Ok so here's the deal.  Whenever I try to run msconfig it opens for like 2 seconds and then closes itself.  I can't get anything done.  I have tried restarting, and it has been a problem for like a month now.  Has anyone had this problem and/or knows how to fix it?  Any help will be much appreciated.

youve got a virus running..

use task manager to close any programs you dont reconise, then try

my theory is that it checks for the window to be shown, then closes it. this is because as a measure to prevent it from being stopped, its not allowing you to remove it from startup.

I have tried, all the ones that I ended that look suspicious didn't help.  Any idea what it might be called?  Plus I have tried scanning with symantic, xoftspy, and ad-aware, and symantic is the only one that detects it, but it can't delete it

try running the program "autoruns" from sysinternals, disable the startup item for the process you think it is, and then reboot. then run your antivirus or boot into safemode and delete the file manually.

I think I found it, but when I try to end it, it says "This is a critical system process.  Task Manager cannot end this process."  But it might just be a regular process, but I don't think I have seen it before.

I have had this problem before, can you open control panel?  If you can't then the computer does have a virus on and you have to reformat and start over again.

I have never figured away how to get rid of this virus.

there is always turn on in safemode then disable it from startup

Ok, so I booted in safemode right, took it off startup, rebooted and it lets me open msconfig now, but the virus is still running in taskmanager Scanning with Symantec as we speak.

What do you think it is...?

csrss.exe

csrss.exe is a normal process too. See csrss.exe process information. Don't try to delete it before you are sure it really is a virus, you may damage Windows otherwise .

quote:

---

Originally posted by TylerG
I think I found it, but when I try to end it, it says "This is a critical system process.  Task Manager cannot end this process."  But it might just be a regular process, but I don't think I have seen it before.

---

quote:

---

Originally posted by MeEtc

quote:

---

Originally posted by TylerG
I think I found it, but when I try to end it, it says "This is a critical system process.  Task Manager cannot end this process."  But it might just be a regular process, but I don't think I have seen it before.

---

use services.msc to end it

Start > Run > services.msc

---

• either look at who has started the process. If it is "SYSTEM" or "NT AUTHORITY" or the likes then it means it is the legit windows process. If it is your username/computername then it means csrss.exe has started up as a normal program and thus the process is not legit and a fake.
  
• either look at the startup directory of csrss.exe. If it is C:\Windows\System32 Then that it is the legit windows program. If it is another directory, you have your virus (but seeing the directory is not possible in Windows' TaskManager).

1. Run "Process Explorer" from SysInternal. Find the not-legit csrss.exe file by right clicking on its name and checking its properties for the startup directroy and/or check who owns the process "NT AUTHORITY/SYSTEM" or you.
   
2. If found, and still in Process Explorer, kill it using right click, "Kill Process Tree".
   
3. Now run "AutoRuns" from SysInternal. And find the startup entry (or entries) of the not-legit csrss.exe and remove it.
   
4. Reboot