I've finally had time to remove one of these suckers from someones computer (over remote assistance too). The problem is that the CSRSS.EXE process can't be killed by windows task manager because it thinks it's a proper windows progress
Anyways i have written up how to remove the virus, i've tried to make it as simplistic as possible.
--------------------------------------------------------------------
Steps for removing the "Block Checker" Virus
- Download a copy of Sysinternals Process Explorer Here
- "Un-Install" the block checker from Add/Remove Programs
- Open Process Explorer and kill the "csrss.exe" process that is not run by "SYSTEM" or "NT AUTHORITY" or similar (usually the fake is run by your username or computer name)
- Once you have killed the process csrss.exe find the process "blockchecker.exe" and kill that one
- Go into C:\Program Files and delete the folder labelled "Block checker" (where C:\ is the drive you installed Windows on)
- Open The Registry Editor (Start > Run > regedit.exe) and navigate through to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete the value named "BlockChecker"
(For help on this section, go to this site, for a wrong move in here could damage your computer)
- Delete the "exclusion_AOL.ini", "exclusion_MSN.ini" and "exclusion_Yahoo.ini" located in the windows syetm folder (C:\Windows\System)
- Enjoy your "Block Checker" Virus free system
thanks to
segosa and
CoookieRevised for their help
PS: Make sure you empty your Recycle Bin
/ 
