Solved csrss and javaw.exe

[DavisRaymondArt]

I have recently seen 2 weird processes "javaw.exe" and "csrss.exe" both are running from hidden folders and are hidden themselves . When any of the two "Even javaw" process is killed my pc immediatly has a memory dump . Can someone tell me how to fix or remove this problem please

 

[LMiller7]

Welcome to the forum.

What is the exact and full path to these processes. This is critical.

 

[DavisRaymondArt]

javaw : C:\Users\msi\AppData\Local\Sun

csrss : C:\Users\msi\AppData\Local\Temp

 

[DavisRaymondArt]

Welcome to the forum.

What is the exact and full path to these processes. This is critical.

javaw : C:\Users\msi\AppData\Local\Sun

csrss : C:\Users\msi\AppData\Lo

 

[Laith]

javaw is the Java process.

csrss is a critical system file but that one you listed there is a fake csrss, caused by an infection. From my experience with those fake cssrs:es is that they are very hard to remove. If you do remove the fake cssrs BSODs will occur at shutdown(0xF4's to be exact), that's why i find them very hard to remove. I haven't tried deleting it from safe mode but someone here at the forums probably knows how to delete this virus.

 

[DavisRaymondArt]

javaw is the Java process.

csrss is a critical system file but that one you listed there is a fake csrss, caused by an infection. From my experience with those fake cssrs:es is that they are very hard to remove. If you do remove the fake cssrs BSODs will occur at shutdown(0xF4's to be exact), that's why i find them very hard to remove. I haven't tried deleting it from safe mode but someone here at the forums probably knows how to delete this virus.

Javaw itself when closed causes 0xF4 BSOD so i think it has a connection in a way

 

[Laith]

Oh, that means both are fakes.

 

[DavisRaymondArt]

Oh, that means both are fakes.

Yes it seems though and its gotten so far to the point switching off my pc causes this error

 

[Laith]

Exactly, they are very hard to remove.

 

[DavisRaymondArt]

Yea still hoping someone has a solution

 

[Laith]

You can try running Malwarebytes in Safe Mode.
http://www.sevenforums.com/tutorials/338716-malwarebytes-anti-malware-free.html
http://www.sevenforums.com/tutorials/69585-safe-mode.html

 

[MoxieMomma]

You can try running Malwarebytes in Safe Mode.
http://www.sevenforums.com/tutorials/338716-malwarebytes-anti-malware-free.html
http://www.sevenforums.com/tutorials/69585-safe-mode.html

In addition to @Laith's expert advice....

For the record, in order to work properly & completely, MBAM ought to be run in normal Windows mode.
Running it in Safe Mode is not recommended and is really a last resort, especially since there are other means (such as Chameleon) to get it to run on badly infected systems.

Having said that, as @Laith also mentioned, some types of malware can be very difficult to fully remove & repair, as explained here.

If you still need help with this after running the aforementioned scan, then you might want to head over to one of several computer disinfection fora for a bit of expert, free help (unless @Laith, @Jacee,@cottonball, or someone else here can walk you through it).

Cheers,

MM

 

[Laith]

I would suggest a re-install to completely get rid of this problem as it's very hard virus to properly fix. If you do have a system restore please restore from that.

 

[DavisRaymondArt]

Is there a way to boot up to system restore and choose a restore ? Since the control panel method has failed and asks for a disk check which fails due to some software guessing the malware

 

[Laith]

Safe mode.

 

[DavisRaymondArt]

Before i start the process let me confirm . 1. I have to run malwarebytes in safe mode 2. Run a system restore in safe mode . Then all done ?

 

[Laith]

No, run Malwarebytes Charmeleon, if it fixes it, it fixes it. System restore is if Charmeleon didn't fix it.

 

[DavisRaymondArt]

No, run Malwarebytes Charmeleon, if it fixes it, it fixes it. System restore is if Charmeleon didn't fix it.

Okay starting the process i will post results soon

 

[Laith]

Sounds good to me.

 

[DavisRaymondArt]

It worked guys. Thank you all so much ^^ still doing extra scans just incase malware bytes left some over