AOA Forums AOA Forums AOA Forums Folding For Team 45 AOA Files Home Front Page Become an AOA Subscriber! UserCP Calendar Memberlist FAQ Search Forum Home


Go Back   AOA Forums > Software > Data Security

Data Security Viruses, Firewalls and Safe computing


Reply
 
LinkBack Thread Tools Rate Thread
  #1 (permalink)  
Old 24th February, 2010, 01:06 PM
Rondog's Avatar
Member
 
Join Date: January 2005
Location: Victoria, Australia
Posts: 3,298
Send a message via MSN to Rondog

How to remove Firefox and Internet Explorer redirect virus

As this is my first attempt at writing a guide any feedback would be appreciated.

OK, as some of you know I am self employed as an IT consultant/technician. I cant count how many times per week I have to remove viruses off client computers that are very similar. This guide will take you step by step through removing the nasty little problem that hijacks your Firefox and Internet Explorer browsing.

Some other symptoms are: you cannot open Windows Updates webpage, you cannot open the Malware Bytes web page, or Superantispyware web page, and many other I imagine.

This virus is a file appears as a process in Task Manager named 'csrcs.exe' some of you may note it is very similar in name to 'csrss.exe' which is a process that is required by Windows to function.

I wont go into details of how you got infected, although it infected my machine through my USB stick conveniently. I was on my fiancees laptop at the time, needless to say, that conversation did not end in my favour.

Removal:

First off, anything in quotations is typed text, do not actually type in the quotations unless specifically told.

Open up command prompt by typing in 'cmd' into the run dialogue box and clicking OK.

Typing in the following commands, after each line you need to press the enter key:

cd\
cd windows\system32
taskkill /im csrcs.exe
attrib -h -s -r +a csrcs.exe
del csrcs.exe
exit

Now go to run again and type in 'regedit' and click OK.

Click Edit then Find. Make sure Keys, Values, and Data is ticked and Match whole string only is unticked. Type 'csrcs.exe' in the box and click search, delete all references to this file. Except one, you will find an entry in the following registry hive:

HKLM\Software\Microsoft\Windows NT\Current Version\Explorer\Winlogon

It will be a String value named 'Shell' with a value of 'Explorer.exe csrcs.exe'

DO NOT DELETE this value, Windows wont boot correctly if you do, you must change the value so it reads 'Explorer.exe'

After it has finished searching the registry your almost done.

You should be able to open Malware Bytes web page now, which is Malwarebytes.org you can also download Malware Bytes from files.aoaforums.com

After running a full scan, reboot and you should be OK to browse, if you still experience problems, start a thread describing your problem and send me a private message with a link and I will do my best to respond as soon as I can.
__________________
AOA Team fah

Rig 1: Intel Core i5 750,4gb,HD6870,500gb,W7 Ult x64
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 24th February, 2010, 02:46 PM
Chief Systems Administrator
 
Join Date: September 2001
Location: Europe
Posts: 13,075

Now, I thought that this one was a variant of Spybot. Spybot includes a nice keylogger, as well as the ability to upload/download code and execute it...
__________________
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

Tags
browser hijack , browser redirects , firefox , google search redirects , internet explorer



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Download Internet Explorer 8 from AOA danrok OS, Software, Firmware, and BIOS 0 31st March, 2009 08:41 PM
Internet Explorer 8 Beta 2 HellasVagabond OS, Software, Firmware, and BIOS 4 30th August, 2008 07:18 PM
Internet Explorer 7 Pro chrisbard Random Nonsense! 5 11th October, 2007 12:42 PM
Internet Explorer loses ground to Firefox, Safari in US; holds its ground worldwide Gizmo OS, Software, Firmware, and BIOS 3 1st March, 2007 02:03 AM
Internet Explorer 7 BETA EPoX Tech EPoX MotherBoards 53 2nd August, 2005 04:28 AM


All times are GMT +1. The time now is 12:04 AM.


Copyright ©2001 - 2010, AOA Forums
Don't Click Here Don't Click Here Either

Search Engine Friendly URLs by vBSEO 3.3.0