help me please
Note: I am currently using windows vistaI recently opened an e-mail which said it was from Facebook, but it turned out to be some kind of scam and as soon as i opened the attachments, it automatically downloaded vista Guardian (rogue anti-virus software),sincethen i have successfully got rid of it and most of it's several problems, but it has left something which appears to be impossible to get rid of :(,If i go on Task Manager it is under the name of: 'csrss.exe', i have been told that this is a trojon, but i cannot get rid of it.. when i try to download something to remove it with it blocks it and says that i have to be an administrator (even though i am), when i try to end it's processes in task manager it says: "Operation could not be completed, access is denied, if i right click on it in task manager it says "perform administrative tasks" should i click this option,I have run out of ideas please help me!!!
February 27th, 2010 1:39pm

If your spelling is correct, csrss.exe is a legitimate program if it’s located in the \Windows\System32 folder. However, if it’s located elsewhere, it is bad news and Google will show you many solutions.
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2010 8:44am

If your spelling is correct, csrss.exe is a legitimate program if it’s located in the \Windows\System32 folder. However, if it’s located elsewhere, it is bad news and Google will show you many solutions.
February 28th, 2010 8:44am

Kill processes:av.exe Delete files:%UserProfile%\\AppData\\Local\\av.exe %UserProfile%\\AppData\\Local\\WRblt8464P Delete registry values:HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" This should help!!
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2010 12:07pm

Kill processes:av.exe Delete files:%UserProfile%\\AppData\\Local\\av.exe %UserProfile%\\AppData\\Local\\WRblt8464P Delete registry values:HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" This should help!!
February 28th, 2010 12:07pm

If I see "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"" does this mean that a virus is overriding my virus protection? I'm using Windows 7. I searched the Reg. for "AntiVirusOverride" and found it in the following path. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc I was unable to make any changes. "Unable to delete all specified values." I am logged on as administrator why can't I make changes? Thanks Rick
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2011 5:13pm

If I see "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"" does this mean that a virus is overriding my virus protection? I'm using Windows 7. I searched the Reg. for "AntiVirusOverride" and found it in the following path. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc I was unable to make any changes. "Unable to delete all specified values." I am logged on as administrator why can't I make changes? Thanks Rick
May 15th, 2011 5:13pm

SAVE A COPY BEFORE YOU MODIFY YOUR REGISTRY !!! Too many people think this answer means deleting the Keys - DON'T!! Do more research on your problem. When you think you've found an answer, Confirm it before you act on it. Consider solutions offered here: http://www.dougknox.com
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2011 1:39pm

SAVE A COPY BEFORE YOU MODIFY YOUR REGISTRY !!! Too many people think this answer means deleting the Keys - DON'T!! Do more research on your problem. When you think you've found an answer, Confirm it before you act on it. Consider solutions offered here: http://www.dougknox.com
June 26th, 2011 1:39pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics