Windows 10: Is there a trojan csrss.exe? If so how do I eliminate it.

Belarc listed her Office version as 365

I'm done for in today. Thanks for everything...especially your patience.

I'll plug back in tomorrow and see if you are available.

*Cool

 

Great. Then her subscription will be available in her MS account.

Ready when you are. *Wink

 

I will be busy this morning until about 1pm your time. I've just finished breakfast, and I am preparing to head out. I'll check back in as soon as I return.

I took a set of photos, per your excellent suggestion, of the Belarc results.

If you are available when I return, cool. If not, I have lot's of time today after I return.

Respectfully,

*Cool

 

Sounds good. I should be in and out...have some computer work to take care of today.

 

I'm back, but not ready. My roomie is going to be awhile dealing with all her passwords. I'm going to let her use my pc to reset them all. I fear it may take some time. She opted to let her pc remember all her passwords for her but she hadn't bothered to record them.

I have stressed the fact that she needs to re-evaluate her log-in procedures so that this doesn't happen again in the future. For her protection. She understands.

It isn't all her fault anyway. Had it not been for my ignorance, in surrendering control of her pc to someone unknown, this situation may not have been necessary.*Redface

*Cool

 

It really doesn't matter. Allowing your browser to remember your passwords is a very dangerous thing. All you have to do is visit a page with a malicious script that steals them all and you're screwed. A password manager is the only way to go.

She didn't by any chance use FireFox for her main browser, did she?

 

No. She likes Google Chrome.

I, however, do use Firefox as my main browser. Should I be concerned? I ask as I was going to try and convince her to do the same.

*Cool

 

I can get the passwords from Firefox easily, that's why I asked. I prefer Firefox - it's just a safer browser. I try not to use Chrome, so don't know off the top of my head how to get to the passwords in it (have to google that).

 

Or, go to passwords.google.com if they are being synced.

 

Maureen got around to changing most of her passwords this morning on my pc. She has been working all weekend so I didn't press to hard.

I should be ready to go by around 10am your time tomorrow(Monday) morning.

Again, I thank you for your patience in helping with this issue. Thanks to you there is light at the end of the tunnel. It will, however, enable me to move forward if it happens again.

On my pc I use lastpass(the free version). I will set her up with it on her notebook. I am also showing her the benefits of pc security.

Maureen asked me to relay to you her appreciation, and heartfelt thanks, for the assistance you've provided.

Best,

*Cool

 

No problem. That sounds fine. I also use LastPass and am really pleased with it.

Maureen and you are very welcome. I am sorry this happened, but, in the end, it's a good thing we are able to recover from it, and that there wasn't more severe damage at the onset. I've had scammed computers with the SysKey set by the perpetrators, so that rebooting locked the owner out completely. (and, yes, there is a way out of that as well, but it's a bit involved.)

Just a few things for Maureen to think about:
It's good to change important passwords every so often (like email, banking, online retailers). The situation of Yahoo being breached, several times, without people finding out until months later, is one example where regular password changes help mitigate those problems, at least to some degree. Once a scammer has your email password, he'll start doing password resets on all your other accounts, and virtually begin to take over your online identity. Two-factor authentication is also recommended wherever it is offered.

Never "re-use" passwords. Each account should have a unique password, so that if one is breached, it doesn't give hackers access to other accounts as well. LastPass will auto-generate secure passwords for her in the future.

LastPass should only be logged in when you need to use it; otherwise it should be set to auto-log-off after a very short amount of time, and also upon browser close. The master password should be complex, (upper+lower case letters+numbers+special characters), but in a way that is easy to remember, and never written down. It also will sync to her smartphone, and should be used there as well. It is also possible to have it generate a one-time password, in case she gets locked out. Remember, LP information is encrypted, salted and hashed using very strong algorithms before it leaves your computer to go to their online servers, so even the employees never have access to your info. Previous hacks of LP servers have resulted in useless databases of gibberish.

-------------------------------
Post 6 has the prep info for the clean install. Once you've got the downloads finished, we'll walk through it.
Please be sure to have a list of her currently installed programs, so we can get her back up and running, verify W10 Home or Pro, (you indicated it was Home), grab the W10 key from ShowKeyPlus, and all data is backed up. Important: You will *NOT* be entering a key during the install.

Question: Does she log into her computer using her MS account, or a non-MS account? If she uses her MS account to login to the computer, this computer will show up on her device list in her MS account. Once the clean install is complete, there will likely be 2 systems in her device list. The old one can then be deleted. This is relevant because MS allow a maximum of 10 devices.

 

I have got to brew a pot of coffee.

Just got in from taking my pal out for his morning necessities. I'll start on post 6 when the fog clears. When I've completed the process I'll check back in.

*Cool

 

Coffee is good. I've got a fresh cup. *Smile

Don't start the process yet, just have everything downloaded and ready to go.

 

I have the ISO download to a flash drive. I had done the download from Maureen's notebook.

Should I redo the download from my pc?

*Cool

 

I think we'll be okay, as MS check all hashes to make sure the ISO is intact before allowing you to close the media tool.

To recap:
W10 ISO is downloaded
W10 keycode is written down - does it end in H8Q99? That is the generic one for W10Home.
Edition is W10 Home (previous was W8.x)
Belarc has been photographed for any other keys needed to install other programs.
Installed programs list from Ccleaner is available (and won't be lost when reinstalling the OS?)
Office has been confirmed on her MS account as O365
Passwords have been changed on a known clean computer
All data has been backed up