TechSpot

Cannot find 'C:WINDOWS\config\csrss.exe'

By Martini
May 11, 2009
  1. I was getting this message at start-up:
    Windows cannot find 'C:WINDOWS\config\csrss.exe'

    I started with a scan using Avira and found detections. I included the Avira log along with the others.
     

    Attached Files:

  2. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,436   +37

    Initial detection - gaobot - WINDOWS\config\csrss.exe

    Re: Initial detection, Windows cannot find 'C:WINDOWS\config\csrss.exe'
    see http://www.vub.ac.be/BFUCC/virus/gaobot.html

    RE: AV scan…numerous issues related to P2P/Filesharing and/or Cracks/Warez/KeyGen/Piracy.


    RE: HJT Running processes

    C:\WINDOWS\System32\TUProgSt.exe ? a component of the TuneUp Software from Tuneup Software GmbH,
    Appears to be legitimate… you will need to decide.

    RE: HJT - R0 & R1
     
  3. Martini

    Martini TS Rookie Topic Starter Posts: 18

    Thanks, B00kWyrm.
     

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    [​IMG]Combofix
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    Link 3
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

      [​IMG]

      Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

      [​IMG]

      Click on Yes, to continue scanning for malware.
    • When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Credits to Blind Dragon
     
  5. Martini

    Martini TS Rookie Topic Starter Posts: 18

    I followed the instructions but the Microsoft Windows Recovery Console did not get installed properly. I also got a pop-up that files failed to download.

    When I run Hijack this, I get the following error message (I think I got it the first time I ran it too).:

    Error details: An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=system.ini, sSection=boot, sValue=Shell)
    Error #5 - Invalid procedure call or argument
     

    Attached Files:

  6. Martini

    Martini TS Rookie Topic Starter Posts: 18

    Is there anything else I should do?
     
  7. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,436   +37

    I am not trying to jump in ahead of Bobbye. Bobbye is among the best for this kind of help! and Bobbye stays pretty busy helping people.
    I just saw it had been a couple of days, so I thought I would look at your logs,
    to see if maybe there was an issue with which an inexperienced / untrained helper like myself might help.
    Your combofix log shows Torrent directories, created within the last month. IF you have not done so, then...
    From the Eight Steps...
    and

    Also, if any crack/keygen/warez or other evidence of piracy is found... the helpers are likely simply to withdraw.
    I am not experienced at reading these logs.
    So these should be understood as general foundational principles, rather than specific comments regarding your logs.
     
  8. Martini

    Martini TS Rookie Topic Starter Posts: 18

    I uninstalled UTorrent and LimeWire before posting here. After seeing I had so much spyware, I decided to download Ubuntu. I attempted to use the Ubuntu disc I created to partition my drive and install it, but it wouldn't work. Some Googling revealed that I may have to create an Ubuntu alternate install CD and I had to download this in the form of a torrent, so I re-installed UTorrent. The installation was legit. I hope I'm not being left hanging because of this.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Original problem:
    Combofix shows you are still using uTorrent and SlySoft. I am still uncertain of the extent of the cracks, keygens and pirated software.

    Remove the cleaning tools:
    To remove all of the tools used and the files and folders they created, please do the following:
    Please download OTCleanIt by OldTimer:
    Save it to your Desktop.
    Double click OTCleanIt.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

    EDIT: Apparently the last 2 posts above were being done while I rechecked the logs. My reply still stands.
     
  10. Martini

    Martini TS Rookie Topic Starter Posts: 18

    I didn't realize anything was wrong with SlySoft products? Okay, I uninstalled Utorrent, the Slysoft product and used OTCleanIt.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The SlySoft apps are AnyDVD, CloneDVD, CloneDVD mobile, CloneCD:

    Now you know.
     
  12. Martini

    Martini TS Rookie Topic Starter Posts: 18

    No, I meant I didn't realize anything was wrong with SlySoft products as far as getting help here is concerned. The only thing that is mentioned as not being okay in the 8 Steps thread is file sharing programs due to them being a source of malware.

    Why should you refuse to help me because of what you've selectively chosen isn't okay in your book? I have no moral issues with backing up my DVDs.

    I have been compliant with your wishes so far except for installing uTorrent to obtain a legal copy of Ubuntu. I have then deleted it and also deleted the SlySoft product as you're not okay with it. Why are you not telling me if PC cleaning is finished or if I need to do something further?
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am a volunteer here, like everyone else. I choose not to continue. I have the right to do this.
     
  14. Martini

    Martini TS Rookie Topic Starter Posts: 18

    Oh, I know you have the right; I wasn't talking about you breaking any laws or violating the Constitution. I'm talking about common courtesy. By participating here, you've effectively stopped anyone else from helping me. And for what? Because I used uTorrent to download Ubuntu? It honestly slipped my mind that having uTorrent installed was part of the agreement in the 8 Step thread.

    My use of a SlySoft product was not in any violation of any rules, but you mentioned it as if I should have known that this was going to stop you from helping me.

    So, I delete both the SlySoft product and uTorrent. You then tell me to use OTCleanIt by OldTimer. I do that and post back here. Do you post back with further instructions? No. You post back about what SlySoft products do. This makes no sense. Why tell me to use OTCleanIt and drop further support because I had used Utorrent and a SlySoft product earlier, but uninstalled them and after that you posted with advice about using OTCleanIt?

    I'll PM a mod and see if I can get help from here on from someone else.
     
  15. Martini

    Martini TS Rookie Topic Starter Posts: 18

    B00kWyrm, would you mind passing this thread along to a mod? I don't have enough posts to PM. Thanks.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...