I
Ivan Debono
Hi all,
Norton said that the above file was a threat so it deleted it. The file was
located in c:\windows\winsock. I still have a csrss.exe in system32 and a
task with the same name is running under the SYSTEM user.
So I guess the file in the winsock folder was actually a threat. On startup
I get an error msg that the winsock\csrss.exe is missing.
Now I have the following registry entries:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell="Explorer.exe c:\windows\winsock\csrss.exe"
Userinit="C:\WINDOWS\system32\userinit.exe,c:\windows\winsock\csrss.exe"
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\WINDOWS\winsock\csrss.exe="C:\WINDOWS\winsock\csrss.exe:*:Enabled:Microsoft
(R) Windows TCP/IP Socket Driver"
HKLM\SYSTEM\ControlSet001\Services\winsck
ImagePath="C:\WINDOWS\winsock\csrss.exe"
HKLM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\WINDOWS\winsock\csrss.exe="C:\WINDOWS\winsock\csrss.exe:*:Enabled:Microsoft
(R) Windows TCP/IP Socket Driver"
HKLM\SYSTEM\ControlSet003\Services\winsck
ImagePath="C:\WINDOWS\winsock\csrss.exe"
HKLM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\WINDOWS\winsock\csrss.exe="C:\WINDOWS\winsock\csrss.exe:*:Enabled:Microsoft
(R) Windows TCP/IP Socket Driver"
HKLM\SYSTEM\CurrentControlSet\Services\winsck
ImagePath="C:\WINDOWS\winsock\csrss.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows
load="C:\WINDOWS\winsock\csrss.exe"
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows
load="C:\WINDOWS\winsock\csrss.exe"
What should I do with all these entries??
Thanks,
Ivan
Norton said that the above file was a threat so it deleted it. The file was
located in c:\windows\winsock. I still have a csrss.exe in system32 and a
task with the same name is running under the SYSTEM user.
So I guess the file in the winsock folder was actually a threat. On startup
I get an error msg that the winsock\csrss.exe is missing.
Now I have the following registry entries:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell="Explorer.exe c:\windows\winsock\csrss.exe"
Userinit="C:\WINDOWS\system32\userinit.exe,c:\windows\winsock\csrss.exe"
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\WINDOWS\winsock\csrss.exe="C:\WINDOWS\winsock\csrss.exe:*:Enabled:Microsoft
(R) Windows TCP/IP Socket Driver"
HKLM\SYSTEM\ControlSet001\Services\winsck
ImagePath="C:\WINDOWS\winsock\csrss.exe"
HKLM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\WINDOWS\winsock\csrss.exe="C:\WINDOWS\winsock\csrss.exe:*:Enabled:Microsoft
(R) Windows TCP/IP Socket Driver"
HKLM\SYSTEM\ControlSet003\Services\winsck
ImagePath="C:\WINDOWS\winsock\csrss.exe"
HKLM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
C:\WINDOWS\winsock\csrss.exe="C:\WINDOWS\winsock\csrss.exe:*:Enabled:Microsoft
(R) Windows TCP/IP Socket Driver"
HKLM\SYSTEM\CurrentControlSet\Services\winsck
ImagePath="C:\WINDOWS\winsock\csrss.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows
load="C:\WINDOWS\winsock\csrss.exe"
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows
load="C:\WINDOWS\winsock\csrss.exe"
What should I do with all these entries??
Thanks,
Ivan