A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows 7 » Windows 7 Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

OT I still suspect my computer is infected



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old July 19th 15, 12:24 AM posted to alt.windows7.general
Seymore4Head
external usenet poster
 
Posts: 88
Default OT I still suspect my computer is infected

Sorry for the OT post but I am unaware of an "active" Usenet group for
virus. I use Win7 and F Secure. F Secure reports a clean system,
but the "deep guard" has just blocked a program I use called Clipmate.
I don't know why F Secure would do that. I scanned the Clipmate
folder and then just uninstalled it.

F Secure found nothing suspicious, but just having it blocked is
suspicious enough for me.

I took a screen shot of the task manager. There are 3 files that
don't show a description, but searching the net, they have a valid
purpose.

http://i.imgur.com/mHdrfWU.png

Anything about the task manager look suspicious to anyone here?

TIA

BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer
to scan for it's location.

Ads
  #2  
Old July 19th 15, 01:03 AM posted to alt.windows7.general
Paul
external usenet poster
 
Posts: 18,275
Default OT I still suspect my computer is infected

Seymore4Head wrote:
Sorry for the OT post but I am unaware of an "active" Usenet group for
virus. I use Win7 and F Secure. F Secure reports a clean system,
but the "deep guard" has just blocked a program I use called Clipmate.
I don't know why F Secure would do that. I scanned the Clipmate
folder and then just uninstalled it.

F Secure found nothing suspicious, but just having it blocked is
suspicious enough for me.

I took a screen shot of the task manager. There are 3 files that
don't show a description, but searching the net, they have a valid
purpose.

http://i.imgur.com/mHdrfWU.png

Anything about the task manager look suspicious to anyone here?

TIA

BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer
to scan for it's location.


You can upload files to www.virustotal.com . That
site is owned by Google now, as Google bought them.

It scans files, but takes a shortcut on the way.
If you have a modern enough browser, virustotal
computes a checksum and first uploads the checksum.
If the checksum matches an existing file, you
are shown the "analysis" with no additional work.

If the file you submit is "unique", only then does
virustotal upload it.

Since the bad guys can use that tool as easily
as the good guys, chances are a real malware
will read out "as clean as a whistle".

I suspect what has happened to you, is Fsecure
is using the same "reputation" based analysis its
competitors use. If a program is not "popular",
doesn't have a lot of downloads, then if is
"flagged as suspicious". So rather than stuff
being tossed because of an actual AV scan, it's
being tossed because the name is not in an
"approved list". Which is a **** poor way of
doing malware checking. As just about everything
you download, is now "suspicious" because you
downloaded it!

Paul
  #3  
Old July 19th 15, 02:29 AM posted to alt.windows7.general
Tigger
external usenet poster
 
Posts: 101
Default OT I still suspect my computer is infected

Seymore4Head writted thus:

Sorry for the OT post but I am unaware of an "active" Usenet group for
virus. I use Win7 and F Secure. F Secure reports a clean system, but
the "deep guard" has just blocked a program I use called Clipmate.
I don't know why F Secure would do that. I scanned the Clipmate folder
and then just uninstalled it.

F Secure found nothing suspicious, but just having it blocked is
suspicious enough for me.

I took a screen shot of the task manager. There are 3 files that don't
show a description, but searching the net, they have a valid purpose.

http://i.imgur.com/mHdrfWU.png

Anything about the task manager look suspicious to anyone here?

TIA

BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer to
scan for it's location.


Download the free scanner from:
http://malwarebytes.org
and run the full scan. That is the best way to determine if
"csrss.whatever" is a trojan or not.

BTW, you are far too paranoid, calm down and trust your AV, or get
another that you do trust otherwise you will drive yourself nuts...



--
Free Dropbox: http://db.tt/aI6WBZ7w
  #4  
Old July 19th 15, 02:33 AM posted to alt.windows7.general
Tigger
external usenet poster
 
Posts: 101
Default OT I still suspect my computer is infected

tigger writted thus:

Seymore4Head writted thus:


BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer
to scan for it's location.


You could also read this....

http://answers.microsoft.com/en-us/p...protect_other-
protect_scanning/i-have-two-csrssexe-and-
csrssexemui/30812b09-3ca5-4f8b-8cf1-7b8c8afe8f74?auth=1
  #5  
Old July 19th 15, 03:45 AM posted to alt.windows7.general
Seymore4Head
external usenet poster
 
Posts: 88
Default OT I still suspect my computer is infected

On Sun, 19 Jul 2015 01:29:16 +0000 (UTC), tigger
wrote:

Seymore4Head writted thus:

Sorry for the OT post but I am unaware of an "active" Usenet group for
virus. I use Win7 and F Secure. F Secure reports a clean system, but
the "deep guard" has just blocked a program I use called Clipmate.
I don't know why F Secure would do that. I scanned the Clipmate folder
and then just uninstalled it.

F Secure found nothing suspicious, but just having it blocked is
suspicious enough for me.

I took a screen shot of the task manager. There are 3 files that don't
show a description, but searching the net, they have a valid purpose.

http://i.imgur.com/mHdrfWU.png

Anything about the task manager look suspicious to anyone here?

TIA

BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer to
scan for it's location.


Download the free scanner from:
http://malwarebytes.org
and run the full scan. That is the best way to determine if
"csrss.whatever" is a trojan or not.

BTW, you are far too paranoid, calm down and trust your AV, or get
another that you do trust otherwise you will drive yourself nuts...


Too paranoid? Do you not think that the firewall blocking a known
trusted program called Clipmate is a reason to suspect something is
wrong?
  #6  
Old July 19th 15, 04:21 AM posted to alt.windows7.general
Seymore4Head
external usenet poster
 
Posts: 88
Default OT I still suspect my computer is infected

On Sun, 19 Jul 2015 01:33:58 +0000 (UTC), tigger
wrote:

tigger writted thus:

Seymore4Head writted thus:


BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer
to scan for it's location.


You could also read this....

http://answers.microsoft.com/en-us/p...protect_other-
protect_scanning/i-have-two-csrssexe-and-
csrssexemui/30812b09-3ca5-4f8b-8cf1-7b8c8afe8f74?auth=1


http://imgur.com/a/i9PXV

I just checked "Show processes from all users" It doubled the amount
of stuff listed.
I was using Team Viewer although it shouldn't have been running. I
uninstalled that.
I still have lots of stuff and as far as I know, I am the only user.
When I tried to switch users. I was the only log on name found.

  #7  
Old July 19th 15, 05:21 AM posted to alt.windows7.general
Good Guy[_2_]
external usenet poster
 
Posts: 3,354
Default OT I still suspect my computer is infected

On 19/07/2015 03:45, Seymore4Head wrote:
Too paranoid? Do you not think that the firewall blocking a known
trusted program called Clipmate is a reason to suspect something is
wrong?


A program like clipmate is unknown to Symantec and I suspect to McAfee
as well but if you have followed "Safe Hex" of computing i.e. backed up
your personal docs, images, videos and anything else that is too
valuable to lose, then resetting the machine to factory standard would
be the best way to remove any doubts in your mind. It takes about 30
minutes maximum assuming you haven't many things to re-install and that
you are very organized like me.

You will get all sorts of suggestions here from drug junkies and Linux
junkies but you won't get satisfaction from any of them. Just reset the
machine and problem solved.





  #8  
Old July 19th 15, 08:07 AM posted to alt.windows7.general
SPD[_2_]
external usenet poster
 
Posts: 38
Default OT I still suspect my computer is infected

Didn't you read the article tigger tried to send you to?

"Seymore4Head" wrote in message
...
On Sun, 19 Jul 2015 01:33:58 +0000 (UTC), tigger
wrote:

tigger writted thus:

Seymore4Head writted thus:


BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer
to scan for it's location.


You could also read this....

http://answers.microsoft.com/en-us/p...protect_other-
protect_scanning/i-have-two-csrssexe-and-
csrssexemui/30812b09-3ca5-4f8b-8cf1-7b8c8afe8f74?auth=1


http://imgur.com/a/i9PXV

I just checked "Show processes from all users" It doubled the amount
of stuff listed.
I was using Team Viewer although it shouldn't have been running. I
uninstalled that.
I still have lots of stuff and as far as I know, I am the only user.
When I tried to switch users. I was the only log on name found.




  #9  
Old July 19th 15, 11:24 AM posted to alt.windows7.general
mechanic
external usenet poster
 
Posts: 1,064
Default OT I still suspect my computer is infected

On Sun, 19 Jul 2015 05:21:44 +0100, Good Guy wrote:

You will get all sorts of suggestions here from drug junkies and Linux
junkies but you won't get satisfaction from any of them. Just reset the
machine and problem solved.


What, take my machine back to 1990? Too much water under the
bridge...
  #10  
Old July 19th 15, 06:18 PM posted to alt.windows7.general
Stef
external usenet poster
 
Posts: 364
Default OT I still suspect my computer is infected

Seymore4Head wrote:

Sorry for the OT post but I am unaware of an "active" Usenet group for
virus. I use Win7 and F Secure. F Secure reports a clean system,
but the "deep guard" has just blocked a program I use called Clipmate.
I don't know why F Secure would do that. I scanned the Clipmate
folder and then just uninstalled it.

F Secure found nothing suspicious, but just having it blocked is
suspicious enough for me.

I took a screen shot of the task manager. There are 3 files that
don't show a description, but searching the net, they have a valid
purpose.

http://i.imgur.com/mHdrfWU.png

Anything about the task manager look suspicious to anyone here?

TIA

BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer
to scan for it's location.


Download and install the free versions of the two programs below.
Do the FULL scan with both, in sequence. Depending on the size of your
drive/partitions, this can take a while. Be patient. Follow the
instructions. Don't do anything on the computer while the scan
is working. See what they find.

https://www.malwarebytes.org/
http://www.superantispyware.com/


Stef
  #11  
Old July 19th 15, 06:42 PM posted to alt.windows7.general
Seymore4Head
external usenet poster
 
Posts: 88
Default OT I still suspect my computer is infected

On Sun, 19 Jul 2015 17:18:01 +0000 (UTC), Stef
wrote:

Seymore4Head wrote:

Sorry for the OT post but I am unaware of an "active" Usenet group for
virus. I use Win7 and F Secure. F Secure reports a clean system,
but the "deep guard" has just blocked a program I use called Clipmate.
I don't know why F Secure would do that. I scanned the Clipmate
folder and then just uninstalled it.

F Secure found nothing suspicious, but just having it blocked is
suspicious enough for me.

I took a screen shot of the task manager. There are 3 files that
don't show a description, but searching the net, they have a valid
purpose.

http://i.imgur.com/mHdrfWU.png

Anything about the task manager look suspicious to anyone here?

TIA

BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer
to scan for it's location.


Download and install the free versions of the two programs below.
Do the FULL scan with both, in sequence. Depending on the size of your
drive/partitions, this can take a while. Be patient. Follow the
instructions. Don't do anything on the computer while the scan
is working. See what they find.

https://www.malwarebytes.org/
http://www.superantispyware.com/


Stef


I ran superantispyware first and got 518 tracking cookies.
I ran malwarebytes and it found 4 faketrojanalerts

Thanks
  #12  
Old July 19th 15, 06:55 PM posted to alt.windows7.general
al
external usenet poster
 
Posts: 45
Default OT I still suspect my computer is infected

On 7/19/2015 1:42 PM, Seymore4Head wrote:
On Sun, 19 Jul 2015 17:18:01 +0000 (UTC), Stef
wrote:

Seymore4Head wrote:

Sorry for the OT post but I am unaware of an "active" Usenet group for
virus. I use Win7 and F Secure. F Secure reports a clean system,
but the "deep guard" has just blocked a program I use called Clipmate.
I don't know why F Secure would do that. I scanned the Clipmate
folder and then just uninstalled it.

F Secure found nothing suspicious, but just having it blocked is
suspicious enough for me.

I took a screen shot of the task manager. There are 3 files that
don't show a description, but searching the net, they have a valid
purpose.

http://i.imgur.com/mHdrfWU.png

Anything about the task manager look suspicious to anyone here?

TIA

BTW from a web page csrss.exe can be harmful/benign. I tried to do a
"properties" on the file and nothing happened. I had to use Explorer
to scan for it's location.


Download and install the free versions of the two programs below.
Do the FULL scan with both, in sequence. Depending on the size of your
drive/partitions, this can take a while. Be patient. Follow the
instructions. Don't do anything on the computer while the scan
is working. See what they find.

https://www.malwarebytes.org/
http://www.superantispyware.com/


Stef


I ran superantispyware first and got 518 tracking cookies.
I ran malwarebytes and it found 4 faketrojanalerts

Thanks


You might want to follow up with adwcleaner, it has been very good AFTER
the typical scanners. Majorgeeks has the latest
http://www.majorgeeks.com/files/details/adwcleaner.html
portable
  #13  
Old July 19th 15, 07:19 PM posted to alt.windows7.general
Dave Cohen[_2_]
external usenet poster
 
Posts: 25
Default OT I still suspect my computer is infected

On Sun, 19 Jul 2015 05:21:44 +0100, Good Guy wrote:

On 19/07/2015 03:45, Seymore4Head wrote:
Too paranoid? Do you not think that the firewall blocking a known
trusted program called Clipmate is a reason to suspect something is
wrong?


A program like clipmate is unknown to Symantec and I suspect to McAfee
as well but if you have followed "Safe Hex" of computing i.e. backed up
your personal docs, images, videos and anything else that is too
valuable to lose, then resetting the machine to factory standard would
be the best way to remove any doubts in your mind. It takes about 30
minutes maximum assuming you haven't many things to re-install and that
you are very organized like me.

You will get all sorts of suggestions here from drug junkies and Linux
junkies but you won't get satisfaction from any of them. Just reset the
machine and problem solved.




html
head
meta content="text/html; charset=UTF-8" http-equiv="Content-Type"
/head
body text="#000000" bgcolor="#FFFFCC"
div class="moz-cite-prefix"On 19/07/2015 03:45, Seymore4Head
wrote:br
/div
blockquote om"
type="cite" pre wrap=""
/pre
pre wrap=""
Too paranoid? Do you not think that the firewall blocking a known
trusted program called Clipmate is a reason to suspect something is
wrong?
/pre
/blockquote
br
A program like clipmate is unknown to Symantec and I suspect to
McAfee as well but if you have followed "Safe Hex" of computing i.e.
backed up your personal docs, images, videos and anything else that
is too valuable to lose, then resetting the machine to factory
standard would be the best way to remove any doubts in your mind.
It takes about 30 minutes maximum assuming you haven't many things
to re-install and that you are very organized like me.br
br
You will get all sorts of suggestions here from drug junkies and
Linux junkies but you won't get satisfaction from any of them.Â* Just
reset the machine and problem solved.br
br
br
br
br
/body
/html


An added plus is following GoodGuy you can peruse the html stuff he
includes in all his posts.
Any one who can bring an as purchased install to a current condition in 30
minutes isn't running much in the way of user installed programs.
  #14  
Old July 19th 15, 10:28 PM posted to alt.windows7.general
Shadow
external usenet poster
 
Posts: 1,638
Default OT I still suspect my computer is infected

On Sat, 18 Jul 2015 19:24:57 -0400, Seymore4Head
wrote:

Sorry for the OT post but I am unaware of an "active" Usenet group for
virus. I use Win7


Ah ! That explains it. Phoning home, datamining, downloading
suspicious patches ? That's Win 7 alright. They say Windows 10 and
Chrome are even worse.
If you want advice on malware, first upload the suspicious
file to Jotti

https://virusscan.jotti.org/

If you need any help, try posting to alt.comp.virus or
alt.comp.antivirus.
Or:
https://forums.malwarebytes.org/index.php
http://www.bleepingcomputer.com/forums/f/79/security/
[]'s

PS avoid calling malware a virus in the newsgroups and forums.
Viruses are very rare these days.
--
Don't be evil - Google 2004
We have a new policy - Google 2012
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 01:32 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.