|
Malware -
Harmful EXE
|
| Contains the following threat characteristics. Downloads/requests other files from Internet. Creates a startup registry entry. Uses rootkit-specific techniques in order to hide its presence in the system. Downloaded onto the computer by another threat and installs itself on the system. It will periodically report back to its home server the local operating system version, IP address and open port number. This information may then be subsequently used by the author/attacker to gain access to the computer. This article gives you step by step instructions to remove the threat manually from your computer.
| Aliases: Downloader.MisleadApp [Symantec]
Backdoor.Win32.Dreamy.v [Kaspersky Lab]
BackDoor-DSD [McAfee]
Mal/Generic-A [Sophos]
Backdoor:Win32/Knockex.H [Microsoft]
Backdoor.Win32.Dreamy.v [Ikarus]
| | Turn off - system restore : The malicious files are saved in the system restore backup. You need to turn system restore off to remove them. You can turn it ON after cleaning the computer. Click here to read more... | | View Hidden Files: You need to enable to view hidden files and folders before you can search for the virus files and folders. Click here to read more... | | Boot in safe mode: If you are unable to delete the malware files/ folders, try doing it while in windows safe mode. Click here to read more... | | If you are unable to open Task Manager
Sometimes you are not able to open the task manager, the run command etc. The virus does this. There are free tools to solve this problem. They are listed here. See which is helpful for you. Click here to read more... | Delete process/es from Task Manager: The following process may be found in the task manager. Delete it if found. Click here to read more...
cssrss.exe
| Recover folders/files: This malware deletes the following folder from the computer
C:\Windows\pchealth\helpctr\System\css
if you can confirm that indeed the above folder is deleted on your computer. You can run system file checker utility to recover the deleted folder. Click here to read more... | Delete folders/ files from the hard disk: The following files were created alongwith , delete them if found
C:\Windows\System32\0pHqxl.syz
C:\Windows\System32\D3oyqG.syz
C:\Windows\System32\cssrss.exe
C:\Windows\System32\drivers\dmboot.sys In different infections cssrss.exe could be located in different places. These are possible places where it could be found.
C:\Program Files\common files\cssrss.exe
C:\Windows\System32\cssrss.exe
C:\Documents and Settings\[UserName]\Local Settings\Temp\cssrss.exe
C:\Windows\cssrss.exe (It will be useful to run a freeware temp files/ registry cleaner like CCleaner after deleting the above files. Click here to read more...) | Delete the registry keys: by manually editing registry. You can edit the registry by using the windows built in registry editor. Click here to read more...- The newly created Registry Value is:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- WMDM PMSP Service = "%System%\cssrss.exe"
so that cssrss.exe runs every time Windows starts
| | Using Firewall: It will be helpful if you have a full featured firewall so that you can block the malicious communication of the malware. It accesses the following sites - zs0.info, v9j.info, | reprinted with permission from threat expert.
|
|
