Help with csrss.exe large data send problem - Turning to the SBS pros

TheMSsForum.com: The Microsoft Software Forum

Ok, I'm turning to the SBS pros for advice on a problem I'm having at
a client's office. Everyone knows that collectively we are the best in
the business. Well, not everyone knows. I just inerited this client
and was suprised to find a computer on the internet with no firewall
or AV. The computer's IP was in the router's DMZ list. Anyway, the
network shortcomings have been resolved. There are 4 computers, and
all have been scanned and cleaned with Mcafee Stinger, Mcafee
VirusScan Enterprise 8.i, and Norton Antivirus 2003.I have also run
AdAware and Search and Destroy on all computers and cleaned spyware.
However, this one computer persists in sending huge amounts of data
out randomly throughout the day. It is enough to make their VPN
applications fail because of bandwidth issues. I installed Zone Alarm
on the trouble PC and after searching through the logs, I noticed that
csrss.exe wants outbound access persistantly. With Zone Alarm
installed, the problem seems to go away and yesterday they ran fine.
Today, I disabled Zone Alarm and the problem popped up in the
afternoon. I've researched csrss.exe virus traits but my scanners
should pick up any of these known problems. Any advice on how to
proceed? Zone Alarm provides the temporary fix, but don't SBSers want
to get to the root of the problem?

Thanks,

Steve
Top

Re: Help with csrss.exe large data send problem - Turning to the SBS pros by Marina

Marina
Fri Sep 17 17:55:15 CDT 2004

Hi Steve,

If you have tried all those programs on that machine and nothing works, you
are left with only one option which might be quicker as well: reinstall from
scratch.

--
Regards,

Marina
Microsoft SBS-MVP

"Steve Rosenfelt" <steve@nospam.com> schreef in bericht
news:kinmk0dq5v3klv5gvi82h5ackrsuh80pv3@4ax.com...
>
> Ok, I'm turning to the SBS pros for advice on a problem I'm having at
> a client's office. Everyone knows that collectively we are the best in
> the business. Well, not everyone knows. I just inerited this client
> and was suprised to find a computer on the internet with no firewall
> or AV. The computer's IP was in the router's DMZ list. Anyway, the
> network shortcomings have been resolved. There are 4 computers, and
> all have been scanned and cleaned with Mcafee Stinger, Mcafee
> VirusScan Enterprise 8.i, and Norton Antivirus 2003.I have also run
> AdAware and Search and Destroy on all computers and cleaned spyware.
> However, this one computer persists in sending huge amounts of data
> out randomly throughout the day. It is enough to make their VPN
> applications fail because of bandwidth issues. I installed Zone Alarm
> on the trouble PC and after searching through the logs, I noticed that
> csrss.exe wants outbound access persistantly. With Zone Alarm
> installed, the problem seems to go away and yesterday they ran fine.
> Today, I disabled Zone Alarm and the problem popped up in the
> afternoon. I've researched csrss.exe virus traits but my scanners
> should pick up any of these known problems. Any advice on how to
> proceed? Zone Alarm provides the temporary fix, but don't SBSers want
> to get to the root of the problem?
>
> Thanks,
>
> Steve


Top

Re: Help with csrss.exe large data send problem - Turning to the SBS pros by Jim

Jim
Fri Sep 17 20:13:24 CDT 2004

Don't forget The Cleaner from www.moosoft.com, Process Explorer from
www.sysinternals and hijack this. I just cleaned up a workstation. It
appears to have been infected on the 13th. I deleted crud from the
windows and system32 folders. Starting in safe mode helps when
fighting this nonsense. That said it was over 2 hours as this was a
PII workstation.

Format works but sometimes ii is better top learn what is messed up or
causing the problem. I renamed those suspect exes and dlls which
helped. Also do not forget registry edits. I also delete stuff but
need Process Explorrer runnig so I can fill processes during
deletions.

Steve Rosenfelt <steve@nospam.com> wrote:

>
>Ok, I'm turning to the SBS pros for advice on a problem I'm having at
>a client's office. Everyone knows that collectively we are the best in
>the business. Well, not everyone knows. I just inerited this client
>and was suprised to find a computer on the internet with no firewall
>or AV. The computer's IP was in the router's DMZ list. Anyway, the
>network shortcomings have been resolved. There are 4 computers, and
>all have been scanned and cleaned with Mcafee Stinger, Mcafee
>VirusScan Enterprise 8.i, and Norton Antivirus 2003.I have also run
>AdAware and Search and Destroy on all computers and cleaned spyware.
>However, this one computer persists in sending huge amounts of data
>out randomly throughout the day. It is enough to make their VPN
>applications fail because of bandwidth issues. I installed Zone Alarm
>on the trouble PC and after searching through the logs, I noticed that
>csrss.exe wants outbound access persistantly. With Zone Alarm
>installed, the problem seems to go away and yesterday they ran fine.
>Today, I disabled Zone Alarm and the problem popped up in the
>afternoon. I've researched csrss.exe virus traits but my scanners
>should pick up any of these known problems. Any advice on how to
>proceed? Zone Alarm provides the temporary fix, but don't SBSers want
>to get to the root of the problem?
>
>Thanks,
>
>Steve

Jim B. SBS MVP
remove the mvp to send email
Top

Re: Help with csrss.exe large data send problem - Turning to the SBS pros by Henry

Henry
Fri Sep 17 21:27:02 CDT 2004

Sounds like a Nimda variant:
http://www.f-secure.com/v-descs/nimda_e.shtml

--
Henry Craven {SBS-MVP}
CI Information Technology
Melbourne Australia

"Steve Rosenfelt" <steve@nospam.com> wrote in message
news:kinmk0dq5v3klv5gvi82h5ackrsuh80pv3@4ax.com...
>
> Ok, I'm turning to the SBS pros for advice on a problem I'm having at
> a client's office. Everyone knows that collectively we are the best in
> the business. Well, not everyone knows. I just inerited this client
> and was suprised to find a computer on the internet with no firewall
> or AV. The computer's IP was in the router's DMZ list. Anyway, the
> network shortcomings have been resolved. There are 4 computers, and
> all have been scanned and cleaned with Mcafee Stinger, Mcafee
> VirusScan Enterprise 8.i, and Norton Antivirus 2003.I have also run
> AdAware and Search and Destroy on all computers and cleaned spyware.
> However, this one computer persists in sending huge amounts of data
> out randomly throughout the day. It is enough to make their VPN
> applications fail because of bandwidth issues. I installed Zone Alarm
> on the trouble PC and after searching through the logs, I noticed that
> csrss.exe wants outbound access persistantly. With Zone Alarm
> installed, the problem seems to go away and yesterday they ran fine.
> Today, I disabled Zone Alarm and the problem popped up in the
> afternoon. I've researched csrss.exe virus traits but my scanners
> should pick up any of these known problems. Any advice on how to
> proceed? Zone Alarm provides the temporary fix, but don't SBSers want
> to get to the root of the problem?
>
> Thanks,
>
> Steve


Top

Re: Help with csrss.exe large data send problem - Turning to the SBS pros by Merv

Merv
Fri Sep 17 21:40:53 CDT 2004

I agree. At this point, flatten it and rebuild.

--
Merv Porter [SBS MVP]
===================================
"Marina Roos [SBS-MVP]" <marina@roos.nodontwantspam.nl.com> wrote in message
news:%23WGNrkQnEHA.3460@tk2msftngp13.phx.gbl...
> Hi Steve,
>
> If you have tried all those programs on that machine and nothing works,
you
> are left with only one option which might be quicker as well: reinstall
from
> scratch.
>
> --
> Regards,
>
> Marina
> Microsoft SBS-MVP
>
> "Steve Rosenfelt" <steve@nospam.com> schreef in bericht
> news:kinmk0dq5v3klv5gvi82h5ackrsuh80pv3@4ax.com...
> >
> > Ok, I'm turning to the SBS pros for advice on a problem I'm having at
> > a client's office. Everyone knows that collectively we are the best in
> > the business. Well, not everyone knows. I just inerited this client
> > and was suprised to find a computer on the internet with no firewall
> > or AV. The computer's IP was in the router's DMZ list. Anyway, the
> > network shortcomings have been resolved. There are 4 computers, and
> > all have been scanned and cleaned with Mcafee Stinger, Mcafee
> > VirusScan Enterprise 8.i, and Norton Antivirus 2003.I have also run
> > AdAware and Search and Destroy on all computers and cleaned spyware.
> > However, this one computer persists in sending huge amounts of data
> > out randomly throughout the day. It is enough to make their VPN
> > applications fail because of bandwidth issues. I installed Zone Alarm
> > on the trouble PC and after searching through the logs, I noticed that
> > csrss.exe wants outbound access persistantly. With Zone Alarm
> > installed, the problem seems to go away and yesterday they ran fine.
> > Today, I disabled Zone Alarm and the problem popped up in the
> > afternoon. I've researched csrss.exe virus traits but my scanners
> > should pick up any of these known problems. Any advice on how to
> > proceed? Zone Alarm provides the temporary fix, but don't SBSers want
> > to get to the root of the problem?
> >
> > Thanks,
> >
> > Steve
>
>


Top

Re: Help with csrss.exe large data send problem - Turning to the SBS pros by Steve

Steve
Sat Sep 18 13:37:39 CDT 2004

Thanks!
Top