| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 88751 | 2008-04-08 04:59:00 | MSN broke | Wardog (6821) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 656970 | 2008-04-08 05:43:00 | You've got something nasty Run HJT again tick these then tick fix checked Close browsers This. This is a windows file, but it shouldnt be in this folder. C:\WINDOWS\Media\csrss.exe Should only be in one place Which is C:\Windows\System32 F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" Then reboot, and see if the above still appear in a HJT log I would get trojan reover in my sig update it, then click on scan after you tick the above. Then select all options under utilities |
Speedy Gonzales (78) | ||
| 656971 | 2008-04-08 05:45:00 | Hurrm. In that case don't use LSPFix. Run CCleaner (www.ccleaner.com) through. Clean out temp files and do a registry clean. Is Proxifier able to be disabled? I wonder if that's causing the problem. I kept stuffing around with the settings, there seemed to be a SOCKS proxy in the connection settings, but I don't even use SOCKS :|, I took it out regardless. But I kept doing "test" in the advanced settings in connection, and now it seems to work. But I fear that it might cut off, or next time I try to sign in, it won't work. Thanks guiz. |
Wardog (6821) | ||
| 656972 | 2008-04-08 05:45:00 | Have you checked to see if the firewall is not blocking MSN ?? If its Ok you can try this , its a work around that sometimes works sometimes doesn't Edit your Hosts file - go to My computer, make sure the hidden files are allowed, tools/Folder Options/View/ show hidden files. Next go to C:\WINDOWS\system32\drivers\etc\hosts file - right click it, Open Select notepad, and add in the following two lines after the last entries making sure they are both on the very left one under another: 65.54.239.80 messenger.hotmail.com 65.54.239.80 dp.msnmessenger.skadns.net Save and close, try messenger. You can also download a exe file I found from a MS MSN forum that does this for you Here (dl3u.savefile.com)- just tried it and it adds in the entries for you. Note its only a work around, not the full fix to the problem. |
wainuitech (129) | ||
| 656973 | 2008-04-08 05:51:00 | I think you've got Sokacaps a backdoor (www.symantec.com) Backdoor.Sokacaps is a Backdoor Trojan Horse that is controlled through IRC. While this Trojan allows basic remote control of the victim's machine, it was primarily designed as a tool to preform a Denial of Service (DoS) attack. Thats how this: C:\WINDOWS\Media\csrss.exe And this F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe Appeared in your log As it says on the Symantec site do this: Windows NT/2000/XP To end the Trojan process: 1. Press Ctrl+Alt+Delete once. 2. Click Task Manager. 3. Click the Processes tab. 4. Double-click the Image Name column header to alphabetically sort the processes. 5. Scroll through the list and look for Csrss.uzy. 6. If you find the file, click it, and then click End Process. 7. Exit the Task Manager. |
Speedy Gonzales (78) | ||
| 656974 | 2008-04-08 05:52:00 | I ticked "fix ticked" and repaired/deleted the two files, and with Trojan Remover, no malicious files were found. | Wardog (6821) | ||
| 656975 | 2008-04-08 05:54:00 | I ticked "fix ticked" and repaired/deleted the two files, and with Trojan Remover, no malicious files were found. Sweet, generate a new HJT log and post it. Also delete everything in the c:\windows\media folder. See if anything re-appears after a reboot. |
wratterus (105) | ||
| 656976 | 2008-04-08 05:54:00 | Go to the symantec site and do what it says under removal And what I posted in my previous post |
Speedy Gonzales (78) | ||
| 656977 | 2008-04-08 05:55:00 | There seems to be two "csrss.exe" entries, but no csrss.uzy file. Cannot delete files in /media, and I cannot exit the processes. Blargh. "This is a critical system process. Task Manager cannot end this process." |
Wardog (6821) | ||
| 656978 | 2008-04-08 05:56:00 | If you've deleted those 2 entries in HJT, reboot then post another log | Speedy Gonzales (78) | ||
| 656979 | 2008-04-08 05:56:00 | There seems to be two "csrss.exe" entries, but no csrss.uzy file. Try to kill them both - one is a vital system process and won't let you end it. Hopefully the other one is the dodgy one. Do that, do what Speedy and myself said in the earlier posts, reboot and post another HJT log. I'll leave you with Speedy now, too many cooks. :p Good luck |
wratterus (105) | ||
| 1 2 3 | |||||