help me please
Note: I am currently using windows vistaI recently opened an e-mail which said it was from Facebook, but it turned out to be some kind of scam and as soon as i opened the attachments, it automatically downloaded vista Guardian (rogue anti-virus software),sincethen i have successfully got rid of it and most of it's several problems, but it has left something which appears to be impossible to get rid of :(,If i go on Task Manager it is under the name of: 'csrss.exe', i have been told that this is a trojon, but i cannot get rid of it.. when i try to download something to remove it with it blocks it and says that i have to be an administrator (even though i am), when i try to end it's processes in task manager it says: "Operation could not be completed, access is denied, if i right click on it in task manager it says "perform administrative tasks" should i click this option,I have run out of ideas please help me!!!
February 27th, 2010 1:39pm
If your spelling is correct, csrss.exe is a legitimate program if it’s located in the \Windows\System32 folder.
However, if it’s located elsewhere, it is bad news and Google will show you many solutions.
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2010 8:44am
If your spelling is correct, csrss.exe is a legitimate program if it’s located in the \Windows\System32 folder.
However, if it’s located elsewhere, it is bad news and Google will show you many solutions.
February 28th, 2010 8:44am
Kill processes:av.exe Delete files:%UserProfile%\\AppData\\Local\\av.exe %UserProfile%\\AppData\\Local\\WRblt8464P Delete registry values:HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" This should help!!
Free Windows Admin Tool Kit Click here and download it now
February 28th, 2010 12:07pm
Kill processes:av.exe Delete files:%UserProfile%\\AppData\\Local\\av.exe %UserProfile%\\AppData\\Local\\WRblt8464P Delete registry values:HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-modeHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1" This should help!!
February 28th, 2010 12:07pm
If I see "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center "AntiVirusOverride" = "1"" does this mean that a virus is overriding my virus protection?
I'm using Windows 7. I searched the Reg. for "AntiVirusOverride" and found it in the following path. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Svc
I was unable to make any changes. "Unable to delete all specified values." I am logged on as administrator
why can't I make changes?
Thanks
Rick
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2011 5:13pm
If I see "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center "AntiVirusOverride" = "1"" does this mean that a virus is overriding my virus protection?
I'm using Windows 7. I searched the Reg. for "AntiVirusOverride" and found it in the following path. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Svc
I was unable to make any changes. "Unable to delete all specified values." I am logged on as administrator
why can't I make changes?
Thanks
Rick
May 15th, 2011 5:13pm
SAVE A COPY BEFORE YOU MODIFY YOUR REGISTRY !!!
Too many people think this answer means deleting the Keys - DON'T!!
Do more research on your problem. When you think you've found an answer, Confirm it before you act on it.
Consider solutions offered here: http://www.dougknox.com
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2011 1:39pm
SAVE A COPY BEFORE YOU MODIFY YOUR REGISTRY !!!
Too many people think this answer means deleting the Keys - DON'T!!
Do more research on your problem. When you think you've found an answer, Confirm it before you act on it.
Consider solutions offered here: http://www.dougknox.com
June 26th, 2011 1:39pm