Really Spooked by this...(Possible Trojan Infection)

[Liam]

Ok, so I was racing and was on vent when all of the sudden out of nowhere, A Lysol disinfectant commercial starting playing. At first I thought someone was playing it through vent and I remember thinking, "Wow that's terribly good quality for coming over a mic." But when I looked at the vent screen no one's hot key was open and everyone else said they couldn't hear it. So I closed down Firefox....no change......turned off vent...at this point the commercial was wrapping up and it stopped a few long moments after I turned off vent. So i was on my computer for another hour and a half, and it didn't happen again. But as I was just about to go to sleep just now, I heard music coming from my headphones. I listened carefully, it wasn't any music I own, nor was it a style of music I would even listen to. I quickly turned on my monitor.....no programs open. And a few minutes ago as I logged into the forums, the Lysol disinfectant commercial started up, again with no programs running.

Really weird....Anyway I'm gonna restart and then do a full system scan, does anyone have any idea what this is?

[BFM_Hydra]

Anyway I'm gonna restart and then do a full system scan

That's my best bet.

[BFM_Kiwi]

They're not wireless headphones are they?

[Liam]

They're not wireless headphones are they?

No, they're wired Skullcandy Ink'd earbuds.

The Virus Scan is still running.....so far it's found 3 

I'll tell you guys the results.

[BFM_SüprM@ñ]

Well, I'm not sure how/why something would keep playing but, when you go to a website and they have something like a video or image your computer downloads that image to your Cookies folder, where it is held for a certain amount of time/indefinitely if you choose so. What I'm guessing is that some how your cookies are replaying themselves at random times, not sure how or why, but that's my guess. -nods-

[Taipan™]

In firefox go tools > Clear Recent History and select time range of everything.

Sounds like you got yourself an annoying adware which they normally hang out in the internet temp folders. Or you have opened some suss exe files recently. A virus scan and a clear of your history should help fix the problem.

[Liam]

Ok, I thought I had this fixed, but it did it again this morning....I'm getting really sick of Lysol!! 

So the computer has been restarted, then turned off and let rest for a day now.

My virus scan found 3 viruses  and could only remove 2, that last one is worrying me.

Here is the report

Result: 3 malware found

System restart is needed to complete the disinfection actions!

Trojan.Generic.IS.438848 (virus)

    * C:\USERS\LIAM\APPDATA\LOCAL\TEMP\TMP_74458962.EXE
    * C:\USERS\LIAM\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\52KVU251\COMPLMGR[1].EXE Action: quarantined

Trojan.Generic.IS (virus)

    * Action: quarantined

Statistics
Scanned:

    * Files: 83611
    * Not scanned: 3

Result:

    * Viruses: 3
    * Spyware: 0
    * Suspicious items: 0
    * Riskware: 0

Actions:

    * Disinfected: 0
    * Renamed: 0
    * Deleted: 0
    * Quarantined: 2
    * Failed: 0

Boot Sectors:

    * Scanned: 4
    * Infected: 0
    * Suspicious items: 0
    * Disinfected: 0

So I deleted ALL my history, but I can't seem to find how to delete the cookies in the newest version of Firefox. Perhaps someone could tell me how?

I mentioned this to a friend, and he said that the same thing happened to him and stopped it by putting in the OS CD and restoring everything.

I'm hoping there's another solution, because my computer came with the OS pre-installed so I do not have the OS disc. 

Any Help would be greatly appreciated.

[BFM_Kiwi]

To clear cookies, click Tools >> Clear Recent History, then click on the Details button and check Cookies, set the time range to Everything then run.

You could also run window Disk Cleanup and ask it to clear temporary files (not just temporary internet files)
 

[Liam]

You could also run window Disk Cleanup and ask it to clear temporary files (not just temporary internet files)
 

I did that, then two minutes later it did it again  

Would restoring to a couple weeks ago fix the problem...or do nothing?

  AHAH- Just looked through my processes and noticed a process not run by me, csrss.exe turns out this is a known trojan. Ok, I need help here, will just ending the process help me? Or is there something more I need to do? I'm not going to do anything yet. Please let me know  

Hmm....it also says it may be a regular windows operation, could be either.....what to do what to do....

Also, when it happens my CPU Usage hits the roof.

Could agrsmsvc.exe also be of interest? It has something to do with audio, and comes up when I click show processes from all users.

As of 10:50 it's pretty much been going nonstop 

[BFM_Hydra]

Ending the process will just mean that it most likely starts up again next time you restart the computer. There are ways to delete it from coming up again - someone else can help with that technical side.

[jokerman]

Hey Liam,

csrss.exe is probably real, (hopefully at least).  agrsmsvc.exe is some soft modem service, which may not be real.  Stopping csrss.exe is not the best idea.  Stopping the other probably wouldn't harm anything but Hydra is right, it will probably just start up again.  And your computer doesn't have to restart for the virus/trojan to restart. 

I have heard of this before.  And searching for "Lysol" and "Virus" will find a ton of stuff that you don't want.  Restoring could do it, as long as you restore before the infection.  I'm sure I don't have to say it but you will lose everything you have done since the backup point.

Out of curiosity, what version of Windows are you using?  What virus scan?

[Liam]

I'm using Windows Vista Basic and ShawSecure.

[BFM_Kiwi]

csrss.exe is a legit windows process, but it looks to be a common target for viruses and worms.

If you open up task manager, right click on csrss.exe and "open file location" and see if it's at least located in c:\windows\system32.

If it's there, check the file date and see if the date matches the other exe and dlls in that folder. 

Or you could search your entire hard drive for csrss.exe and see if you find more than one.

If the file isn't in windows\system32 then let me know.  If it is there, well it still could be infected.

You could also try either windows defender or download and run ad-aware and see what they find.

[Moosh]

This isn't very helpful but I'd personally do a restore to a previous date. I did that on my own computer when I had a problem that just made no sense and I couldn't possibly find a way to fix it, and restoring it sorted that out.

[jim360]

Apologies for the spam, but this reminds me of my all-time favourite Star Trek: The Next Generation Plot. Season 2, the ship's computer starts going haywire. Suddenly they find out that it is a computer virus, and despite all their 24th Century technology still can do nothing to stop an inevitable warp core breach... then the Chief engineer suddenly realises that if he hits "system restore" the problem is fixed!

Worst plot ever.