PC problems (PWSteal related?)

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

A while back I started getting an error box when I boot up my PC. It's just
a small box and the only thing it says is "Error" - that's suspicious. I
have Norton Anti-Virus and keep it up-to-date. One day, it alerts me that a
file is trying to run (c:/documents and settings/<myname>/csrss.exe) and the
virus is PWSteal.ldpinch. I try to delete/quarantine it and it won't let me.
I keep trying (re-running Norton) and eventually it appears to be gone. A
few days go by and I start getting the error box again, so I look in Task Mgr
and find that csrss.exe (from the same directory location) and kill it, the
error box goes away.

Now, there may be several problems here...I cannot disable system restore so
I wonder if every time I get rid of it, it's restoring itself? The system
restore thing is bizarre - there is no tab for it under System Properties, I
tried executing the rstrui.exe and complains that winsta.dll is missing, but
it's there.

I also tried to delete the registry files for the PWSteal virus according to
Symantec's instructions, but didn't find any of them.

Sorry if this is confusing...can anyone help???!!!
 
1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt249.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Trend Sysclean, Stinger and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point

You can also try some of the below online scanners.

BitDefender:
http://www.bitdefender.com/scan/license.php

Computer Associates:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

DialogueScience:
http://www.antivir.ru/english/www_av/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

Freedom Online scanner:
http://www.freedom.net/viruscenter/index.html

Kaspersky:
http://www.kaspersky.com/de/scanforvirus

McAfee:
http://www.mcafee.com/myapps/mfs/default.asp

Panda:
http://www.pandasoftware.com/activescan/

RAV
http://www.ravantivirus.com/scan/

Symantec:
http://security.symantec.com/

Trend:
http://housecall.antivirus.com
http://housecall.trendmicro.com


* * * Please report your results ! * * *

Dave



| A while back I started getting an error box when I boot up my PC. It's just
| a small box and the only thing it says is "Error" - that's suspicious. I
| have Norton Anti-Virus and keep it up-to-date. One day, it alerts me that a
| file is trying to run (c:/documents and settings/<myname>/csrss.exe) and the
| virus is PWSteal.ldpinch. I try to delete/quarantine it and it won't let me.
| I keep trying (re-running Norton) and eventually it appears to be gone. A
| few days go by and I start getting the error box again, so I look in Task Mgr
| and find that csrss.exe (from the same directory location) and kill it, the
| error box goes away.
|
| Now, there may be several problems here...I cannot disable system restore so
| I wonder if every time I get rid of it, it's restoring itself? The system
| restore thing is bizarre - there is no tab for it under System Properties, I
| tried executing the rstrui.exe and complains that winsta.dll is missing, but
| it's there.
|
| I also tried to delete the registry files for the PWSteal virus according to
| Symantec's instructions, but didn't find any of them.
|
| Sorry if this is confusing...can anyone help???!!!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

restore issues 1
Is csrss.exe a virus? 6
startup problem 10
System 32 3
cannot use system restore on xp 3
System Restore Error 1
Rstrui.exe 3
New startup error 10

Back
Top