Is there a trojan csrss.exe? If so how do I eliminate it.

Page 1 of 10 123 ... LastLast

  1. Posts : 47
    Win 7
       #1

    Is there a trojan csrss.exe? If so how do I eliminate it.


    Hi,

    Please bear with me for a minute. I am helping my roommate with issues installing a printer to her notebook. It has been installed and running in the past.

    I searched for an answer, and I ended up in what I thought I was a chat session with someone from HP(the printer is a HP envoy 4520). In my eagerness I didn't really stop to verify that I was indeed chatting with a HP rep. My mistake?

    After a short chat, that ended with a name and number request, I received a call from someone that said they were responding to my chat session.

    OK I thought, things are going good.
    He identified himself as Shawn, and asked all the right questions(or so I thought).
    I let him have remote control over my roommates notebook.
    He proceeded to go through all the same steps I had in trying to install the printer.
    I had previously tried wireless installation and cable installation.....Both failed.
    I tried reloading from the disc. That failed.
    I tried downloading the driver from HP that failed.
    The same installation steps I took failed for Shawn as well.

    After all that he went into the following:
    C:\WINDOWS\system32\cmd.exe......which led to:C:\Users\Meg>netstat which brought up
    Active Connections

    From there he explained to me that her notebook is infected with a trojan called csrss.exe
    After a short hold he came back on the line and informed me that after a discussion with the 'technicians"
    that for US $299.99 I could get it all fixed, and we would be covered free for a year on any number of computers we ended up with.

    I told him I'd be in touch. Now I'm wondering if it was a scam I stupidly fell into.
    His phone contact # is: 1-888-573-4222 x-417

    After checking on-line for the trojan csrss.exe I found that csrss.exe is a necessary function of the notebook's OS.

    He did open a window(I cannot remember the address) that showed that a lot of function were stopped and should be running.

    He also pointed out to me(under the Active Connections) that there were foreign addresses accessing the notebook.

    So, in essence, here I am wondering what it will take to get the HP Envoy 4520 printer installed back onto the notebook, as well as wondering if I have a trojan problem.

    Am I looking at a complete wipe and re-installation?

    Any ideas?

    Thanks for looking,

    Respectfully,
    Bruce SX
      My Computer


  2. Posts : 16,325
    W10Prox64
       #2

    Sounds to me like you've been scammed. Sorry to hear this.

    Never, ever give anyone remote access to your system. I'm going to tell you, once they've had access, you just have no idea what they've done. It's possible they ran scripts to steal information like passwords saved in browsers. They had the opportunity to download anything onto the system. Many of these scammers leave "timebombs" which ruin the system after a certain amount of time has passed, so you end up calling them for help and giving over your credit card number, which they then use to buy eGift Cards at online retailers.

    You're only sure bet is to wipe and reinstall.
      My Computer


  3. Posts : 16,325
    W10Prox64
       #3

    p.s. I would have your roommate change all passwords from a known clean computer right away. Start with email, move on from there. Set up 2-factor authentication on everything that offers it.

    So sorry about this. I just went through it with a friend who was scammed in this very same way, a few weeks ago. I completely reinstalled a new OS to a bare drive, to be sure everything is safe now.
      My Computer


  4. Posts : 47
    Win 7
    Thread Starter
       #4

    Yowie


    Thanks for your reply Simrick

    Yep...I was afraid that things may have gone South. What really raised the hairs was when he came at me to purchase an expensive fix.

    OK now. Question # 2

    Where on this site do I go for wipe n flush instruction? I'm not quite sure what category to check. I'll look and see what I can find, but in the meantime if you wouldn't mind a neutral recommendation it would be appreciated.

    I am going to have to order a restore disc(she bought the notebook from amazon, and it somehow didn't come with a restore disc).

    With respect,
    Bruce SX
      My Computer


  5. Posts : 47
    Win 7
    Thread Starter
       #5

    Update on notebook


    I just spoke with my roommate and she tells me that the notebook came with win7. She also says that Microsoft automatically updated her OS to Win10.

    Sorry to appear like such a klutz...but where does that leave me in realation to this whole big ball o wax?

    Any comments?

    Bruce SX
      My Computer


  6. Posts : 16,325
    W10Prox64
       #6

    Bruce SX said:
    Thanks for your reply Simrick

    Yep...I was afraid that things may have gone South. What really raised the hairs was when he came at me to purchase an expensive fix.

    OK now. Question # 2

    Where on this site do I go for wipe n flush instruction? I'm not quite sure what category to check. I'll look and see what I can find, but in the meantime if you wouldn't mind a neutral recommendation it would be appreciated.
    Determine if she has W10 Home or Pro, (or W10N, or Single Language, as they are all different animals).
    Run ShowKeyPlus for info.
    ShowKeyPlus - - Windows 10 Forums
    (Write down the key just in case.)

    You're going to need to download the latest Windows 10 ISO for a clean install.
    Download Windows 10 ISO File - Windows 10 Installation Upgrade Tutorials
    Use option #1, and have an 8GB (or larger) flash drive ready with nothing else on it (because everything will be erased). Select to make it for another computer.

    Boot the system to the flash drive. Note you'll want to make sure you delete all partitions and install to a completely unallocated drive. That way we make sure everything is gone. Please be sure all her data is backed up before you proceed.
    Clean Install Windows 10 - Windows 10 Installation Upgrade Tutorials
    DO NOT enter a key when asked for one. Once a system has had W10 installed and activated, the digital license resides on the MS servers, and the system will activate once it goes online after the install.

    Select Custom Install, then delete all partitions. This will delete her W7 recovery partition from the OEM - that's OK, she doesn't need it anymore, and will gain the extra space.

    Install the exact same version as she had on there. It will not activate if you install a different version.


    Bruce SX said:
    I am going to have to order a restore disc(she bought the notebook from amazon, and it somehow didn't come with a restore disc).

    With respect,
    Bruce SX
    They never do anymore, you have to create them yourself when you first get the thing. No matter, she needs W10 media, which you're going to download fresh anyway.

    Bruce SX said:
    I just spoke with my roommate and she tells me that the notebook came with win7. She also says that Microsoft automatically updated her OS to Win10.

    Sorry to appear like such a klutz...but where does that leave me in realation to this whole big ball o wax?

    Any comments?

    Bruce SX
    Not a big deal; you'll be happy with the ease of doing this. Just ask if you have any questions, and we'll walk you through it. She will probably find that the system will run much better with a clean install; W7 upgrades tend to bring along a lot of baggage. :)
      My Computer


  7. Posts : 47
    Win 7
    Thread Starter
       #7

    Start


    Today I plan on initiating the disc clean-up.

    Yesterday, I ran the eset utility, on my friends notebook, and the results came up clean.

    I am taking the dog out for his morning stroll. When I return(by 10:30 am PDT) I plan to get busy. I will start with ShowKeyPlus and take it from there.

    Bruce SX
      My Computer


  8. Posts : 16,325
    W10Prox64
       #8

    Bruce SX said:
    Today I plan on initiating the disc clean-up.

    Yesterday, I ran the eset utility, on my friends notebook, and the results came up clean.

    I am taking the dog out for his morning stroll. When I return(by 10:30 am PDT) I plan to get busy. I will start with ShowKeyPlus and take it from there.

    Bruce SX
    Sounds good. I will be in and out today.
      My Computer


  9. Posts : 47
    Win 7
    Thread Starter
       #9

    Used ShowKeyPlus


    Step one complete.
    The note book has Win10 Home installed
    The original OS(Ijust discovered) wasn't Win7 as I was informed. ShowKeyPlus tells me the OS was Win8.1
    I wrote down the keys listed.
    .
    Step two is to clean and reformat one of my flash drives. I will use my pc for that.

    Step three will to download the Win10 ISO file. If I'm correct, does version mean the same thing as build?
    ShowKeyPlus lists version 1.0.6125 at the bottom of the window.

      My Computer


  10. Posts : 16,325
    W10Prox64
       #10

    Bruce SX said:
    Step one complete.
    The note book has Win10 Home installed
    The original OS(Ijust discovered) wasn't Win7 as I was informed. ShowKeyPlus tells me the OS was Win8.1
    I wrote down the keys listed.
    Great!
    .
    Bruce SX said:
    Step two is to clean and reformat one of my flash drives. I will use my pc for that.
    Pass. The ISO/USB creation tool will do that for you.
    Bruce SX said:
    Step three will to download the Win10 ISO file. If I'm correct, does version mean the same thing as build?
    ShowKeyPlus lists version 1.0.6125 at the bottom of the window.

    Yeah/no/sort of.
    First, I'm going to assume you have the normal W10 Home/Pro installed; that's what you'll want to select for the download, (i.e. not "N" or "Single Language"). Then, you just want to make sure when you start the installation, you select HOME and not PRO. By installing HOME, the system will activate once it goes online. It may be, since the machine originally had W8.1 on there, setup will see the key in the BIOS, and put HOME on there for you automagically.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 04:46.
Find Us




Windows 10 Forums