As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options
Stubborn computer virus...
Ianator
Gaze upon my works, ye mightyand facepalm.Registered User regular
Gaze upon my works, ye mightyand facepalm.Registered User regular
Somehow after replacing my computer's RAM it contracted what AVG says is a Trojan. When it scans it picks up the virus in "system32/csrss.exe(588)" and "explorer.exe(3552)", plus sometimes a Firefox file. Side effects are malicious popups, occasional loss of the taskbar and the corruption of my sound drivers.
Worse yet, it also finds the viruses in (I think) memory modules as well, all relating to the above files: "system32/csrss.exe(588):\memory_00270000" and "explorer.exe(3552):\memory_001a0000". AVG is refused access to these objects, thus rendering me unable to do anything about it. MalwareBytes doesn't even find it, so that's out.
I don't think I've been to any sites I haven't been to before. Any ideas on how I can excise this thing once and for all? (I've since replaced my old memory, but no such luck getting rid of this.)
Worse yet, it also finds the viruses in (I think) memory modules as well, all relating to the above files: "system32/csrss.exe(588):\memory_00270000" and "explorer.exe(3552):\memory_001a0000". AVG is refused access to these objects, thus rendering me unable to do anything about it. MalwareBytes doesn't even find it, so that's out.
I don't think I've been to any sites I haven't been to before. Any ideas on how I can excise this thing once and for all? (I've since replaced my old memory, but no such luck getting rid of this.)
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
Ianator on
0
Posts
Movie Collection
Foody Things
Holy shit! Sony's new techno toy!
Wii Friend code: 1445 3205 3057 5295
Bad RAM can cause sound corruption due to slowing down the computer in general, so his talk of sound driver corruption does support this idea.
If you continue being unable to find anything, try pulling the RAM, it could very well be the culprit.
Echoing these thoughts here, and throwing in a few other scanning options as well. The fact that the infection is being seen in csrss.exe and explorer.exe (from the trusted paths) is somewhat unsettling, and may indicate a bootkit type virus. The malicious popups seem to indicate a genuine infection, rather than a memory corruption issue.
I'd also highly recommend burning a rescue CD or a Linux LiveCD, and using the available tools there to check your system from outside of your operating system. The fact that you're not seeing anything with scanners, but are observing suspicious behavior, further suggests a bootkit/rootkit infection of some kind - those are damned hard to pin down or identify from within the compromised OS. Here's a quick list of CDs you can try, if you wish. The 'Rescue CD' options are typically ones that will boot and run a specified program. The Live CDs will usually boot you into an operating system environment and let you do what you need to:
If you find an infection with one of these scanners, I too would suggest using one of the LiveCDs to backup your important files, and then completely reformatting your hard drive, and reinstalling your operating system on the clean drive.
Yep. I actually didn't do anything that required the sound drivers until after I put my old memory back in.
Anyways, I've got a lot of stuff to back up. Shoulda got that 2TB drive from Costco when it was still $30 off, I won't be able to afford a good external for another week.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
Things start to freeze after startup - AVG locks up if I try to scan, while avast! loses steam during a scan (think the speed of a BitTorrent winding down to zero when you finish it). I tried Safe Mode and it sorta works, but I can't internet with it and AVG will only let me do a "Command Line Scan" that ultimately didn't help much (I didn't try avast! yet). System Restore didn't do anything either, seeing as I "didn't make any changes" since the date I picked up the memory.
Speaking of memory sticks, I picked these up second-hand. Though I'm sure RAM doesn't work like this, is there any chance I could've gotten infected by them? The symptoms started showing up about two days after I installed them.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
In other words it seems extremely unlikely, an infinitely more likely thing would be you installing something around that time or even just picking it up from netbrowsing.
...Well, yeah, it's always time to price parts on Newegg.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
Why price parts on NewEgg, though? This issue should be entirely software, if you're thinking it is malware related. I'd recommend you completely reformat the hard drive, and reinstall windows. Then install security software, and only after that restore critical files from backups.
Edit: You mentioned using AVG and avast. Are you talking about the online scanners? Or did you install both full antivirus programs at the same time? Having more than one resident antivirus installed simultaneously is usually asking for trouble (like system lockups).
Also yeah AVG and avast! were both installed at the same time though not actively scanning. They were playing nice for a little while.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List
If you were pricing out parts before hand, then go for it.
But, uh, if you had Avast! and AVG installed together, and both were running resident, you could pretty much cause every single problem that you've just described. They don't need to be "actively scanning" at the same time in the sense of 'I started a virus scan with both' - If both antivirus suites were installed resident they'd be scanning everything on-access, not on-demand. Most antivirus suites will scan every single file that you write, read, or open as you do it, regardless of whether or not you requested a scan.
Having more than one antivirus running on-access can lead to lockups, and tons of false positives as one can AV see the other AV as a threat. I know some people have good luck with it, but I've never seen it work. Hell, most of the time, when switching from one AV to a different one, if you don't uninstall completely you'll run into problems.
I'd uninstall one of them, then scan the entire system with MalwareBytes. If it comes up clean with MalwareBytes after that, I'd operate it carefully for a while and see if the problems persist.
I've taken my box down and put it in the corner to think about what it's done, but I'll put it up again in a few days and uninstall avast.
Twitch | Blizzard: Ianator#1479 | 3DS: Ianator - 1779 2336 5317 | FFXIV: Iana Ateliere (NA Sarg)
Backlog Challenge List