I am trying to clean a business machine of a particularly nasty virus. The machine isn't actually mine - I was given it and told the owner had no idea what was wrong with it. Initial diagnosis showed the browser hadn't been hijacked, and no ads presented themselves. There were sporadic slowdowns, which were helped by a RAM upgrade, but a strange screen blanking at boot just prior to the initialisation of the VZAccess Manager (The machine is a laptop and uses 3G broadband as the primary connection. I am continuing to use this as I am not willing to risk my home network by connecting to it.) I updated the Manager, which resolved this problem. However, when I looking at the Task manager I noticed a couple programs I haven't seen before - csrss.exe and smss.exe. Further research proved that they were likely viruses. So I began my time consuming routine of running as many (free) antivirus utilities I could. Below is the list of those I've done already.
- avast! Antivirus Boot Time Scan x2 (second one was near the end of the cycle and didn't return any hits) - many hits
- AVG - returned several hits
- SUPERAntiSpyware - returned some hits
- Malwarebyte's Anti-Malware - 24 hits!
- Spybot S&D - returned some hits
- Windows Defender - returned one hit (First time for everything...)
- Avira Rescue CD - returned one hit*
- Ad-Aware -
no hits- ClamWin -
no hits- Stinger -
no hits*Just after I had tried to install COMODO Firewall (with the intent of using it's Defense+ capabilities combined with it's connection notifications in order to detect any "phoning home") my system became unusable. Essentially, explorer.exe would not start. To work around this, I used the Task Manager to run applications and the commandline. It was from the commandline that I was able to Uninstall COMODO. Afterwards, I ran a virus scan with the Avira Rescue CD, which removed the problematic bug and thereafter I was able to install and use COMODO.
--
Unfortunately, though I was able to remove over fifty unwanted objects, nothing solved the csrss.exe or the smss.exe issue. Which brings me here. I am suspecting the user had installed LimeWire, as there is remnants of it's presence in the Program Files folder, which is what I suspect caused all this mess. Hopefully, you all can help me out.
I read the
requirements of posting and cleaned up. In the process of doing so, I discovered a folder - C:\Program Files\microsoft frontpage - that is *supposedly* empty (even with view hidden files on) but is still in use and therefore undeletable.
I also re-ran the virus scans and double checked I had the most up to date JRE, so as to ensure I followed all given directions to the letter.
Thanks for reading my lengthy post.
[Saving space, attachment deleted by admin]
