Windows 10: Is there a trojan csrss.exe? If so how do I eliminate it.

Discus and support Is there a trojan csrss.exe? If so how do I eliminate it. in AntiVirus, Firewalls and System Security to solve the problem; Hi, Please bear with me for a minute. I am helping my roommate with issues installing a printer to her notebook. It has been installed and running... Discussion in 'AntiVirus, Firewalls and System Security' started by Bruce SX, Apr 19, 2017.

  1. Bruce SX Win User

    Is there a trojan csrss.exe? If so how do I eliminate it.


    Hi,

    Please bear with me for a minute. I am helping my roommate with issues installing a printer to her notebook. It has been installed and running in the past.

    I searched for an answer, and I ended up in what I thought I was a chat session with someone from HP(the printer is a HP envoy 4520). In my eagerness I didn't really stop to verify that I was indeed chatting with a HP rep. My mistake?

    After a short chat, that ended with a name and number request, I received a call from someone that said they were responding to my chat session.

    OK I thought, things are going good.
    He identified himself as Shawn, and asked all the right questions(or so I thought).
    I let him have remote control over my roommates notebook.
    He proceeded to go through all the same steps I had in trying to install the printer.
    I had previously tried wireless installation and cable installation.....Both failed.
    I tried reloading from the disc. That failed.
    I tried downloading the driver from HP that failed.
    The same installation steps I took failed for Shawn as well.

    After all that he went into the following:
    C:\WINDOWS\system32\cmd.exe......which led to:C:\Users\Meg>netstat which brought up
    Active Connections

    From there he explained to me that her notebook is infected with a trojan called csrss.exe
    After a short hold he came back on the line and informed me that after a discussion with the 'technicians"
    that for US $299.99 I could get it all fixed, and we would be covered free for a year on any number of computers we ended up with.

    I told him I'd be in touch. Now I'm wondering if it was a scam I stupidly fell into.
    His phone contact # is: 1-888-573-4222 x-417

    After checking on-line for the trojan csrss.exe I found that csrss.exe is a necessary function of the notebook's OS.

    He did open a window(I cannot remember the address) that showed that a lot of function were stopped and should be running.

    He also pointed out to me(under the Active Connections) that there were foreign addresses accessing the notebook.

    So, in essence, here I am wondering what it will take to get the HP Envoy 4520 printer installed back onto the notebook, as well as wondering if I have a trojan problem.

    Am I looking at a complete wipe and re-installation?

    Any ideas?

    Thanks for looking,

    Respectfully,


    :)
     
    Bruce SX, Apr 19, 2017
    #1
  2. Jan Pac Win User

    How do I stop a windows update, if there is a power outage and I'm on an uninterruptible power supply?

    Hello,

    We're here to help.

    There's no way for us to stop Windows update, but there's a way on how to do a scheduled restart or scheduled update to prevent interruptions. You may visit this
    link to know how.

    Let us know if it helps.

    Thank you.
     
    Jan Pac, Apr 19, 2017
    #2
  3. Panpaper Win User
    How do I stop a windows update, if there is a power outage and I'm on an uninterruptible power supply?

    I've read too much about people having problems with their PCs after it shut down unexpectedly during a power outage. So I decided to buy an Uninterruptible Power Supply (UPS).

    From the product reviews of the UPS model I bought, most people were saying that they had enough time to save their work and shut down. However, I imagine that if a power outage were to happen during a windows update, is there any way to stop the windows
    update so I can shut down the computer?

    The UPS I bought is a CyberPower Ecologic Series EC750G, with 450 W. My desktop PC's power supply unit is also rated at 450 W.
     
    Panpaper, Apr 19, 2017
    #3
  4. simrick Win User

    Is there a trojan csrss.exe? If so how do I eliminate it.

    Sounds to me like you've been scammed. Sorry to hear this. *Sad

    Never, ever give anyone remote access to your system. I'm going to tell you, once they've had access, you just have no idea what they've done. It's possible they ran scripts to steal information like passwords saved in browsers. They had the opportunity to download anything onto the system. Many of these scammers leave "timebombs" which ruin the system after a certain amount of time has passed, so you end up calling them for help and giving over your credit card number, which they then use to buy eGift Cards at online retailers.

    You're only sure bet is to wipe and reinstall.
     
    simrick, Apr 19, 2017
    #4
  5. simrick Win User
    p.s. I would have your roommate change all passwords from a known clean computer right away. Start with email, move on from there. Set up 2-factor authentication on everything that offers it.

    So sorry about this. I just went through it with a friend who was scammed in this very same way, a few weeks ago. I completely reinstalled a new OS to a bare drive, to be sure everything is safe now.
     
    simrick, Apr 19, 2017
    #5
  6. Bruce SX Win User
    Thanks for your reply Simrick

    Yep...I was afraid that things may have gone South. What really raised the hairs was when he came at me to purchase an expensive fix.

    OK now. Question # 2

    Where on this site do I go for wipe n flush instruction? I'm not quite sure what category to check. I'll look and see what I can find, but in the meantime if you wouldn't mind a neutral recommendation it would be appreciated.

    I am going to have to order a restore disc(she bought the notebook from amazon, and it somehow didn't come with a restore disc).

    With respect,
     
    Bruce SX, Apr 19, 2017
    #6
  7. Bruce SX Win User
    I just spoke with my roommate and she tells me that the notebook came with win7. She also says that Microsoft automatically updated her OS to Win10.

    Sorry to appear like such a klutz...but where does that leave me in realation to this whole big ball o wax?

    Any comments?
     
    Bruce SX, Apr 19, 2017
    #7
  8. simrick Win User

    Is there a trojan csrss.exe? If so how do I eliminate it.

    Determine if she has W10 Home or Pro, (or W10N, or Single Language, as they are all different animals).
    Run ShowKeyPlus for info.
    ShowKeyPlus - - Windows 10 Forums
    (Write down the key just in case.)

    You're going to need to download the latest Windows 10 ISO for a clean install.
    Download Windows 10 ISO File - Windows 10 Installation Upgrade Tutorials
    Use option #1, and have an 8GB (or larger) flash drive ready with nothing else on it (because everything will be erased). Select to make it for another computer.

    Boot the system to the flash drive. Note you'll want to make sure you delete all partitions and install to a completely unallocated drive. That way we make sure everything is gone. Please be sure all her data is backed up before you proceed.
    Clean Install Windows 10 - Windows 10 Installation Upgrade Tutorials
    DO NOT enter a key when asked for one. Once a system has had W10 installed and activated, the digital license resides on the MS servers, and the system will activate once it goes online after the install.

    Select Custom Install, then delete all partitions. This will delete her W7 recovery partition from the OEM - that's OK, she doesn't need it anymore, and will gain the extra space.

    Install the exact same version as she had on there. It will not activate if you install a different version.


    They never do anymore, you have to create them yourself when you first get the thing. No matter, she needs W10 media, which you're going to download fresh anyway.

    Not a big deal; you'll be happy with the ease of doing this. Just ask if you have any questions, and we'll walk you through it. She will probably find that the system will run much better with a clean install; W7 upgrades tend to bring along a lot of baggage. *Smile
     
    simrick, Apr 19, 2017
    #8
  9. Bruce SX Win User
    Today I plan on initiating the disc clean-up.

    Yesterday, I ran the eset utility, on my friends notebook, and the results came up clean.

    I am taking the dog out for his morning stroll. When I return(by 10:30 am PDT) I plan to get busy. I will start with ShowKeyPlus and take it from there.
     
    Bruce SX, Apr 20, 2017
    #9
  10. simrick Win User
    Sounds good. I will be in and out today.
     
    simrick, Apr 20, 2017
    #10
  11. Bruce SX Win User
    Step one complete.
    The note book has Win10 Home installed
    The original OS(Ijust discovered) wasn't Win7 as I was informed. ShowKeyPlus tells me the OS was Win8.1
    I wrote down the keys listed.
    .
    Step two is to clean and reformat one of my flash drives. I will use my pc for that.

    Step three will to download the Win10 ISO file. If I'm correct, does version mean the same thing as build?
    ShowKeyPlus lists version 1.0.6125 at the bottom of the window.

    *Cool
     
    Bruce SX, Apr 20, 2017
    #11
  12. simrick Win User
    Great!
    .
    Pass. The ISO/USB creation tool will do that for you. *Wink
    Yeah/no/sort of.
    First, I'm going to assume you have the normal W10 Home/Pro installed; that's what you'll want to select for the download, (i.e. not "N" or "Single Language"). Then, you just want to make sure when you start the installation, you select HOME and not PRO. By installing HOME, the system will activate once it goes online. It may be, since the machine originally had W8.1 on there, setup will see the key in the BIOS, and put HOME on there for you automagically. *Wink
     
    simrick, Apr 20, 2017
    #12
  13. Bruce SX Win User

    Is there a trojan csrss.exe? If so how do I eliminate it.

    In order for me to do a clean up on the flash drive I am having to inspect and transfer duplicate, or not, data from one to the other. They are both 16GB drives. Lots of dual data. I am about halfway done(I think).

    I should have done this last night.*Redface

    Back to the grind. I should be done shortly.

    *Cool
     
    Bruce SX, Apr 20, 2017
    #13
  14. simrick Win User
    Ah. No rush. I'll be in and out.
     
    simrick, Apr 20, 2017
    #14
  15. Bruce SX Win User
    Cleaned up the flash drive awhile back.

    Went to MaxiumReflect and downloaded the free back up version to do a back up. Clicked on finish and when I go into downloads and click on ReflectDL.exe it tells me it's already running.

    So how do I access the program to create a back up disc?

    Confused at this point.

    *Cool
     
    Bruce SX, Apr 21, 2017
    #15
Thema:

Is there a trojan csrss.exe? If so how do I eliminate it.

Loading...
  1. Is there a trojan csrss.exe? If so how do I eliminate it. - Similar Threads - trojan csrss exe

  2. How do I remove this Trojan

    in Windows 10 Gaming
    How do I remove this Trojan: I have noticed that my chrome is keep on ending itself seconds after I open it. It then opens it up again with the old tab i was suspicious that I got a virus then when i was just on my device all of the sudden things like a command bar opens up then quickly leaves. Now I...
  3. How do I remove this Trojan

    in Windows 10 Software and Apps
    How do I remove this Trojan: I have noticed that my chrome is keep on ending itself seconds after I open it. It then opens it up again with the old tab i was suspicious that I got a virus then when i was just on my device all of the sudden things like a command bar opens up then quickly leaves. Now I...
  4. How do I remove this Trojan

    in AntiVirus, Firewalls and System Security
    How do I remove this Trojan: I have noticed that my chrome is keep on ending itself seconds after I open it. It then opens it up again with the old tab i was suspicious that I got a virus then when i was just on my device all of the sudden things like a command bar opens up then quickly leaves. Now I...
  5. SIHOST64.exe Mining Trojan

    in AntiVirus, Firewalls and System Security
    SIHOST64.exe Mining Trojan: Hi. I recently found a virus in my computer, sihost64 and sihost32 running on the background. I dont know how to remove it. Please help me, especially @_AW_ who was helped people with the same problem.Here i attached my...
  6. How do eliminate the password in logon

    in Windows 10 Software and Apps
    How do eliminate the password in logon: How can I eliminate the password during logon? https://answers.microsoft.com/en-us/windows/forum/all/how-do-eliminate-the-password-in-logon/b2132cf7-a9bc-432c-9ebd-5a6881bcc273
  7. How do eliminate the password in logon

    in Windows 10 Gaming
    How do eliminate the password in logon: How can I eliminate the password during logon? https://answers.microsoft.com/en-us/windows/forum/all/how-do-eliminate-the-password-in-logon/b2132cf7-a9bc-432c-9ebd-5a6881bcc273
  8. How do I remove a Trojan

    in AntiVirus, Firewalls and System Security
    How do I remove a Trojan: Hello, I downloaded a file some days ago. After that I got warning from Windows security, "That comes with windows, not the scam" It said trojan detected. It was set to quarantine. After weeks later my computer act different. My files was looking weird. It does not say any...
  9. how do I eliminate a long running script

    in Windows 10 BSOD Crashes and Debugging
    how do I eliminate a long running script: how do I eliminate a long running script https://answers.microsoft.com/en-us/windows/forum/all/how-do-i-eliminate-a-long-running-script/45acadbf-e478-464f-b1dc-2d93c8178c3e
  10. Reoccuring pcds32.exe trojan

    in AntiVirus, Firewalls and System Security
    Reoccuring pcds32.exe trojan: Hello, I've been getting a lot of notifications from bitdefender that i have viruses named: pcds32.exe, pcds64.exe, and rv32.exe. Bitdefender usually finds it in my temp folder and it'll keep disinfecting it and blocking it and I've manually deleted it as well but it keeps...