope you can help. Got my first virus / trojan on my PC. I have cleared loads of these up from friends / relatives PC's over the years, but first time I get one on my machine, I can't seem to figure out what it is.
My virus checker finds it, doesn't give any info as to the name except Trojan Horse Dropper.Agent.BVY and can't seem to deal with it.
It lives in the c:\documents & settings\username\Local Settings\Temp\RarSFX0 folder and will increment the folder name (ie RarSFX1 onwards)
The virus checker quarantines a file called tshz093.exe and there is another file csrss.exe in that folder. CSRSS.exe is running twice as two separate processes and they can't be stopped.
Booting up to safe mode and removing those folders doesn't seem to do it.
A search of the registry for those files hasn't helped (1 entry found an removed). Nothing in the Run or Runonce keys in the registry.
There is also an odd process running in task manager - 927up.exe
Checked google, symantec etc for a few of these keywords but don't get anything back.
It also pops up some odd winrar box from time to time.
Anyone know what this is and how to get rid?
Thanks |
I have exact same problem and its doing my head in. Run a couple of spyware programs but nothing comes up..
Ran CCleaner and deleted all temp files, as this is where it's hiding. Killed the csrss (under username, not system) with Hijack this. Removed registry entries pointing towards the 927up file. Also kill and delete the file with Killbox.
When restart and browse the internet it keeps popping back.
The 927up.exe installs itself into C:\program files and the the other csrss process comes up in task manager..
Please help get rid of this file..
