TechSpot

HELP! csrss, conhost and dwm viruses!

By fk999
Jun 7, 2011
  1. Huge virus problems – help needed !

    Running Vista – have three processes on task manager which every time I end they just keep restarting themselves – causing browser hijack and all files to be hidden – although I got around this by enabling viewing of hidden files.

    The three processes are conhost.exe, dwm.exe and csrss.exe. – googling has told me these are viruses yet I cant update my McAfee or AVG as the virus doesn’t let either update and I cant install Malwarebytes either on normal or safe mode as I get a “access is denied message”

    Really am struggling and any help would be invaluable.

    Thanks

    Faz
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot!

    Please go back and rehide the files and folders. It sounds like you have malware and also system problems.

    Are you the Administrator on that system? These 3 processes are legitimate processes if they are in the correct location: conhost.exe, dwm.exe and csrss.exe But you can't determine that in the Task Manager.

    What do you mean by the hijack? Are you being redirected to a site other than what you have chosen?

    As for the hidden files, there is malware now that is making it appear that files and programs are missing, or that there are 'serious problem' with the system. So it is important that you do not act on any alerts of this nature. However, if it is this malware, you can't see the 'hidden' files by changing the setting. So it's important you go back into Folder Options and set the view tab checks back to 'do not show hidden files and folders' and also 'hide system files (Recommended)'

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: See my note at the end about Malwarebytes if you have downloaded the version on our 7 step thread. If you have not, then uninstall it and follow the link and install from the thread. Save it to desktop and run Randmbam first. It is important that you have the latest version and database or it will not find new malware.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Regarding Malwarebytes, if you got it downloaded but can't run it, leave it on the desktop, then:
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...