I seem to have picked up a computer virus that I cannot get rid of.

I have Nortan Anti-Virus Professional installed and fully updated, and have run a system check - nothing came up.


Nothing happens when my machine isn't connected to the internet, but once connected, sketchy "error messages" pop up on my screen at frequent intervals, telling me to go to questionable websites and download patches for Windows :rolleyes:.

I have uploaded pictures of two of the error messages below.
In addition, I found the process for the program that sends the error messages, csrss.exe located in the system32 folder in the Windows install folder. However, I cannot end this process or delete the program - I get an error message.

These messages, when running, also lag the entire system a great deal - they need to be closed which is extremely irritating.


I would really, really appreciate any help or advice, I'm quite poorly informed and experienced when it comes to computer viruses and dealing with them :(

Sounds more like adware then a virus. Since its only working when connected to the net with adds. Is that the only side effect your seeing? It could also be the sites you frequently visit use adds by that company. Any way try the basics like Bazooka, Spybot,Adware, MS Antispyware. Also try panda online scanner. Dont delete anything it finds in the norton folders though. Since some antivirus will say say that other ones are viruses by mistake you may run into this.

That last pic you highlighted in the last to was a real process. It is actually using less RAM than mine was at the time of writing.
what service is (http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/)

Most viruses don't do the popup thing. I am leaning towards Techi's diagnosis. Most adware is poorly coded and can give errors when it tries to do its thing.

Try this to get rid of the offending crap.
http://www.ocforums.com/showthread.php?t=379516

try this. Go to start -> run and type services.msc Scroll all the way down and find the messenger service and disable it. That might stop them.

Thanks a lot guys, I'll try cleaning the system with all of those programs. Yikes, that many different adware/spyware cleaners should certainly do the trick :)

It awfully looks like the messenger service. Just do what TalRW said.
Im guessing your using XP.

Yep, you were right - I just "Disabled" that service, and it looks like the messages are gone :). Thanks :)

I'll still run through with all of the spyware removers for good measure.

Yep, you were right - I just "Disabled" that service, and it looks like the messages are gone :). Thanks :)

I'll still run through with all of the spyware removers for good measure.

Probably not a bad idea ;)

try this. Go to start -> run and type services.msc Scroll all the way down and find the messenger service and disable it. That might stop them.

yep that will get rid of it

It's the Messenger service. Even if you have a good firewall, I found out that the Messenger service pop-ups can still get through!

The solution is to disable the Messenger service.

Thus, not a virus.

This is crazy.

Ad-Aware found 67 questionable processes/files, which it removed. Afterwards, CWSShredder found one CoolWebSearch varient which it removed. After that, X-Cleaner found one malicious file, and one more CWS varient.

How did my machine get all of this junk? I don't download a lot of stuff, and haven't even used this machine online much at all!


Guys, thanks again for the advice, with all of this medicine installed I feel much more secure.

It's the Messenger service. Even if you have a good firewall, I found out that the Messenger service pop-ups can still get through!

The solution is to disable the Messenger service.

Thus, not a virus.

But he still probably has spyware if he's never done a scan before, and it can't hurt anything to check.

felinusz:
The Internet has become a dangerous place! It's incredibly easy to become infected by malware. Regular scans with updated versions of a few different programs can prevent/fix most issues.

I recommend running SpywareBlaster as a preventative measure, switching to FireFox or Opera web browsers, and weekly scans with updated AdAware, Spyware Doctor or SpySweeper definitions.