My Norton Anti-Virus has found "Backdoor.Padmin" a virus. It says it has infected object name: C:\winnt\system32\qossrv\csrss.exe.
What do you recommend? Symantec's Website is no help. Can I delete the "object"? If so how?
Thanks very much for your help.
This question was answered on September 4, 2003. Much of the information contained herein may have changed since posting.
I have found the following information:
Description:
This backdoor program installs itself in memory and is capable of running as a hidden process While in memory, it performs port scanning and network flooding
It is written in Microsoft Visual Basic 6 and usually arrives UPX-compressed
Solution:
Identifying the Malware Program
Before proceeding to remove this malware, first identify the malware program
Scan your system with Trend Micro antivirus and NOTE all files detected as BKDR_PADMIN.E To do this, Trend Micro customers must download the latest pattern file and scan their system Other Internet users can use HouseCall, Trend Micro's free online virus scanner
Terminating the Malware Program
This procedure terminates the running malware process from memory You will need the name(s) of the file(s) detected earlier
Open Windows Task Manager.
On Windows 95/98/ME systems, press
CTRL ALT DELETE
On Windows NT/2000/XP systems, press
CTRL SHIFT ESC, then click the Processes tab
In the list of running programs*, locate the malware file or files detected earlier
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system
Do the same for all detected malware files in the list of running processes
To check if the malware process has been terminated, close Task Manager, and then open it again
Close Task Manager
*NOTE: On systems running Windows 95/98/ME, Task Manager may not show certain processes You may use a third party process viewer to terminate the malware process Otherwise, continue with the next procedure, noting additional instructions
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup
Open Registry Editor To do this, click Start>Run, type Regedit, then press Enter
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
TaskMan=<file path of malware>
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system
Additional Windows ME/XP Cleaning Instructions
Running Trend Micro Antivirus
Scan your system with Trend Micro antivirus and delete all files detected as BKDR_PADMIN.E To do this, Trend Micro customers must download the latest pattern file and scan their system Other Internet users can use HouseCall, Trend Micro’s free online virus scanner
About the author
Posted by Student of Katharine Gibbs School - New York on September 4, 2003
Need Help with this Issue?
We help people with technology! It's what we do.
Contact or Schedule an Appointment with a location for help!