backdoor.servu.based-e

hydroninja · #1 01-17-2007, 09:18 PM

This trojan can not be removed with PC Tools software. It is attached to the csrss.exe system file and safe mode without net support can not be started.

Any suggestions? I have searched for this for a couple of days and still come up empty handed. PC tools says the to remove this trojan i need to reboot, however, when I reboot it does nothing. I also use spyware doctor, and it continuously finds malware on this system.

Please help.

c_edge · #2 01-18-2007, 12:43 AM

Run a scan with PCTAV in safemode with networking.

How to Shutdown and Restart the Computer in Safe Mode with Networking:

1. Click on the Start button menu on your Task Bar
2. Select Shut Down from the menu (''Turn off Computer'' in XP). The 'Shut Down Windows' dialog box will appear.
3. Select Shut down (or, ''Turn Off'' in XP) and click the Yes (or OK) button
4. When the computer starts back up, begin immediately by pressing the F8 key repeatedly until the Windows Startup menu appears with various options
5. By using the up and down arrow keys on the keyboard, select 'Safe Mode with networking' and not any other modes.
6. Login to your account (if asked)
7. Wait and eventually Windows will start in Safe Mode
8. Connect to your internet connection
9. Open PC Tools Antivirus, Run a FULL Scan, 'Fix and Continue'
click on 'Fix and Continue'.

Please reboot your computer after you have completed these instructions.

NOTE: If you have any difficulties getting the Windows Startup menu to appear at step 6, try the following to get into Safe Mode:

Try holding down the left shift key instead of pressing the F8 key while booting up it. Begin immediately pressing the F5 key, about once a second, until the message 'Windows is bypassing your startup files' appears.

c_edge

hydroninja · #3 01-18-2007, 11:00 AM

Tried that, and I still get the message that the trojan can not be removed, I believe that the file CSRSS.EXE is associated with network support. Any other suggestions?

riFFz · #4 01-18-2007, 01:47 PM

hey hydroninja,

Could you please confirm the version you are currently using?

Click on Help - About, please ensure you are using PCTAV 3.1 and perform a Smart Update.

You can get PC Tools AntiVirus 3.1 from www.pctools.com/anti-virus/download

riFFz

hydroninja · #5 01-18-2007, 09:35 PM

downloaded lastest trial edition. Safe mode with net sup works, safe mode w/o net sup will not start completely

can't get rid of it... should I just do a sys restore? I would like to think that there is an easier way to solve the problem

c_edge · #6 01-18-2007, 11:12 PM

hmm... ok, when PCTAV detects this infection, can you copy the description of the trojan.

c_edge

AChen · #7 01-19-2007, 04:10 AM

Hi Hydroninja,

Please check this thread: http://www.pctools.com/forum/showthread.php?t=44695