Virus Alert (csrcs.exe, MxEnge.exe and sysdrv.sys/exe)
Updated: 21 May 2010 | 5 comments
This issue has been solved. See solution.
Virus alert, cannot be detected by most of the antivirus out in the market.
Will reside on one of our Recycler profiles. (You should delete the files Desktop.ini, MxEng.exe) if it is in use, you can use the utility Unlocker 1.8)
The virus will create registry entries on
1. HKLM\SOftware\Microsoft\Windows NT\Winlogon\Shell (it will add the exe file csrcs.exe after Explorer.exe)
2. HKLM\SOftware\Microsoft\Windows NT\Winlogon\Taskmon (pls delete this entry)
The virus will use System (svchost) to infect other pcs on the network. It will also scan/send the virus on your network.
I will try to upload samples to Symantec Security Response asap..
discussion Filed Under:
Comments
Thanks for the information
Thanks for the information Paul..
Regards,
Srinivas H.P.
HCL Infosystems Ltd
I had this long back 6-7
I had this long back 6-7 months ago..
it also creates an exception in the firewall for csrcs.exe and it creates a service for the same.Since it is a service even if you kill the process it will re-appear.So you will have to delete the service then kill it then submit/delete files.
it also dumps svhost/svhcost or something similar to svchost.exe file to temp of user profile and/or 5temp%.
It is a worm.
VMWARE-- SEP 12.1 vs McAfee vs Trend Micro
Re
Yes vikram, in my case, the process csrcs.exe hides in the service Explorer.exe on windows logon, that's why it's hard to detect.
Update
Here's a link as to what anti-virus programs can detect it.
http://www.virustotal.com/analisis/902b323658191b2...
Unfortunately for Symantec it's not detected yet. :(
Quick detail about the virus;
http://www.prevx.com/filenames/X60308334875662037-...
Porn sites open automatically solve this problem
What i have to do solve this problem?
Please say me in details.
Would you like to reply?
Login or Register to post your comment.