M'Kay...The virus installs 16 diffferent infected files onto the computer. Each time you hear the alarm sound, a different file has been found. They may all look the same, but the exact locations are different. Keep hitting delete each time your prompted to. Also make sure the scanner is set up to do a thorough scan of the hard drive. After doing all that, I would run the scanner once more to make sure.
So keep running Avast till everything comes up clean??

I ran Avast the first time and I found and deleted the infected files. I then followed up with AVG and found nothing. Just to make sure (I was paranoid) I did it once more using Avast, and nothing was found also. So I guess my first scan found everything I needed removed.

Curious..did your computer have the can't turn it off problem..If so is that Ok now..?

M'Kay...The virus installs 16 diffferent infected files onto the computer. Each time you hear the alarm sound, a different file has been found. They may all look the same, but the exact locations are different. Keep hitting delete each time your prompted to. Also make sure the scanner is set up to do a thorough scan of the hard drive. After doing all that, I would run the scanner once more to make sure.
So keep running Avast till everything comes up clean??

Which Advast are you running, the Virus Cleaner?

Just a little heads up: CheapAssGamer has been hacked again. Be on the lookout.

Didn't affect me, but I didn't come one here untill almost 10pm est. Why the hell do people do this shit :angry:

Running Avast now...

Videogamerdaryll - Yes, I had the same problem and it got fixed.

philosophyst - Virus Scan using Avast 4.6

Solved with Avast!

I thought something was up. That message saying not to worry about the file being safe didn't sound too legitimate.

I've yet to fix the computer..I keep scanning and keep finding the virus.. :angry:

Anything else I can do before I take the computer for repair..?


Messing around this all damn day I ignored my emails when new ADVENTUREVISION items show up..

And look at what I missed out on..(look at Picks) :puke:
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&category=719&item=5960691069&rd=1

Though this is a friend of mine I give him props and I'm happy for him..but this virus bullshit today has really ruined my day..

I've yet to fix the computer..I keep scanning and keep finding the virus.. :angry:

Anything else I can do before I take the computer for repair..?

Do you know how to edit your registry? I wouldn't recommend you doing it unless you know how.

One last thing you could try is deleting you temporary internet files and then running the Avast again. It wouldn't hurt.

Strange...Some people are able to remove it with just Avast alone, and some can't. :/

Do NOT trust Norton!
It has become a synonyme for crap software during the past years.

E.g. the virus definition files are not updated often enough and especially not immediately when a new important virus shows up.

You can download better anti-virus software for free (e.g. Anti-Vir (http://www.free-av.com/) or AVG (http://free.grisoft.com/)).

Mine is a LONG and sad story.. and apparently.. it's not over yet.

Late last night I wanted to check into the forum and encountered the "fake" page. I'm not a total idiot.. so rather than run/open it directly from the download like the page said.. I chose to dl it to my desktop. The file was called " plugin_install.exe ". I then scanned it on my desktop using Stop Sign and it said it was clean; so I opened /executed it there.

About halfway through it's extracting and installing it came up with an error that said it couldn't install because it wanted to change my " kernel32.dll " file and it couldn't. THAT'S when the red flags really started going up. Kernel32.dll is a very basic, core sytem file; and it should NOT be fooled with by ANY outsider applications saving maybe Microsoft. That.. plus the fact that it is ALWAYS in use whenever your OS is up and running made me suspicious. Of course the executable couldn't "alter" it.. because it was in use!

At this point I thought I was safe because the executable hadn't seemed to install.. fully. Boy was I ever wrong. I sent an email off to Joe asking about this "plug-in" and got back to work. I then noticed my PC wouldn't turn off. I got on the Vbender chat server and already the page was the talk there. I don't remember where I saw reference to the file " csrss.exe " but I think it was somewhere in another error message (they were popping up frequently at this point); so I did a search for the file and deleted it; and I also found a shortcut in my start up folder now wanting to execute it and got rid of that. That solved my shutdown problems; but upon rebooting.. there was now an error message saying that a reference to that file in my win.ini file couldn't find it.. so I had to edit it out of my ini file. I also went into the registry and deleted any references to it. Someone in the chat forum googled the file and told me it was a "legit" file and that I shouldn't delete it.. but I didn't care.. it was going. First off.. I had never seen this file running in my task manager before; and.. I certainly hadn't seen it in my start up folder because it had always been empty (yep; still using W98SE).

I thought my troubles were over at this point; got a reply from Joe by then reaffirming my worst fears. Went to bed.

Woke up this morning to see if he had got the forum back up and found this thread. Looked to manually remove the other files possibly using Flack's link and I actually couldn't find "editserver.exe , sdownloader.exe , or the other actual damaging file everbody else has found ( TrojanDownloader.Win32.VB.ct ). Which may or may not have made sense because as you remember.. my executable never FULLY completed it's install (or so I thought). I DID however find a few files in my TEMP folder that had been left by it's "partial" extraction.. so I deleted them as well. Of course.. I also deleted the executable on my desktop. At this point.. everything seemed to be fine.

So I run Stop Sign again.. FULL system scan. This time it finds a virus " Win32.HLLM.Generic.327 " and it's INSIDE a copy of Plugin_Install.exe that is STILL on my computer! In my Temporary Internet Files folder (I failed to mention the second time around I opened the file directly from the download.. so that's how it got there.). So I delete the plug-in install once more and run another scan.. everything seems normal. I also ran Ad Aware and it said it found several suspicious cookies (I had JUST deleted them and NOT gotten back online either); a few registry entries.. and another file or two (all of the were somehow connected to a program or company called "overture" or something like that).. so I delelted them and assumed all was well.

Off to work.. I come home tonight; and turn on the PC and bring up my ISP interface (PeoplePC). It signs on OK.. but shortly after it connects.. I now get another error message saying something has caused an invalid page fault that is affecting my "dialer.exe" file (I AM familiar with this file.. it's integral). As soon as I click OK on the error dialog and acknowledge it.. it tells me it has to terminate the "dialer" process; but I can still surf and everything.. but guess what? Now I can't sign off the frickin' internet! I'm assuming because dialer is shut down and I CAN sign off by "disconnecting" using the little modem/network icon in my taskbar but where PeoplePC has it's own way to disconnect.. THAT no longer works!

<heavy sigh>.. this damn thing has done too much to my system. Everytime I think I've got it whipped and manually deleted what I could.. something else happens (But such is the nature of a "worm"). So I guess it's still around; and since no one here has had a definitive answer as to what this thing is; or how or what to use to TOTALLY eradicate it.. I'm not taking any chances.

I guess I'm looking at a HD re-format and a full-blown fresh OS re-install tomorrow. What a way to start my vaction from work.. GRRRRRRR.

What I don't reaslly understand either is what this thing is and why no one singular program seems to work for all of us; or why no AV or spyware software site hasn't seemed to have heard of it (Which is why I'm assuming people are having such a hard time finding it.. or NOT finding it.). It appears there's no definitive way to EVER tell if you've got all of this thing. Some have said this was an amateur attempt at best; maybe the page hack itself was.. but I have to admit and give credit.. this virus.. trojan.. parasite.. whatever.. is really nasty and hard to get rid of! Not only that.. but it seems to adapt and install different files according to what Windows OS you're using.. and that sounds pretty sophisticated to me!

No my friends.. it looks to me like the ONLY real, sure bet "problem solved" is a total cleaning (i.e. "fry the drive").. crap.

Can some please help? Avast, Norton, Adware and Spybot did not solve this problem. I'm really desperate and I just GOT this Dell and I don't want to wipe the whole thing now.

:angry: :angry:

Can some please help? Avast, Norton, Adware and Spybot did not solve this problem. I'm really desperate and I just GOT this Dell and I don't want to wipe the whole thing now.

:angry: :angry:

This is a gaming forum and while there may be some expert tech support people here, it's probably not the best place to get this info.

What is the negative effect on your PC? I heard some people say that they couldn't turn it off.

Have you tried A-Squared?
http://www.emsisoft.com/en/software/free/

What is the negative effect on your PC? I heard some people say that they couldn't turn it off.

Have you tried A-Squared?
http://www.emsisoft.com/en/software/free/

it won't turn off, period. I NEED to get rid of this!

Some advice;

1) If you're running windows XP or Windows ME turn off system restore before you do anything else. Viruses can and will save themself in system restores and you can reinfect yourself if you don't delete them. You can access this from the system icon in control panel. You can turn this back on again after the virus has been removed.

1) after installing and updating whatever antivirus software you use, run a full scan of your computer while in SAFE MODE. If you scan your computer while not in safe mode the virus may already be loaded in memory and you may not be able to remove it.

Delete all temporary files. Temp files are located in the following folders;

c:\windows\temp
c:\documents and settings\username\local settings\temp
c:\documents and settings\username\local settings\temporary internet files

Delete all files in these folders. Note that you should set your computer to allow you to view hidden files and folders to view the last two folders.

I'm not sure what viruse you guys were infected by but you can try scanning your computer w/ Stinger (http://vil.nai.com/vil/stinger/). Stinger is a free virus remover provided by McAfee. It will only detect and remove about 45+ viruses but its usually common or recent threats. I can't guarantee that it's designed to find whatever you have but its free and you have nothing to loose.

At this point I thought I was safe because the executable hadn't seemed to install.. fully. Boy was I ever wrong. I sent an email off to Joe asking about this "plug-in" and got back to work. I then noticed my PC wouldn't turn off. I got on the Vbender chat server and already the page was the talk there. I don't remember where I saw reference to the file " csrss.exe " but I think it was somewhere in another error message (they were popping up frequently at this point); so I did a search for the file and deleted it; and I also found a shortcut in my start up folder now wanting to execute it and got rid of that. That solved my shutdown problems; but upon rebooting.. there was now an error message saying that a reference to that file in my win.ini file couldn't find it.. so I had to edit it out of my ini file. I also went into the registry and deleted any references to it. Someone in the chat forum googled the file and told me it was a "legit" file and that I shouldn't delete it.. but I didn't care.. it was going. First off.. I had never seen this file running in my task manager before; and.. I certainly hadn't seen it in my start up folder because it had always been empty (yep; still using W98SE).


csrss.exe is both, a good file that is part of windows and a worm file (although it's usually transferred by email, not by download!!) afaik if it's placed in the win\system32 folder it's good, if it's placed in the win folder itself it's bad

Man I was so pissed early this morning, I started laughing. I downloaded that shit and installed it thinking nothing of it and I became suspious only after doing so.

That shit fucked with my computer pretty good...Even after thinking I completly removed it, My floppy drive began searching for something for about 20 minutes and finally stopped. The thing is there was NO DISK in the damn drive. Whatever that damn exploit was, It was apparently searching for some information. Then I restarted and checked my process and 4 suspious things showed up. I googled each one I had never seen before and realized they were all exploits...Strange thing is, Each one disappeared from my list seconds after loading and could only be seen for a few seconds after restart.

I went into chat, and P.D.F. guided me through some steps since I was basicly half asleep when it happened and couldn't think straight at all. I ran AVG just to make sure I removed it and nothing showed up after. I'm going to run that removal tool next just to be safe.

Anywho, Thank's P.D.F. for the help this morning!! :)
That virus wouldn't let me shut my PC down.
That of corse untile i remove the damn thing the manual way.

Went to Safe Mode, not sure if all my scans worked.

Can someone find me on AIM later or something and help me please? I've tried deleting those files and going into Safe Mode for scans and seems like nothing's working. :( :hmm:

Went to Safe Mode, not sure if all my scans worked.

Can someone find me on AIM later or something and help me please? I've tried deleting those files and going into Safe Mode for scans and seems like nothing's working. :( :hmm:

Kaine, NO ONE HERE IS AN EXPERT. You're really barking up the wrong tree, asking for help from here. You might want to call Dell tech support.

Ok, ran Nospyware and same 2 registry entries come up each scan after rebooting. How I knock them off permantly?

Ok, ran Nospyware and same 2 registry entries come up each scan after rebooting. How I knock them off permantly?

try to use WInPatrol to remove any autostart crap

Ok, ran Nospyware and same 2 registry entries come up each scan after rebooting. How I knock them off permantly?

ARE YOU NOT READING ANYTHING???

DP said:

This is a gaming forum and while there may be some expert tech support people here, it's probably not the best place to get this info.



POG said:

Kaine, NO ONE HERE IS AN EXPERT. You're really barking up the wrong tree, asking for help from here. You might want to call Dell tech support.

And now I'm saying, CALL DELL ALREADY!!! That's what they're there for.

Ok, ran Nospyware and same 2 registry entries come up each scan after rebooting. How I knock them off permantly?

I though you said the problem was solved?

Anyway, I wouldn't suggest you do this since one wrong move could screw that new Dell of yours...But if you really want too and you feel you have the correct entry located, Click start-----Run----Type "MSCONFIG" and you can go from there. BE CAREFULL!! on what you delete. :/

I'm going to take some new steps that I've read about above to try and get rid of this problem..
It's still turning off my Norton's..

My computer still won't turn off but my wife figured out if we log out then turn ff the computer it'll turn off.

My last resort is taking the computer for repair tomorrow.

My anger of the whole issue now IS:
I got this shit from coming here....and I'm not bitching like crazy about it..the forum part is the main spot I go to as many others too.
I'm not computer savvy as a lot of people are and I know many people aren't.....I truly appreciate the help I'm getting from the people who are trying to help everyone...(THANK YOU)

I feel Bad for the people who this has really messed up their computers and they may not know a thing about the computer nor have the time to keep trying to fix this.
This can cause a loss of money,time and be very stressful..

I WOULD expect this place to ATLEAST ask someone in computer knowledge to help since I / we got it here,nowhere else..
So normally I'm going to come to the source of where it came from and ask for help..That should be offered.
Or atleast a Nice Message on top that says go Here for Help....
Someone on this whole site has to know computers..

I'm not expecting to be shut out since it's no longer a problem of the forum...and Not everyone is going to know about such things..If so then post some sort of warning somewhere to watch out for such things.
In all my years of being on the computer I've never ran into such a horrible problem like this..

You have new people coming on the internet everyday...What happened to being Open Minded.?What happened to helping people..

This place will turn off a lot of fkn people from coming here as it as well turn my ass off from coming here too, with seeing the nasty responses..(It was shocking to read today)

If you can't give help just shut the FUCK up then..What are you helping..?
Stressing people out because they can't get help here doesn't help any..

I didn't expect to see anyone get shut out here that shocked me..What has happened to this place..?
So a problem that is not yours is just shunned forgotten about...and I expected to see atleast a bit more ..

When I read that this was being worked on..I thought they meant people will get some help too.
Was it Stickied just to warn afterward..?

I'm expecting to get my BAN now as people are not going to like what I said.



...................

.....I truly appreciate the help I'm getting from the people who are trying to help everyone...(THANK YOU) Please keep it up!!!!!

csrss.exe is both, a good file that is part of windows and a worm file (although it's usually transferred by email, not by download!!) afaik if it's placed in the win\system32 folder it's good, if it's placed in the win folder itself it's bad

.. ahhh.. good.. because my file was in the win folder. Uhm.. wait.. no that's bad because it was the worm. I'm SO confused!!! ;) Anyways.. I'm pretty certain that W98SE had never installed that file before because I probably had no need for it; so the only instance of the file I deleted had to be put there by the worm. As soon as I deleted it.. I could shut my PC down again; but that might just be a coinkydink.

If people want to get rid of this file and are having a hard time (proceed with caution) it's because the minute you get into the Windows GUI it runs. I found that the worm had also installed a shortcut to the executable in my StartUp folder. Get rid of the shortcut (Probably only in pre-XP OS'es. Does XP have a StartUp folder?) and reboot and you should now be able to delete it. Like someone else said.. Safe Mode is good for that kind of thing too, or you could always boot into DOS and delete it from there.

@videogamedaryll: You are right, however... this virus was not an exclusive to DP, it hit many PHPBB forums.

People did try to help and posted solutions in both the VG and the OT forums. Despite all these steps, nothing's working. What's the next step after that? Tech support with the computer maker or from a reputable tech support service. I think that the people here have given all the solutions they could find and that if that doesn't work, the tech support step should be the next one, simple as that.

When Joe pointed out that maybe it'd be time to move to the tech support step and Kaine continued to post, asking for solutions, it's not surprising that it irritated some of us.

If csrss.exe is in System32 subdirectory of your Windows directory then it's the real one. ANYWHERE else (and that includes directly in the Windows directory itself and any subdir off System32) then it's the spyware/trojan.

If csrss.exe is in System32 subdirectory of your Windows directory then it's the real one. ANYWHERE else (and that includes directly in the Windows directory itself and any subdir off System32) then it's the spyware/trojan.

yeah forgot to mention it, if it's in a subfolder than it's also the worm (once had it in there!)

@all the complaints

DP was and is not responsible, it got hacked, anyone here not even affiliated with DP tried to help as much as he can, if that's not good enough, go find some expert. just to let you know, i'm an IT student, damnit, i posted every damn solution i could think of that noone else had posted yet! if you feel you are being ignored i can't help you with that, it's just not true. and if you really think about leaving a board because it got hacked and everyone tried to help you as much as possible then, and i'm sorry i have to say that, you are a moron

I think I might have gotten rid of it though most virus scans and spyware serches. I do wanna thank everyone for helping one another out here.

least after this I'm gonna start locking my PC up a bit tighter, though I'm still on dial-up.
*kicks Norton for being useless in this situation*

I'm expecting to get my BAN now as people are not going to like what I said.

:roll:

I think hydr0x summed it up best:


DP was and is not responsible, it got hacked, anyone here not even affiliated with DP tried to help as much as he can, if that's not good enough, go find some expert. just to let you know, i'm an IT student, damnit, i posted every damn solution i could think of that noone else had posted yet! if you feel you are being ignored i can't help you with that, it's just not true. and if you really think about leaving a board because it got hacked and everyone tried to help you as much as possible then, and i'm sorry i have to say that, you are a moron

If you can't give help just shut the **** up then..What are you helping..?

Double edged sword my friend. If nobody came forward to say they didn't know anything, you'd be complaining that nobody was coming forward.

Unfortunately there aren't always *immediate* answers - be patient!

My suggestion is Google. If there aren't any answers there today try tomorrow. Give the Nortons of the world time to create the antivirus update necessary.

@videogamedaryll: You are right, however... this virus was not an exclusive to DP, it hit many PHPBB forums.

People did try to help and posted solutions in both the VG and the OT forums. Despite all these steps, nothing's working. What's the next step after that? Tech support with the computer maker or from a reputable tech support service. I think that the people here have given all the solutions they could find and that if that doesn't work, the tech support step should be the next one, simple as that.

When Joe pointed out that maybe it'd be time to move to the tech support step and Kaine continued to post, asking for solutions, it's not surprising that it irritated some of us.

I hear you..
I'm just not very understanding when I see people getting yelled at for asking for help..that bothers me..
Why should people even do that..Does that make they feel cool or something.?

Why do people feel the need to be nasty to others?..Did yelling at someone help anyone..?

Where and why did it start to turn nasty..

I appreciate all the help I get here..(from who's helping)

I only go to three Websites on the internet..the other two didn't get hit....I got it from here.
Learned a lessen to watch out now..

Normally I'm going to look for help from the place of origin and I'm getting help here..Maybe I'm expecting to much from this site but I don't like to see people get yelled at or shunned..I know what people are going through with this..
I agree there is no other choice then to get"Tech support with the computer maker or from a reputable tech support service"..if you can..If you have the time..

I kinda do wish more AV programs were more up to date with one another too, especially in attacks like this (ex: Norton picking up nothing on this, same with Avast buy AVG picking up that and a few others I didn't know of). Likely gonna try eScan tonight.

I kinda do wish more AV programs were more up to date with one another too, especially in attacks like this (ex: Norton picking up nothing on this, same with Avast buy AVG picking up that and a few others I didn't know of). Likely gonna try eScan tonight.

I hope you get it fixed man..Keep me updated...Good luck..

I'm going to try some new methods tonight.(found here)...I just don't have the time to do this all day..

Otherwise I'm going to take the computer tomorrow to a place I know of for repair..(I have no choice)

I hope you get it fixed man..Keep me updated...Good luck..

I'm going to try some new methods tonight.(found here)...I just don't have the time to do this all day..

Otherwise I'm going to take the computer tomorrow to a place I know of for repair..(I have no choice)
Actually pc's fine now, reboots, closes, etc again. Right now *trying* to go through a few compressed files (stupid java ones) and try to manually remove trojans out of them to giv emy pc a clean bill of health.

I only go to three Websites on the internet..the other two didn't get hit....I got it from here.
Learned a lessen to watch out now..

Normally I'm going to look for help from the place of origin and I'm getting help here..Maybe I'm expecting to much from this site but I don't like to see people get yelled at or shunned..I know what people are going through with this..
I agree there is no other choice then to get"Tech support with the computer maker or from a reputable tech support service"..if you can..If you have the time..

I feel for you man. Seriously. :(

But again, it's important to understand what happened. You really didn't get it "from here". Actually the "here" you are talking about is this phpbb forum software. If you're going to the source, heck the real place is probably http://www.phpbb.com ! (yep they have forums there too). The thing went out and looked for any sites that are running the phpbb software and put in that exploit that directed users to download and run that file.

It's sort of like if you were living at a friends house and a lightning bolt hit and blew out all the electronics gear for everyone on the block. Then you go looking at your friend to fix your pc since it broke "while there". Well... sorta.

But seriously. It does suck. If I happened to install that file (which I SHOULD HAVE.. on one of my test pc's I use specifically to play with viruses.. but unfortunately I deleted the next day after downloading it :angry: ) What I would do..

Have you tried running an online virus scan? Try http://housecall.trendmicro.com and running that. They tend to keep their defs pretty up to date. Then of course the usual adaware/etc. This thing's mainly a virus. So try that online scan first and see what it says.. good luck.

I only go to three Websites on the internet..the other two didn't get hit....I got it from here.
Learned a lessen to watch out now..

Normally I'm going to look for help from the place of origin and I'm getting help here..Maybe I'm expecting to much from this site but I don't like to see people get yelled at or shunned..I know what people are going through with this..
I agree there is no other choice then to get"Tech support with the computer maker or from a reputable tech support service"..if you can..If you have the time..

I feel for you man. Seriously. :(

But again, it's important to understand what happened. You really didn't get it "from here". Actually the "here" you are talking about is this phpbb forum software. If you're going to the source, heck the real place is probably http://www.phpbb.com ! (yep they have forums there too). The thing went out and looked for any sites that are running the phpbb software and put in that exploit that directed users to download and run that file.

It's sort of like if you were living at a friends house and a lightning bolt hit and blew out all the electronics gear for everyone on the block. Then you go looking at your friend to fix your pc since it broke "while there". Well... sorta.

But seriously. It does suck. If I happened to install that file (which I SHOULD HAVE.. on one of my test pc's I use specifically to play with viruses.. but unfortunately I deleted the next day after downloading it :angry: ) What I would do..

Have you tried running an online virus scan? Try http://housecall.trendmicro.com and running that. They tend to keep their defs pretty up to date. Then of course the usual adaware/etc. This thing's mainly a virus. So try that online scan first and see what it says.. good luck.

Thanks.. :)

I'm going to try everything I can later tonight..

One way or another I'll get it fixed..

.................................................. ...................
I guess I get a little pissed off(hot headed) when I see people get yelled at,for no real reason..
There is a lot of things I don't know abot computers as I expect others don't either..and stuff that happens on the internet.

The latest few replies have answered more questions,and have been very helpfull...in understanding the whole thng..

I hope you get it fixed man..Keep me updated...Good luck..

I'm going to try some new methods tonight.(found here)...I just don't have the time to do this all day..

Otherwise I'm going to take the computer tomorrow to a place I know of for repair..(I have no choice)
Actually pc's fine now, reboots, closes, etc again. Right now *trying* to go through a few compressed files (stupid java ones) and try to manually remove trojans out of them to giv emy pc a clean bill of health.


Actually pc's fine now, reboots, closes, etc again

That's good to hear..

btw, if you want to attack someone who might be responsible for this, go to www.xtupx.com, the plugin_install.exe was hosted there...

I think people need to settle down for starters. If you don't fix computers and viruses on a hired basis then you shouldn't comment on antivirus. I've heard many people badmouth norton but i've never once had it fail me and i voluntarily fix most peoples computers. I do run into alot of the free programs having trouble removing the virus....it knows it's there but then nothing happens. As far as the internet is concerned, don't be nieve, hacks and cracks turn up daily. If it smells fishy, come back in a few hours...

and about people calming down. This virus stops you from shutting down, that's not so bad. Sure it needs fixed but nothing to call the internet police about. I flipped the capacity limit on my 80gb hd full of personal stuff with no backups, that's a crisis...this is not.

EDIT: I read further and people have started to settle and I don't aim the AV deal to start a battle of the software, just making sure recommendations are coming from trusted sources....

I've heard many people badmouth norton but i've never once had it fail me and i voluntarily fix most peoples computers. I do run into alot of the free programs having trouble removing the virus....it knows it's there but then nothing happens.

sorry but norton has become total crap during the last years, both, personal observations and scientific tests show that without any doubt, last comparison i read in one of the most reputable mags out there (i think it was c't) placed it on 7 or 8 with a quite low percentage of detection and even worse fixing. winners were the program by Panda, the one by G-Data (don't know what name it has in the US) and i think McAfee. the free ones AVG and AntiVir weren't too good either, somewhere in the Norton area

Well labs or not, i've never had much success with anything but norton. Generally with all AV apps, you have to go in and kill processes or something else so that it can be deleted but norton always does it for me. People and mags also swear google king of search engines but it doesn't always turn up the best relevancy...It's nice to not have antivirus software though which is only recommended if you know what you're doing AND you don't mind living on the wild side..

If csrss.exe is in System32 subdirectory of your Windows directory then it's the real one. ANYWHERE else (and that includes directly in the Windows directory itself and any subdir off System32) then it's the spyware/trojan.

are you sure that's 100% true. cause when i do a search on my pc (win2000) for csrss.exe i get 3 results. one in system32, and 2 others in "C/WINNT/servicepackfiles" and a "C/WINNT/servicepackuninstall" both of which say they were installed in 2002 and 2003 respectively.

Well labs or not, i've never had much success with anything but norton.
Then you are probably the lucky exception of the rule. :)

OK, now I've uninstalled Norton and installed Avast. First scan (after restart, before boot) turned up 4 files. All in Temp Internet Files. Reboot informed me that updates to Avast were available and had been installed. So I guess I have to repeat the long full system scan process all over again. Just lovely. Anyhow, all I seem to have so far is some kind of spyware. I ran Adaware, and it found 32 dataminers in my cookies. I hope that one of them is what was causing it. I keep getting sent to web pages for buying more RAM. I guess they figured out the same thing that I already knew. I need more RAM. Anyhow, other than that, I have csrss.exe all over the place. So I'm in the process of deleting that from everywhere that it doesn't belong now. Then I'll do the virus scan again. This thing really does suck ass bigtime! Oh yeah, I still can't shut down or restart normally yet either. The only way is to push in the power button and hold it in. Otherwise nothing else works yet. So whatever it is, I would hardly say that it's the work of any "amateurs".

Thought I'd go ahead and add my 2 cents, since I've been offline since the morning of the 'attack'. I broke down and decided the only thing to do in my position 'computer repair newbie' was reformat. So i spent the whole morning and day backing up files (at least 30 gigs, i actually ran out of blank cds LOL ) and spent the rest of the day formatting and reinstalling.

I'll admit, I was totally pissed off at DP for letting this happen. I knew I couldn't go online after I found out, lest I spread the worm or whatever, so I couldn't send frowny face emails and posts and such. So I did the best thing i could. I sat, I stewed, and I thought. I came to realize I needed someone physical to blame. I couldn't berate the hacker, anonymous scum that he is, but I could direct my anger towards dp and the community. And that wasn't right. It wasn't DP's fault anymore than it was the fault of the other sites that were hacked. In fact from what I've seen the past hour or so after being back online, DP and the whole community has been doing their damn best to help everyone that was affected.

I saw the message Earl posted in the yahoo groups the minute after he posted, props to him for his fast thinking. I saw members in the chat (scorch most notably while I was there) doing there best to get answers to the questions that were pouring in. And to think that I was previously mad at DP for letting this happen made me ill. Even though I didn't tell anyone that I was mad, I still feel the need to apologize. The whole group has gone above and beyond the level of help they should provide, and to them i say thank you.

And actually, this whole experience has not been a total loss. I was able to back up the files I wanted to keep (which I should have done regularly), I'm now on a totally clean comp from the format (i have no doubt there was probably other things lurking around in there), and I'm back online now and spending time with the community I'm happy to say I'm part of.

Kepp up the good work DP, and GAME ON!

are you sure that's 100% true. cause when i do a search on my pc (win2000) for csrss.exe i get 3 results. one in system32, and 2 others in "C/WINNT/servicepackfiles" and a "C/WINNT/servicepackuninstall" both of which say they were installed in 2002 and 2003 respectively.

They're fine because they are to do with service pack updates from Microsoft themselves. I used to run a W2K machine here myself, so I know how it can keep stores of these about :roll:

The easiest way to check would be the last modified date because if you've just been infected, the file's just been written and would only be at most a few days old...

eh, looks like I picked the right time to be away from my computer for a few days :)

I've heard many people badmouth norton but i've never once had it fail me and i voluntarily fix most peoples computers. I do run into alot of the free programs having trouble removing the virus....it knows it's there but then nothing happens.

sorry but norton has become total crap during the last years, both, personal observations and scientific tests show that without any doubt, last comparison i read in one of the most reputable mags out there (i think it was c't) placed it on 7 or 8 with a quite low percentage of detection and even worse fixing. winners were the program by Panda, the one by G-Data (don't know what name it has in the US) and i think McAfee. the free ones AVG and AntiVir weren't too good either, somewhere in the Norton area

Sorry, but I'm Going to have to to disagree with you there. I work at a large retailer as their tech center manager and we've been using Norton almost exclusively for the past three years. Not because of any agreement made but because of its combination of doing the best job, user friendliness, and how much of a resourse hog it is.

By the way, would you please provide me a link showing me the results of these "scientific tests" that you mention that show that Norton is total crap. I'mkind of interest in seeing what it has to say since all of the Nortonl reviews that I've read for the latest 2005 versions have been very good if not excellent.

Keep in mind that antivirus software works best when its protecting you from viruses. Once you actually infect yourself because of outdated virus definitions removing a virus using any antivirus package can be a problem. Add the fact that I find that most people who manage to get a virus are also loaded with spyware and adware as well and it becomes a real bitch to clean a machine.

If you guys want the easiest solution to fix this that takes the least amount of tech knowledge I'd recommend backing up important data and running a full restore of your computer. I actually recommend doing this once a year regardless even if you don't have a virus problem.

By the way, would you please provide me a link showing me the results of these "scientific tests" that you mention that show that Norton is total crap. I'mkind of interest in seeing what it has to say since all of the Nortonl reviews that I've read for the latest 2005 versions have been very good if not excellent

where did you read that?? i read numerous comparisons over the last years and norton always got worse and worse compared to others, here's just one of them that reviews the current versions, sorry it's in german but i think you'll get it (this is the short online version, mag had a lot more content)

http://www.testticker.de/testticker/Security/article.asp?ArticleID=20041217022&Ref=testticker

click on "Bewertungen im Überblick" to view the final results, although there are no actual values in that table (they were in the mag!)

I didn't remember my sources off the top of my head so I did what anyone else would do. I went to Google. Entering "Norton Antivirus 2005 +review" Here are liniks to the first few sources who's names I recognized.

C-Net (http://reviews.cnet.com/Norton_AntiVirus_2005/4505-3681_7-30998882.html) Rated Good. 7.7 out of 10

PC Magazine (http://www.pcmag.com/article2/0,1759,1646457,00.asp) - Editor's Rating of 4 1/2 out of 5 stars.

ZDnet (http://reviews-zdnet.com.com/Norton_AntiVirus_2005/4505-3681_16-30998882.html) -- Rated 7.7 out of 10. the main complaint I see them mentioning is that Norton Firewall isn't inclused for free.

And I guess more importat then any of these articles is personal experience. Again, I've been using it almost exclusively for the past three years for my job and a computer tech and within that time virus and spyware infection is the most common problem I run into and so far Norton has yet to fail me.

OK, I need just a little help here, if anyone knows how to do this. I found all the instances of "csrss.exe" on my computer, and deleted them. However, one of them was a real BITCH to delete. It kept telling me that access was denied, so I had to log on as an admin in "safe mode with command prompt" and force delete it. So this thing is gonna be EVIL to get rid of, for those who aren't very computer savvy. I can tell you how to force delete a file, if you need to know how, which I will do my best to do later on in this post.

Anyhow, once I finally got it deleted, of course all the errors started popping up. It turns out that this csrss.exe in referenced FOUR TIMES in my startup menu. (msconfig) Now here's where I'm having a problem. I was only able to delete one of the keys that referenced it in the registry. The one that was located at "HKLM \SOFTWARE\Microsoft\Windows\Current Version\Run" was no problem to delete. Two more that I don't know how to delete: "HKCU \SOFTWARE\Microsoft\Windows NT\Current Version\Windows" One is at "Windows:Run" and one is at "Windows:Load". So is it safe to delete the keys for Run & Load in that location? Because otherwise it looks like the only way to remove it from the registry there is to modify those keys, and I don't know how. So I left those alone for now. The last one is listed simply at "Startup". I don't know where that is, so I couldn't find it to try and delete it either. So, One key was successfully deleted from the registry, and THREE others remain hidden somewhere. And I still have FOUR entries for "csrss.exe" in my startup menu. So I'd like to know how to remove those entries from there also, once I find out how to remove all those keys from the registry first.

So, no more errors for now, as long as those four boxes are left unchecked in selective startup through msconfig. No big deal, just annoying. I have alot of other stuff in that menu that's unchecked too, so of course I have to keep the box for "stop harrassing me just to tell me that I'm using selective startup all the time" checked, so I don't have to close that message every time I restart too. As for the problem of being able to turn my computer off normally now, I dunno yet. I'll have to check again. Meanwhile, if anyone knows how to delete the remaining three registry keys, please let me know.

Oh yeah, here's where I found the csrss.exe that wouldn't go away easily: C:\ "WINDOWS\system32\bkfQnwVeIO" There was a csrss.ini file there too, so I deleted that also. It went away without any problems. Anyway, I know that this thing came from the evil plugin.exe, because the timestamp on it matched the date and the time that I ran that God forsaken .exe exactly.

Now, for those who need to know how to force delete something, here's how: First, open a command prompt. You can do this in XP from "Programs, Accessories, Command Prompt" or in my case I had to boot into "safe mode with command prompt" (The method for doing this varies depending on your system!) because doing it the normal way didn't work. It told me that access was denied there too. Anyhow, once there, in the command prompt window type "del (the path to the filename including the name of the file) /F" without the quotes, and then press enter. So in my case I had to type "del WINDOWS\system32\bkfQnwVeIO\csrss.exe /F" without the quotes, and then press enter. If the command prompt doesn't display any errors, such as "access denied" or something else, then the file was deleted. Now you can exit the command prompt, and exit safe mode to reboot in normal mode. When you go back to check for the file you deleted, it won't be there anymore. But you'll probably know anyway, because you'll get a bunch of errors saying that Windows can't find it, and it's referenced in the registry. That's when you go into msconfig. Go to "Start, Run" and type "msconfig" in the window without the quotes. That will open msconfig. Now click on the startup tab, and uncheck all the boxes that list "csrss" then click "Apply" and Windows will tell you that you have to restart. After you restart, a message will appear telling you that you are using selective startup. Check the box that says "never remind me again" or you'll see that annoying message every time that you restart. Now you're at the same place where I am. The evil file is gone, it's still referenced in the registry, but Windows is no longer reading any of those entries in the registry, so no more errors.

So I just need a little more help with getting rid of the remaining registry keys, if possible, and with removing those four entries from the startup menu in msconfig. I ran Norton WinDoctor, but it didn't say anything about any of those registry keys, which I thought was very odd. I thought that surely it would say that those registry keys referenced the missing file, but it said nothing at all about them. And I was hoping that it would too, because then I could just choose to repair those problems manually, and choose to delete the offending entries. So, it seems that I'm partially fixed for now.

If anyone else finds anything else that this evil "plugin" installed, please let me know here. I still have yet to find any of the other files listed here, and Avast didn't find anything on the second run after the updates either. But interestingly enough, right after it finished re-scanning the second time, and finished booting into Windows, it said that it had just received more new updates. So I guess I have to do a full system scan AGAIN, a third time now, which I will do later tonight. I'm sick and tired of it scanning for hours now.

I hope that all the spyware is dead now too. If it isn't, then I'm gonna have to download something besides Adaware, and run that. Adaware only found 32 data miner tracking cookies. Nothing else was found. So if I still have the adware problem, I'm gonna need additional solutions. But hopefully that's all taken care of now too. As for the situation, it was very easy for alot of us to fall into this trap. The servers here have typically been moving as slow as mollasses at those hours, and there have been alot of new changes and upgrades going on around here lately. So when we see something that says "Hey, we have a new fix for the late night DP surfing through mollasses blues, click here!" Of course we're not all in our right minds at that hour, and we just click and go with it, hoping that we'll be able to surf faster here. So whoever did this bullshit has obviously been here before, and they've been monitoring the boards and what's been going on here for quite some time.

So whoever did this bullshit has obviously been here before, and they've been monitoring the boards and what's been going on here for quite some time.

Wrong. Every single website that was hacked had the exact same opening page. Atari Age. Cheap Ass Gamers. Dozens of others. They all had the Exact. Same. Page. No one was "monitoring" anything. It was a blanket hack.

Just because you receive a fake "Update your Paypal/Ebay info!" e-mail, does not mean the spammer was monitoring your activity. They were just casting it out and seeing who bites. So no need for paranoia. DP was not specifically targeted, other than it was yet another phbbphppbbbph board with the easily-exploitable flaw.

Hey Iron Draggon ... for what it's worth, my system (Windows XP) has NONE of those registry keys. If it were my computer, I'd delete all three of those remaining entries in the registry.

Well that's the thing that I'm trying to find out how to do! The first one that I found was easy. There it was, right where msconfig said it was, and clearly labeled "csrss". However, I have no idea where to look for the one that msconfig says is located in "startup" wherever the hell that is, and the other two have nothing that's clearly labeled "csrss". I found "Windows:Run" and "Windows:Load", which is where msconfig says the other two are, but if it's there, it's refernced WITHIN those keys somehow, and I'm afraid to just delete those two keys, for fear that they may have something to do with Windows itself. Perhaps if I deleted them, they'd just be rewritten properly, which I know is sometimes the case. But without knowing FOR SURE, I'm afraid to touch them. My computer still works, and I'd like to keep it that way. It's restarting normally now, so I seem to have cured at least part of the problem now, if not all of it. I just wanna know if anyone knows how to delete the remaining keys, or at least remove those four entries from my startup menu in msconfig permanently. I know of a utility that will do the latter, but it costs $30, and I don't have $30 to spend on it yet. It would probably fix up all the remaining problems with the registry too. I've been wanting to get it for a long time. It used to be freeware, but now it's $30, because it's new and improved for use with Windows XP. And of course because the author sold the rights to it to some greedy evil corporation.

As for the rest, I know that alot of other boards got hit with the exact same hack. But I still think that it was tailor made to fool us DP'ers especially. It may just be a coincidence, but it sure is one hell of a coincidence if that's the case. Maybe everyone who's been here for ages would never be fooled by it, but the rest of us were easily fooled by it, given the current state of affairs here. Like I said, server typically slow as molasses at those hours, lots of new changes and upgrades taking place recently, causing similar problems with the boards, etc. I think that we were their prime target, and they just did everyone else for fun, to see who else they could hit. And weren't all the other sites that got hit classic gaming sites? Were there any sites that got hit that weren't classic gaming sites? If so, none have been reported yet that I know of. Thwey were all classic gaming sites, and even though this was supposed to have happened "simultaneously" it still seems that DP was hit first. Maybe it was, maybe it wasn't, but I think they timed it just right for us, and they did alot of research to determine when would be the ideal time to release it here. They know that all of us here at those hours are bored, tired, and looking for something to do. And they know the servers here move slow as shit at those hours. Anyone who surfs here at those hours knows that, unless that only happens to me. But I don't see how it could just be me. So like I said, it seemed to be especially intended for us here.

I didn't remember my sources off the top of my head so I did what anyone else would do. I went to Google. Entering "Norton Antivirus 2005 +review" Here are liniks to the first few sources who's names I recognized.

C-Net (http://reviews.cnet.com/Norton_AntiVirus_2005/4505-3681_7-30998882.html) Rated Good. 7.7 out of 10

PC Magazine (http://www.pcmag.com/article2/0,1759,1646457,00.asp) - Editor's Rating of 4 1/2 out of 5 stars.

ZDnet (http://reviews-zdnet.com.com/Norton_AntiVirus_2005/4505-3681_16-30998882.html) -- Rated 7.7 out of 10. the main complaint I see them mentioning is that Norton Firewall isn't inclused for free.

And I guess more importat then any of these articles is personal experience. Again, I've been using it almost exclusively for the past three years for my job and a computer tech and within that time virus and spyware infection is the most common problem I run into and so far Norton has yet to fail me.

well, 7.7 ain't really good, not to mention the fact that norton always earns a few bonus points for user interface and that irrelevant stuff (yes, it's easier to use, but the others are easy enough!)

and claiming Norton's good just because it hasn't failed you doesn't work out for three reasons:

1) you could always have been lucky in not getting the stuff norton ain't able to remove

2) you have no idea if there's another program that would have worked as good for the problems you had as Norton did

3) and this is the most important one, you never ever know how good a antivirus program actually works, because, well, you have no idea what it doesn't find because it doesn't tell you, that's why you need a scientific test (the one i linked too actually checked over 20.000 different viruses and other crap with every program, so they know an exact percentage of what was found and what was removed)

here are the actual in-detail results

Percentage Blocked by Guard Module:

all got 100% except F-Secure, H+B and G-Data (who got 98,7-99,9)

Percentage Found (Zoo Viruses)

(1)Gdata: 100%
(2)McAfee: 97.9%
(3)Norton: 97,1%
(4)Panda: 96,6%
(5)BitDefender 96,4%
....
(7)Kaspersky 92,4%
(8)AntiVir 89,9%
(9)F-Secure 89,2%

Percentage Found (In the Wild Viruses)

(1)McAfee 92%
(2)Panda 89,4%
...
(4)Kaspersky 43,2%
(5)GData 42,4%
(6)F-Secure 41,7%
(7)Norton 40% (ouch!)
...
(9)BiTDefender 39%
...
(11) AntiVir 38,1% (ouch!)

Speed (2GB Data)

(1)AntiVir 3:20
(2)Panda 5:34
....
(5)BitDefender 8:37
(6)Norton 11:53
(7)McAfee 12:16
(8)Kaspersky 16:31
...
(10)F-Secure 28:51
(11)GData 33:09

Speed (one 31GB zip archive)

(T1)AntiVir 0:01 (all of these with succesfull detection!)
(T1)BitDefender 0:01
(4)Panda 0:08
(5)Kaspersky 0:47
...
(7)Gdata 3:33
(8)F-Secure 7:46
(9)Norton 19:27
(11)McAfee 86:25

Overall Rating for Performance (Speed+Detection)

1) Panda
2) McAfee
3) BitDefender
4) Trend Micro
5) Norton
6) Kaspersky
7) GData
8) AntiVir
9)F-Secure
10) Norman
11) Grisoft

interestingly enough Norton placed only 10 of 11 for Support and Usability

I ended up running Norton and Avast with no luck.

Then got AVG, Noadware and Winpatrol and went over into Safe Mode and scanned the hell outta my system with those 3 along with Spybot and got rid of all the viruses and other issues.

Entering "Norton Antivirus 2005 +review" Here are liniks to the first few sources who's names I recognized.
Maybe the US version is different to the one available in Germany?

The c't magazine is by far the most reliable source over here, and I have no reason to doubt their results.

AND the latest phbBB virus was not catched by the Norton virus "protection" in my office (which is standard for the whole company worldwide), but by the free version of Anti Vir (which isn't the best by far).

Unfortunately the c't tests aren't online, but this link is quite good too:
http://www.av-test.org/down/papers/2004-09_vb_2004.ziptid1=&tid2=

And Norton was very late there too.

AND the latest phbBB virus was not catched by the Norton virus "protection" in my office (which is standard for the whole company worldwide), but by the free version of Anti Vir (which isn't the best by far).


Norton not catching it isn't a surprise.

Quick question, I have the following up and running, or installed:
Norton Internet Security (w/Anti-Virus, Firewall, etc)
Firefox (auto ad and pop-up blocking)
AVG
ZoneAlarm
Winpatrol
Ad-aware
Spybot

Any other recommendations or am I pretty much set?

AND the latest phbBB virus was not catched by the Norton virus "protection" in my office (which is standard for the whole company worldwide), but by the free version of Anti Vir (which isn't the best by far).


Norton not catching it isn't a surprise.

Quick question, I have the following up and running, or installed:
Norton Internet Security (w/Anti-Virus, Firewall, etc)
Firefox (auto ad and pop-up blocking)
AVG
ZoneAlarm
Winpatrol
Ad-aware
Spybot

Any other recommendations or am I pretty much set?

http://www.ewido.net/en/

free version, excellent scanner

OK, this little miracle worker will clear up ALL of your registry problems, folks!

Go here:

http://www.jv16.org/

Download this:

"jv16 Power Tools 2005"

Run this:

"Registry Cleaner"

But do this AFTER you've found all the virus files and other crap like spyware and adware that you can find, and you've deleted everything you could find.

This is the program that I was talking about. It's a 30 day free trial, after that it's $30. But running this will delete all the registry keys associated with this crap, and then some. Now all the keys in question have been verified as useless, and are gone. Which means that they no longer appear in my start menu in msconfig either. So that mess is all cleaned up, unless we find out that this thing installed something else. Anyhow, I highly recommend this program, or rather this suite of programs. It sucks that they want $30 for it after your 30 day free trial expires, but once you see what it can do, you'll hardly want to not buy it. I'm still looking for a free registration key for it though. But that's all that I'm gonna say about that here for right now. LOL

Now, where do I get all of this AVG, ZoneAlarm, WinPatrol, SpyBot stuff? Are they FREE, or is it more of the usual try it for free for 30 days and then cough up $30 for it? Do I really need all this? I've run Norton, Avast, and AdAware so far, and only the last two found anything. Do any of these others find stuff that Avast and AdAware don't find? I wanna make sure that I'm completely free of this scoundrel before my free trial on the Power Tools runs out. Cause if I find anything else, I'm running the Registry Cleaner on that badboy again, and getting rid of all the rest of the useless crap in my registry! This really is the BEST registry cleaner that I've ever found or used. Forget all about the Norton WinDoctor, this thing kicks that thing in the ass!

Now, where do I get all of this AVG, ZoneAlarm, WinPatrol, SpyBot stuff? Are they FREE, or is it more of the usual try it for free for 30 days and then cough up $30 for it? Do I really need all this? I've run Norton, Avast, and AdAware so far, and only the last two found anything. Do any of these others find stuff that Avast and AdAware don't find?

WinPatrol, ewido, Spybot, AVG, AntiVir, all of those are totally free (or smaller free versions exist which run unlimited) and they all are able to find stuff others didn't, well at least ewido and Spybot do, AVG and AntiVir are Antivirus programs and CAN find stuff Norton doesn't but don't have to. WinPatrol is more a "delete unwanted start-up stuff and tasks" program, it doesn't scan any files!

As for the rest, I know that alot of other boards got hit with the exact same hack. But I still think that it was tailor made to fool us DP'ers especially. It may just be a coincidence, but it sure is one hell of a coincidence if that's the case. Maybe everyone who's been here for ages would never be fooled by it, but the rest of us were easily fooled by it, given the current state of affairs here. Like I said, server typically slow as molasses at those hours, lots of new changes and upgrades taking place recently, causing similar problems with the boards, etc. I think that we were their prime target, and they just did everyone else for fun, to see who else they could hit. And weren't all the other sites that got hit classic gaming sites? Were there any sites that got hit that weren't classic gaming sites? If so, none have been reported yet that I know of. Thwey were all classic gaming sites, and even though this was supposed to have happened "simultaneously" it still seems that DP was hit first. Maybe it was, maybe it wasn't, but I think they timed it just right for us, and they did alot of research to determine when would be the ideal time to release it here. They know that all of us here at those hours are bored, tired, and looking for something to do. And they know the servers here move slow as shit at those hours. Anyone who surfs here at those hours knows that, unless that only happens to me. But I don't see how it could just be me. So like I said, it seemed to be especially intended for us here.

You are just so very wrong.. but. Never mind. You've had it hard so I understand :P

Actually what happened was this. Go to http://www.big-boards.com .

What the exploit did was go there, and hit (yes simultaneously) all the boards listed there that used the phpbb software for their message boards. It was definitely intended to fool users on message boards. But it definitely wasn't intended specifically for DP. I was awake that night and fully surfing. I first saw it at AA. Then I saw it at DP.

Al from Atariage confirmed it early on:


Further investigation of our server logs reveals that someone came in to our forums through big-boards.com, and specifically, a query searching for phpBB forums. It appears they infected a fair number of phpBB boards, as I've seen at least 10 hacked phpBB forums in the last half hour.

..Al

Nice to know that our banks, nuclear power plants, nuclear weapons facilities, banks, and law enforcement agencies are run by computers no more secure than this website.

Nice to know that our banks, nuclear power plants, nuclear weapons facilities, banks, and law enforcement agencies are run by computers no more secure than this website.
Kinda gives you that warm fizzy feeling all over, doesn't it? LOL

i'm also running Noadware now. Picks up stuff Ad-Aware doesn't and vice-versa.

Hopefully my computer problems will be sorted all out today or tomorrow. :)
Due to being busy otherwise today I didn't get to do anything to it..
It's working well and I can shut it off by logging out..
Logging out first doesn't knock out my Norton's.

Symptoms to Note on:
If I try and go through the "Shut Off" Button on the desktop,the screen will blink and nothing happens..It won't turn off.
When I check my Norton's Antivirus after I've tried to shut off the computer this way The Norton's will blink "Attention" will be now shown and "Auto Protect"will now be Turned Off and show's an Error for "Incoming Emails"..(In Red)
No matter what I do I can't restore those parts..

If I shut the computer off by logging out first and starting back up the Norton's refreshes and is back to normal..
All my scans turn up no more Viruses so it's stuck somewhere corrupting the Shut Off Command .

I'm trying to understand all this as I'm not that computer experienced...(and the time do it )

If I don't find this virus or worm will it eventually ruin my computer..?

I have to Admit I was Fooled reading the below message..coming here that night late to post in my gameplay thread,
I wasn't expecting that nor have ever ran into anything like it..

Due to the recent large volume of traffic we've been recieving, we have re-built our site to use a new framework which will speed things up significantly. This new system requires that you download a plugin in order to be able to access our site. Don't worry, this plugin won't harm your computer in any way, it will only enable your browser to communicate with our server more efficiently. You cannot view our site until you've installed this plugin.

Make sure you chose 'run' when asked what you want to do with this file.

Click here to install (147 KB).
(I didn't realize at the time of seeing that message that receiving & Plug in was spelt wrong )
Was this the message that all the hacked sites received?..(Sorry if I missed that somewhere..)

Yes. All the phpBB sites that were hacked had the exact same message.

Well so far everything seems to be OK now. Getting rid of the 4 files that Avast found and ditching all the csrss.exe's that didn't belong seems to have taken care of it. But I'm gonna try some of these other things out tonight. I'd rather overdose on precautions than to have this thing spread on my PC.

P.S.: Here's one that I found that found some stuff that AdAware didn't:

http://www.noadware.net/

It's called NoAdware of course. It's free to download, but if you want it to delete everything that it finds for you automatically, you have to pay for it. But I just went to where it said everything was and deleted it from there. There was only one thing that it found that I couldn't find to delete myself. And it was just some Gator crap, so I know that it wasn't from this plugin.

Boy, getting rid of all the spyware/adware sure has sped up my web surfing! I just ran SpyBot, and it found a few things that the other two didn't also.

Now I just have to run Avast again, and see about maybe running AVG or something too. I'm surfing at breakneck speed for right now though, which sure is nice! I haven't done that since I first got this computer. It's amazing how much all that stupid adware and spy crap slows down your computer!

I hope this means that I'll be getting alot less stupid freakin' spam now too!

Might be a bit of a dumb question or maybe just my pc with dial-up but those us with Zonealarm ever notice long topic pages not loading all the way the first or 2nd times?

Well, I would say by the looks of what this thread is turning into, the hackers won. :/

Excellent point. The peaceful little mountain town of raccoon city (DP) is now a F'in mess.

But, aside from that I simply wanted to post that whatever the hell this virus is it's being so AWESOME!

It prevents my monitor from turning back on when it shuts off to save power, It now prevents me from rebooting as well as preventing me from updating any of my virus software! Isn't that super!? (please note the sarcasm). All this is happening on my HOME pc.

So I'm just reformatting. Done it about 9 times on this machine already, what's another for good measure, eh?

Well, I would say by the looks of what this thread is turning into, the hackers won. :/

Excellent point. The peaceful little mountain town of raccoon city (DP) is now a F'in mess.

But, aside from that I simply wanted to post that whatever the hell this virus is it's being so AWESOME!

It prevents my monitor from turning back on when it shuts off to save power, It now prevents me from rebooting as well as preventing me from updating any of my virus software! Isn't that super!? (please not the sarcasm).

So I'm just reformatting. Done it about 9 times on this machine already, what's another for good measure, eh?
Your avatar (Jon Stewart drinking heavily) seems to be appropriate for this occasion. ;)

[Points to signature. Rubs it in.]

Might be a bit of a dumb question or maybe just my pc with dial-up but those us with Zonealarm ever notice long topic pages not loading all the way the first or 2nd times?

I run ZoneAlarm on my cable modem setup and have no problems loading the pages here. Sounds like it might be a dialup issue.

Might be a bit of a dumb question or maybe just my pc with dial-up but those us with Zonealarm ever notice long topic pages not loading all the way the first or 2nd times?

I run ZoneAlarm on my cable modem setup and have no problems loading the pages here. Sounds like it might be a dialup issue.
Figured as much, thanks for the help Flack.