Zorkinhimerlingling
asked on
Virus blocking antivirus websites
Hi all
I got a virus from a sent from while on msn. It disabled my AV (AVG) and closes msconfig, regedit and things like that. It also blocks ALL antivirus websites! It runs as csrss.exe (the illegit one). I managed to disable/delete it, but its damage is done. I cannt get to any AV site yet. I have run avg, trendmicro, ewido and aware... all to no avail. I also ran the winsock fix. Any ideas guys?
I got a virus from a sent from while on msn. It disabled my AV (AVG) and closes msconfig, regedit and things like that. It also blocks ALL antivirus websites! It runs as csrss.exe (the illegit one). I managed to disable/delete it, but its damage is done. I cannt get to any AV site yet. I have run avg, trendmicro, ewido and aware... all to no avail. I also ran the winsock fix. Any ideas guys?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ah you guys are great, will try that tonight. Yes I heard something about chod in my research of this problem...
ASKER
Fixing the host file fixed my problem, thank you very much.
No problem, thanks!
The virus added those entries in your hosts file but the virus would still be there I guess unless it has been removed.
If problem comes back just run the tool I've mentioned.
Anyhow, we'll be here to help anytime, :)
Good luck!
The virus added those entries in your hosts file but the virus would still be there I guess unless it has been removed.
If problem comes back just run the tool I've mentioned.
Anyhow, we'll be here to help anytime, :)
Good luck!
ASKER
Wish i had more points to give out. Anyway, yes I deleted the virus from my java cache, and had previously ran hijack this. This was just the final damage it had caused. It was interesting to see that exact list of websites it was blockin'. What a bugger!
>>Wish i had more points to give out. <<
Don't worry, we would still help even if you only have 20 pts to give, :)
Glad you got rid of the virus that's the main thing.
One day when you become a premium member you'll have unlimited points to give, :)
Don't worry, we would still help even if you only have 20 pts to give, :)
Glad you got rid of the virus that's the main thing.
One day when you become a premium member you'll have unlimited points to give, :)
but without looking at your log I'm 90% positive that what you have is the chod.d worm and here is the fix.( I could be wrong of course but it doesn't hurt to run the tool)
Please Download MsnVirRem.exe to your desktop from one of the following mirrors:
http://downloads.malwareremoval.com/MsnVirRem.exe
http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item9
http://www.greyknight17.com/spy/MsnVirRem.exe
* First close any other programs you have running as this will require a reboot
* Double click MsnVirRem.exe to run it
* Once open, click the button labelled "Search and Destroy"
<<Your computer will now be scanned for Infected Files>>
* When scanning is finished you will be prompted to reboot only if infected, Click OK
* Now click the "REBOOT" Button.
* After the Reboot, you WILL receive file not found errors (usually 4) please acknowledge them and continue.
* A Message should popup from MsnVirRem if not, double click the program again and it will finish
Please Post the contents of C:\msnvirrem.log