Pages

Showing posts with label virus. Show all posts
Showing posts with label virus. Show all posts

Wednesday, September 29, 2010

Don't worry. Its just Csrss.exe

I told in my last blog about csrss.exe. When I searched, there is some pages telling that it is a trojan. But Microsoft's official website tells that it is the process necessary for maintaining LAN connection. But you can't just let it be. As it is maintaining network connections, it can be easily hacked by a network intruder. So always have a look at it. 

As a best practice, when you install a new Operating System, make a note of all the processes running in your computer and also the other details about those processes like memory usage, CPU usage, description, location etc,. Whenever you install new software some new processes will be added to your computer. So after installing a new software, update your note. I installed my new Windows-7(I have to rely on  windows. Because my usb modem is platform dependent) some days before. Now the file size of csrss.exe is 944 kb  and CPU usage is 00 (But no process can't run without using CPU) and having no description.

If you see csrss.exe is using very large memory and its CPU usage goes beyond 50%, you can conclude that, csrss.exe is infected with some viruses. Commonly the attack performed over csrss.exe is memory hijacking attack. The compromised csrss.exe will also use the memory space alloted for other programs. Because of less memory available, that program will run slowly. So you'll feel that your computer is getting slow. That is common. Also there are some trojan, that will run in the name of csrss.exe, which will steal you passwords and other sensitive information.

If you suspect csrss.exe is infected, immediately stop that process by running task manager in administrator mode. And scan your computer with a better anti virus program.
Posted by Balakumaran at 8:39 PM 0 comments
Labels:

Tuesday, September 28, 2010

Commgr.exe! oh ****

Open task manager in your computer by hitting Ctrl+Alt+Del or Shift+Ctrl+Esc or by typing taskmgr.exe in command prompt or run. Now look into the processes running in your computer. If you see commgr.exe there (Not conmgr.exe, which is an important service), you are really in trouble. Today morning I saw that in my task manager. I felt something unwanted happening in my computer. Because I didn't install any new software. So how its been added. I asked my brother. He told he copied some songs form my computer to his friend's pen drive. Now a bulb glowing above my head, that it might be a virus. 

I immediately googled about it. Google always has answers. I found 26,200 results from Google and also a suggestion for conmgr.exe.  I moved to the first link Google present. It said commgr.exe is a malware program, and first detected ............. a lots of information. Thats not important to me. Its a virus. Its enough. I simply select the process and give end process. But what a ****, its appeared again. Now I tried end the whole process tree. But still. I tried with process explorer. But I can't do anything. Actually it was started by explore.exe. I felt that was really a bad time for me.

I restarted my computer in safe mode. Fortunately it was not running. I opened msconfig ( by typing msconfig in run). And searched for commgr.exe in the start-ups. It was there. I went to its location and deleted the source file.I searched in my registry for commgr.exe. Yes there was an entry in the run. I deleted that also. Now I searched Internet for the additional files added by that program. It told me some files would be created inside your C:\Recycler. I deleted that files. And restarted my computer in normal mode. 

Now in the task manager I can't find the process commgr.exe. But now another process named csrss.exe running, that has no description. I googled. The first result came as "It is process registered as a torjan" :-( But now I gotta go. So I let that to run for some time...

Location for commgr.exe is
C:\Users\[username]\appdata\temp\commgr.exe
You better run a search in your full hard disk for this program.

The files added by commgr.exe are
c:\recycler\[some directory] sorry i forgot it. :-/
Posted by Balakumaran at 10:12 AM 0 comments
Labels:

Sunday, September 26, 2010

Bom sobado!

Yesterday evening there was a buzz by Sathya about worm named BOM SOBADO. She wrote that it was a worm that would write a scrap in your orkut scrap book. If you try to reply it, your account will be hacked. But I didn't think it was true. I simply logged in my orkut account and searched for scraps. But unfortunately or fortunately there is no new scraps :-(. And I wrote a comment to her buzz as there is nothing like that and that may be a rumour.

But today morning I received forward messages to my mobile about Bom Sabado as it is a orkut hacking virus. So I immediately googled it. I never found any official announcement from Google. But there was a post about Bom Sabado and some people discussed on it. Also a person wrote that he saw such a scrap in his orkut scrap book. So it may be true. But some people says its now fixed and no more threat.

But whatever, if you saw any such scrap named as Bom Sabado, do the following...
  1. Delete all your scraps (may leave some important scraps but at-least the suspicious one)
  2. Sign out from your Orkut account or close the browser window
  3. Now open your browser once again and delete your browser history, cookies, saved passwords and also temporary files.
  4. You better run an anti-virus program. (But this is optional)
  5. Restart your browser and login your Orkut account and enjoy.................
Posted by Balakumaran at 12:15 PM 1 comments
Labels:
Subscribe to: Posts (Atom)