Trojan ?? Sticky-keys message at starup and random, F8 safe boot disbled, multiple selection.


  • Trojan ?? Sticky-keys message at starup and random, F8 safe boot disbled, multiple selection.
    I have this problem,  most likely related to some TROJAN (?), which I belive, got after downoading a Virtual-DJ torrent... :-(?). And after many many hours & DAYS of searching have not  been able to clean or solve yet !! :-( 
     Machine: a Lenovo (IBM) 3000 N200 NoteBook.
     Windooze: Vista starter
    Problem: right at boot, (also in safe mode !!), a Sticky-key, and / or a filter-key dialog window message appears !!  Even before selecting "user" (logging in)...
    After logging in, the desktop icons cant be selected individualy, but always a "group" is selected (from the "first" to the one clicked). Same behaviour in Windows explorer where the object selection is MULTIPLE, as if SHIFT is beeing pressed (stuck).
     And randomly problem "clears" itself, but comes back after some  minutes initially, or even after some 70m minutes or so...
     The process y relate to, seems to be "csrss.exe", where multiple instances "appear" but with different "memory eating" (I presume some 4-5 kB is legit, while the one with abot 1k Byte is bogus (trojan?)...
     The messaage/dialog box may appear 9 times at once initialy (one ove the other, you wont notice, until u click-move the window aside!). Later I have had up to 21 message boxes at once!
     "Clearing" the sticky-behaivour by going into control panel accesibility, does NOT change (solve) anything, and when in "bad behaviour mode" the "normal" Sticky or Filter on/off by holding SHIFT-right 8+ seconds, or clicking 5x times dont seem to respond at all !!
    Also trying to boot into SAFE F8 mode does NOT respond - seems as if F8 is disabled.
    Also already tried external USB keyboard, and NEW (admin) user account, which seemed to solve the problem(s), but after Win Update, that profile went "corrupt" and I am stuck with the old profile AND problem.
    It is NOT seen by Avira, not by SpyBoot, not by Malwarebytes and a dozen I have already tried.
    HijackThis does not show any strange "run" at startup (autorun).
    A regedit search for "csrss" gives  -I think- more results than "normal", but here my knowledge stops, tos ay which is legit and which NOT !  ??

    ANY ANY hint is welcome.  THANKS :-)

    Saturday, December 26, 2009 5:41 PM

All replies