One computer running Windows XP got infected with ‘C:\Documents and Settings\mylogin\Local Settings\Temp\csrss.exe’, a malware. Antispyware found it but could not delete it. It turned out that it was started by the logon process specified by registry key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Logon’.
To manually delete:
* Manually delete the the Logon key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Logon’
* Restart computer
* Delete C:\Documents and Settings\mylogin\Local Settings\Temp\csrss.exe
Meta
Categories