crrss.exe trojan vs. csrss.exe

[Kultigin]

Hi all,

I just want you to know what's happened to my laptop for a few days. I was getting a network shield alert from avast for a couple of days about a process "C:\Windows\system32\crrss.exe" is trying to connect to http:/ /yourteen.info/2/z.php (see attached screen shot)

I usually don't shutdown my computer, I just go to sleep mode so I didn't see any problem except the annoying alert from avast. I cleaned all the cache data of my Opera browser and close all of the open sites, no luck. I thought I should restart my computer this evening so maybe avast catches any virus or trojan on bootscan. After my login screen everything went black except the mouse cursor. Ctrl+Alt+Del works though. I couldn't see my desktop. I then realized somethings going on.

I have no idea how or where it comes from but the threat is real. Avast prevented it to connect to the site but it doesn't catch it as a bad file when it scans it.

I searched this forum, there are a lot of subjects about "cSRss.exe" but nothing about "cRRss.exe". It's a sneaky and a new one, there are some warnings on Google if you search for "crrss.exe".

[Pondus]

-http://yourteen.info/2/z.php   link is dead

C:\Windows\system32\crrss.exe

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
when you have the result, copy the url in the address bar and post it here for us to see


alternative
Jotti     http://virusscan.jotti.org/en
VirSCAN   http://virscan.org/
Metascan  http://metascan-online.com/






follow the guide here and attach all logs....not copy and paste
http://forum.avast.com/index.php?topic=53253.0

Essexboy will then help you when he arrive here tomorrow

[zambala]

I have EXACTLY the same problem now.....
just a small detail, instead of http:/ /yourteen.info/2/z.php it's coming to me from http:/ /girl-fat.com/2/z.php

please help....

[Pondus]

please help....

How to get help is posted above....

[zambala]

I updated above with log from Malwarebytes , I have from Avast but looking where in Avast to find logs....

p.s. but logon.exe from user/user I was deleting like 20 times, every few minutes, and Malwarebytes didn't show me CRRS process , but Avast did....
And it blocked the link like 10 times...

[Pondus]

did you go to the guide here ?
http://forum.avast.com/index.php?topic=53253.0

did you read everything written in red before you started...

[Kultigin]

Sorry to hear your problem zambala. I didn't clean this virus by myself but my brother cleaned it by following the instructions of Sanjay C Rajure in here. After applying his guides, set the avast boot time scan to work on next startup. Avast cleans the other harmful files which Mr. Rajure didn't mention.

P.S. @Pondus: I reviewed my first post in this topic now and I realized I forgot to mention that my brother had already cleaned up the virus by the time I sent the message. I just felt like to report it.