Re: Help with csrss.exe large data send problem - Turning to the SBS pros

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Henry Craven (IUnknown_at_Dot.Nyet)
Date: 09/18/04 

Date: Sat, 18 Sep 2004 12:27:02 +1000

Sounds like a Nimda variant:
http://www.f-secure.com/v-descs/nimda_e.shtml 

-- 
Henry Craven {SBS-MVP}
CI Information Technology
    Melbourne Australia
"Steve Rosenfelt" <steve@nospam.com> wrote in message
news:kinmk0dq5v3klv5gvi82h5ackrsuh80pv3@4ax.com...
>
> Ok, I'm turning to the SBS pros for advice on a problem I'm having at
> a client's office. Everyone knows that collectively we are the best in
> the business. Well, not everyone knows. I just inerited this client
> and was suprised to find a computer on the internet with no firewall
> or AV. The computer's IP was in the router's DMZ list. Anyway, the
> network shortcomings have been resolved. There are 4 computers, and
> all have been scanned and cleaned with Mcafee Stinger, Mcafee
> VirusScan Enterprise 8.i, and Norton Antivirus 2003.I have also run
> AdAware and Search and Destroy on all computers and cleaned spyware.
> However, this one computer persists in sending huge amounts of data
> out randomly throughout the day. It is enough to make their VPN
> applications fail because of bandwidth issues. I installed Zone Alarm
> on the trouble PC and after searching through the logs, I noticed that
> csrss.exe wants outbound access persistantly. With Zone Alarm
> installed, the problem seems to go away and yesterday they ran fine.
> Today, I disabled Zone Alarm and the problem popped up in the
> afternoon. I've researched csrss.exe virus traits but my scanners
> should pick up any of these known problems. Any advice on how to
> proceed? Zone Alarm provides the temporary fix, but don't SBSers want
> to get to the root of the problem?
>
> Thanks,
>
> Steve

Relevant Pages