I know what this is. I know how to fix it.
Monday, August 4, 2003 at 11:57 pm
Windows XP Annoyances Discussion Forum
Posted by knigitz
(1 messages posted)
A lot of people have been posting about their task manager, regedit or msconfig closing
automatically as soon as they open. This should help you all.
- It is a worm, that's for sure.
- There is no common name, but the random name scheme it uses are system files and
it either:
- changes one letter
(csrss.exe -> cscss.exe)
- or adds 32 to the end of the filename
(msconfig.exe -> msconfig32.exe)
How to find out what file is our trojan..
1. Copy task manager to desktop and rename to: helpme.exe
2. Open helpme.exe and search for processes that fit the random name scheme and close
that process. Open something that was closing previously and see if it still closes.
When it stops closing, that file is our trojan!
Scan your registry and harddrives for this filename and delete all traces of this
file.
You may also want to check your startup folder in your start menu, make sure hidden
and system files are visible. Delete anything that doesn't belong and scan your registry
and harddrives for traces of these files as well.
This should work, at it has for me after numerous reboots. It still recreates the
trojan file, but no longer loads it. That is a good sign, but I have no clue why
it still makes the file.
This file does send information to computers accross the internet, and most likely
spreads through email clients and file transfer. it also may spread accross networks
and webpages. i'm not sure exactly how it spreads, but these all may be valid.
|
All messages in this thread [show all]
 |  | | | | | | | | | | | | |  | 35 O_o (TagDaze: Sun, Aug 10, 2003, 3:06 am) |
| | | | | |  | I know what this is. I know how to fix it. (knigitz: Mon, Aug 4, 2003, 11:57 pm) |
| |
| |
Return to the Windows XP Discussion Forum
|
|
