Tuesday, March 30, 2010

My Way of csrss.exe Viring (Removal) >>

.
Feeling slow??
Recently I get infected by csrss.exe and my computer generate Kamicak folder in every USB I insert. X-O
So, armed with my little knowledge, I fight back that csrss.exe culprit once and for all~~

Firstly, What is csrss.exe?
Answer from Wiki:
  • csrss.exe stands for Client/Server Runtime Subsystem - a component of Microsoft Windows NT operating system.
  • it provides the user mode side of the Win32 subsystem and is included in Windows 2000, XP, 2003, Vista, Server 2008 and the latest OS, Windows 7.
  • because most of the Win32 subsystem operations have been moved to kernel mode drivers, in Windows NT 4 and later csrss.exe is mainly responsible for Win32 console windows, GUI shutdown, and threading.
  • csrss.exe is a critical system operation, terminating it will results the infamous blue screen of death (BSOD)~
  • and, under normal circumstances, csrss.exe cannot be terminated with the taskkill command or with the Task Manager, though it is possible in Vista if the Task Manager is run in Administrator mode.

Yes, csrss.exe is a critical windows process, deleting is on your own discretion. ;-P   But, because lame virus programmer love to play with every antivirus software out there, they 'masks' the real csrss.exe with another one that spreads spyware/malware in our computer~   X-O

Then, how to remove (stops) the fake csrss.exe??
I've done searching the web for it, and this is a list of how to do it~ Read all of it, and choose the method which you understands best. Please make a backup of your operating system in case of anything bad happen later, huhu... (God forbid anything bad happens~)
  • Yahoo! Answer : How to remove csrss.exe? This site teaches how to do it by using another Windows profile to delete the infected profile.
  • eHow.com : How to clean csrss.exe. This one is using safe mode to execute TrendMicro CWShredder.exe to remove both csrss.exe and CoolWebSearch.
  • HowtoFixComputers.com/forum :You can try several options here. Clean and verify add-ons one by one to detect the culprit, or use online/offline scanner, or manually removes csrss.exe in Windows entry.
  • Neuber.com : Nimda.E? You can read many many ways to information about csrss.exe here.
  • SpywareRemove.com : Manual detection and anti-spyware software..
  • File.net : Read lots of csrss.exe story under the description~~

Alternative method??
You might want to use my way of csrss.exe viring~ It works for me, but you might dislike the software I'm using (GVR.exe)~   :-O Below is my pdf on how to do that~ (DocStoc sometimes loads very slow mo...) :-(