Virus help?

[karohemd]

We are stuck here at work with an exe that sucks processing time, shuts down the internet connection and slows down everything.

They identified the culprit as a file called "csrsss.exe" (note three s) that sits in the Winnt/system32 folder and runs a process with the same name.

It's a nasty thing that probably sits somewhere in the network and is resurrected every time it's deleted from the folder and the registry.

Anyone familiar with it and able to suggest a remedy? Sophos doesn't recognize it (yet).

Comments

[ffutures.livejournal.com]

This sounds like a piece of spyware I came across recently, except I think the name is different (and that program didn't shut off the internet connection); I had to shut off automatic restore (from system properties) before deleting it, then run a cold boot a couple of times before switching automatic restore on again. It sounds like it may be propagating throught the network though, which will doubtless make things more complicated.

Try running lavasoft's ad-aware first, that deals with some of this stuff but isn't quite so drastic. If that doesn't work try

http://www.spywareinfo.com/~merijn/files/cwshredder.zip

which gets rid of the particular program I had trouble with and some of its variants.

[karohemd.livejournal.com]

Hm, I've heard bad things about Automatic Restore and that one shouldn't use it but that's beside the point.

This thing seems to be very new and no virus checker or adware/spyware checker was able to find it. We searched all over in various forums and websites. A google search came up with three hits, all from people posting about problems with it.