Trojan ?? Sticky-keys message at starup and random, F8 safe boot disbled, multiple selection.
I have this problem, most likely related to some TROJAN (?), which I belive, got after downoading a Virtual-DJ torrent... :-(?). And after many many hours & DAYS of searching have not been able to clean or solve yet !! :-(
Machine: a Lenovo (IBM) 3000 N200 NoteBook.
Windooze: Vista starter
Problem: right at boot, (also in safe mode !!), a Sticky-key, and / or a filter-key dialog window message appears !! Even before selecting "user" (logging in)...
After logging in, the desktop icons cant be selected individualy, but always a "group" is selected (from the "first" to the one clicked). Same behaviour in Windows explorer where the object selection is MULTIPLE, as if SHIFT is beeing pressed (stuck).
And randomly problem "clears" itself, but comes back after some minutes initially, or even after some 70m minutes or so...
The process y relate to, seems to be "csrss.exe", where multiple instances "appear" but with different "memory eating" (I presume some 4-5 kB is legit, while the one with abot 1k Byte is bogus (trojan?)...
The messaage/dialog box may appear 9 times at once initialy (one ove the other, you wont notice, until u click-move the window aside!). Later I have had up to 21 message boxes at once!
"Clearing" the sticky-behaivour by going into control panel accesibility, does NOT change (solve) anything, and when in "bad behaviour mode" the "normal" Sticky or Filter on/off by holding SHIFT-right 8+ seconds, or clicking 5x times dont seem to respond at all !!
Also trying to boot into SAFE F8 mode does NOT respond - seems as if F8 is disabled.
Also already tried external USB keyboard, and NEW (admin) user account, which seemed to solve the problem(s), but after Win Update, that profile went "corrupt" and I am stuck with the old profile AND problem.
WHAT KIND OF TROJAN MIGHT THIS BE ???
It is NOT seen by Avira, not by SpyBoot, not by Malwarebytes and a dozen I have already tried.
HijackThis does not show any strange "run" at startup (autorun).
A regedit search for "csrss" gives -I think- more results than "normal", but here my knowledge stops, tos ay which is legit and which NOT ! ??
ANY ANY hint is welcome. THANKS :-)
This forum is for writing security related software. I suggest you visit the "where is the forum for" forum near the top of the forum homepage to find a forum related to your issue.
The following is signature, not part of post
Please mark the post answered your question as the answer, and mark other helpful posts as helpful.
Visual C++ MVP
Hi - I think my information can help you:
Hmm? This is bad, I think this can be a combination of a "worm" and a boot-sector virus.
To be able to remove these, Symantec Corporation has provided some specific virus removal
tools to find and clean the PC from these infections.
Here are they:
Sheng Jiang MVP:
We still can help him here, since, if the OP seems lost
then we help him, and try to answer his question.
I hope this helps...
Have a nice day...