Virus + Network Problems

[agissi]

Well its come to my attention I have a virus. Looked it up, and it has serveral formations, knowen as many diffrent kinds of viri. I believe I have the Nimda virus. Heres some stats on it:

http://www.viruslist.com/eng/viruslist.html?id=51071

Its a pain, I cant get it to go away, however it does no harm. It spreads via LAN, so 3 other computers in the house also have it. I scanned on Norton, it found the files but couldnt delete cuz it was in use. However it told me where the files were. I went into Safe mode and deleted the csrss.exe file (whats running on my comp. now, as a "critial system process" so i cant end it). I also deleted another file along with that.. forget what it was. Got back into regular windows, turns out it was still running. Rescanned with Norton, it didnt find it this time. Not to mention, the virus makes 5 copys of it self or so, Norton only found 2. Note I've downloaded the latest Virus Definions with NortonAV. I went onto their site, followed the link below:

http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html

Did what they said, the tool that scans your computer didnt find the viri either!! Its running right now, the executable csrss.exe. I must have a later version it cant find Once I got done with that scanning, I rebooted and now I cant access other computers, or Network [virtual] drives, unless the Network drive is on the computer im using (then I can access it) or Im on the computer that I want to connect to.

Example:

Computer1 *Trys to connect to* Computer 2 HD= Fail
Computer 2 can access Computer 2's HD = Works *duh*
Computer 2 *Trys to connect to* Computer 1's Network Drive = Fail
Computer 1 can *Trys to connect to* Computer 1's Network Drive= Works *duh*

^Just for clarification^

When I try to connect, it asks for a password. . I enter the correct password for the computer im trying to access and it still wont connect I checked secuirty and nothing had changed. Messed around, ended up putting stuff back at defualts and it still doesnt work. I've never even made it so you need a password to access the computer or network drive on the lan. Normally it just connects right away, no passwords, or anything.

Anyone have any ideas? I just want to be able to connect to other computers on the lan (like I always have been able to do), and from my siblings computer have them be able to access my computers Network Drive. If I could just get this back to working, I'll just leave the virus alone. Im not formatting, unless I get a DVD Burner prompto (<--Not gonna happen ).

 

[StormBringer]

csrss - csrss.exe - Process Information
Process File: csrss or csrss.exe
Process Name: Client/Server Runtime Server Subsystem
Description: The Windows Client Server Runtime Subsystem handles Windows and Graphics Functions for all Subsystems
Common Errors: N/A
System Process: Yes

You reference that service, why? It has nothing to do with Nimda.

Have you tried NAV's advanced settings, there is an option in there that does a heuristic scan, it can sometimes identify unknown infections and things not yet in the defs. It looks for things that are common to other virii or something like that. It can give false positives, but it can also identify things that would otherwise be missed. Just be careful using it because jscripts, vbscripts and word macros may be identified as virii even if they are not.

 

[agissi]

Well why does on VirusList.com it say

it also creates new hidden files that are components of the worm:


%SystemRoot%\SMSS.EXE
%SystemRoot%\CSRSS.EXE
%SystemRoot%\System32\LADY.EXE

Then it registers the files SMSS.EXE and CSRSS.EXE in the system registry so that they execute upon system reboot:


[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
@="smss.exe"
@="csrss.exe"

Using the additional components SMSS.EXE and CSRSS.EXE the worm tries to mask (hide)itself in the system

then again this for a Worm.Win32.Ladex, which im pretty sure is a kind of the Nameda worm. Maybe not since that Nimeda scanner didnt find a Nimeda worm

 

[Th3M1ghtyD8]

http://www.viruslist.com/eng/viruslist.html?id=4261

Presumably this is the virus you have, in which case CSRSS.EXE is completely unrelated AFAIK, and should be okay.

 

[agissi]

rotf.. in that case I probbly deleted the real csrss!!! LOL.. no not really. Well everything seemed to work a-ok after I had done that anyways.

Thx D8 for that link.. maybe that is what I have.

Aside from the virus, anyone have ideas on how to fix my network problem?

 

[agissi]

Below is the pic where my success fails.. why does it come up with this all of a sudden

 

[agissi]

*bump*

can no one help me?

 

[Didou]

Well click on the Shared folder & go to the Shared tab then Authorisations. See what Users are given access to it & what are the permissions.

 

[agissi]

Ive done that and everyone has full rights :blackeye: Though I seem to have forgotten how to get to that place where you can edit the Sharing options..

If I rightclick the folder and goto Sharing and Security it comes up with this.. which isnt where you can choose who has what rights and who doesnt.

 

[Didou]

Well, try this. Create a user on the machine 2 for example & set a password. Then try to connect to the Shared documents on the machine 2 using that user/pass. Does it work ?

 

[agissi]

Nope I did that in the begginning. I cant make anything connect to this PC Im on, and also on this PC, i cant connect to any others..... I uninstalled the Ethernet driver, and reinstalled the latest one on Asus's website and that did nothing. So it cant be the sharing settings on this computer if I still cant connect to other computers on the LAN. I cant do a System Restore because before I did this virus scanner, it said I had to turn it off, so all my dates got erased!

EDIT:

However I just remembered, I did this virus scanner on both computers. Ever since I used it, both computers havnt been able to connect to each other. Must have been something the scanner changed? Im going to go get on my moms VAIO and see if that can connect to either computers (the 2 that I did the scanners on)

Edit2

the vaio couldnt connect to either of the two computers. :dead: This is bad, I really need to be able to share files over lan! :dead:

 

[StormBringer]

Have you replaced smss and csrss? The ones that are supposed to be there I mean, not the ones you say were created by the virus or whatever.

 

[agissi]

No I havnt.. I kinda (well not really kinda) forget where the files were. Im an idot eh? Talk about learn from your mistakes.

 

[StormBringer]

well, depending on what you actually removed(whether it just disabled the service, or actually removed it) you may be able to enable them again using "msconfig". I would think that if you actually removed vital parts of them, such as their exe files, you would get an error stating that they could not be found.

 

[Didou]

Try doing net use X: \\Bucky\SharedDocs /USER:<user> /PERSISTENT:yes

Replace X: with the drive letter to which you want to map the shared drive.

You'll be prompted for a password & you'll probably get an error message ( & a reference N° ).

See if you can find that Error N° HERE.

*EDIT* Type that command in a console prompt of course.

 

[agissi]

I didnt get the kind of error I was expecting. See picture for more information.

 

[Didou]

No no no no no

net use x: <space> \\Bucky\SharedDocs /User:<user> /PERSISTENT:yes

In this example, X: is the drive on your machine to which you connect the shared drive. \\Bucky is the name of the other machine to which you wish to connect ( I got that from your previous Pic ).

 

[agissi]

I think you got it a bit mixed around. The shared drive, is on the computer "Bucky". My other desktop is Elizabeth, which I want to be able to access Bucky's shared drive..

So on Elizabeth, when I try connect to Bucky I would type in:

C: \\Bucky\SharedDocs /User:Buck-Bumble /PERSISTENT:yes


Would that be right? Or would the "x" be the letter of the shared drive on Bucky (that would be Z). In which case I would put

Z: \\Bucky\SharedDocs /User:Buck-Bumble /PERSISTENT:yes

Correct? Well I hope not because when I enter either of those, I get the same error as I did before when I was doing it wrong... :evil:

 

[Didou]

Ok one more time.

Say you are working on the Elizabeth machine & you want to connect to Bucky. Type this ( Replace the "." with space ).

net.use.X:.\\Bucky\SharedDocs./User:Buck-Bumble./PERSISTENT:yes

If that command does work, on the Elizabeth machine, you will have a new drive, accessible by X: that will point to Bucky's shared folder.

If it doesn't work, you'll get an error message & then you try to find the error code on the link I provided you with.

I hope it's clear now.

 

[agissi]

Ahh Didou :hotouch: I dont see what Im doing wrong.. lol, it looks so black and white. Heres a screen shot so you can see exactly what I did.

ps, we need a chat room or something so we dont have to go back and fourth like this

 

[Didou]

Uh Agissi, that line I gave you, you're supposed to type it in a command prompt.

Start Menu -> Run -> cmd

If you still have problems : 3DSpotlight IRC Channel

 

[agissi]

rotf! where does it say that though? :dead: ok ill go put it in cmd

 

[agissi]

k when I enter that in command prompt, it says for me to:

" enter the password for 'Buck-Bumble' to connect to 'Bucky' "

Thats pretty much what I get in windows.......

 

[Didou]

& why don't you enter the password ?

On the Bucky machine, make sure the Buck-Bumble user exists & has a password set. That's the password you should enter when prompted.

 

[Didou]

Would it happen to be working now ???