Bad .exe files

I recently contacted HP to solve a printer problem. The Tech gained access to my computer by remote and went looking into my running and non-running programs. Is first comment was that a lot of the Windows 10 drivers were in a "stopped" environment. I mentioned to him that when I upgraded to Windows 10 from Windows 7 that I was not sent a OS disk and that I was also informed that a lot of the Windows 10 drivers were not available to users. (Why, I don't know). He also pointed out files such as; csrss.exe and told me that this was a dangerous file and should be removed. He told me about every time that I use the internet and download anything that these types of files are generated and actually are viruses. After finding out that his repair of my problems was going to cost me $200, I elected to disconnect and search for solutions here and elsewhere. Is this csrss a virus and if so, just how do I get rid of it and find any other such bad files?

 

Wow! Are you sure this was a real HP tech? I think you were very wise to disconnect that phone call and come here seeking further help!

If you do a simple search of csrss.exe, what's the first thing you see? Click here to find out.

Now for sure, there are cases where malware is disguised as important system files but for him to simply say that file was dangerous and you should remove it without verifying it was malware was just plain careless and frankly, stupid.

Have you scanned for malware? Note unless you installed something different, Windows Defender (which is integrated with Windows 10 and enabled by default) is up and running on your system and that is a very capable antimalware solution. I use it on all my W10 systems. But regardless your antimalware solution of choice, you should always have an alternative on hand just to make sure your primary solution or you, the user and ALWAYS weakest link in security, did not let something slip by. I recommend Malwarebytes's Anti-Malware (MBAM) for that. The free version is just fine for "on-demand" scanning. If your primary scanner and MBAM don't find anything - other than a few "PUPs ", then I would not worry about your computer being infected. Note a PUP is a "potentially unwanted program ". It does NOT imply a bad or malicious program, it just means it is something MBAM has determined does NOT contain malicious code but the program is either unknown to them, or has been reported as something most users don't want - like nuisance toolbars, or some unneeded auto-updater. They are safe to remove however. If one ends up being something you did want, you can always install it again.

Please do a malware scan of your system, then come back and report the scan results and describe your printer problem. Please include your system and printer specs so we know what hardware we are dealing with.

If you have been keeping Windows updated, you did not disable your security programs, and you are not "click happy" on unsolicited downloads, attachments, popups and links, I suspect your system is clean of malware and you just have something wrong with your printer configuration, and this HP tech(?) gets a commission to get people to fall for their scare tactics and sign up for their repairs.

 

Why not head over to the Malware and Virus forum and let broni check out your system. He uses special tools to find bad things and even writes code specific to your machine to fix it.

 

Hey, thanks for the answers. I always thought that I had a pretty good security profile on my computer and really didn't understand some of his comments regarding my problem (off-shore tech).
I have run, I have run Malware Bytes as well as Adware and SpyHunter 4 and never showed any dangerous files other than a few Pup's. The problem I was having with my HP C309g was that after each batch of printing, the screen (on the printer) would show a message "Load paper in tray and press okay" . Then it would go into a printer alignment. Once I let it run its gambit and the screen showed "alignment failed" but the printed sheet was perfect. From then on, I just cancel the procedure. As for your request for my PC specs, I believe you will find all that in my profile.

 

Thanks. Just for future reference, many users have multiple computers, or are seeking help for a friend's or relative's computer. So unless we are told the system in question is the one listed in a profile, we cannot assume it is.

Hopefully Tony's find will resolve this. Keep us posted.

 

Thanks again, I don't know if the HP solution listed is the one that actually applies to my problem. It has some of the characteristics but the specifics are not the same. Example; my printer was loaded ready to go this morning when I turned the computer on. After the printer came up, the screen showed the message to load plain paper into the printer and press okay, although it was already loaded. If I followed the instruction, the alignment procedure would initiate (4 min 30 sec) countdown, print the alignment sheet (everything look correct) but the screen would indicate alignment failed. Also, I did have an additional question in my original post regarding Windows 10 Drivers and why a lot of my Windows Services are "Stopped ".

 

It sure sounds like the printer itself is having problems. You say, "after the printer came up ". What does that mean? Do you turn it off at night, or let it go to sleep? If you turn it off, that might just put it in standby mode. I might suggest unplugging it from the wall for about 1 minute, then plug it in and start it up to see what happens. The paper trail may need to be blasted out with compressed air too.

As for services, it is normal for many to be stopped. Just looking at mine, it looks like I have twice as many stopped as there are running. And that's good. If running, they are consuming resources. If you tell Windows or an installed app to perform some task that needs a stopped service, it will start as needed.

 

Bill,
That is also what I thought but again that was the comment from the HP Tech when he took remote control. He pointed out all the stopped services from Microsoft and indicated these could be my problem. You can't trust anyone nowadays.

 

Well, it is important to note that hardware and services tech support are pretty much 100% profit consuming money pits for these companies - unless, of course, you are willing to shell out big bucks to get to level 3 tech support. But even then, it takes a lot money to properly train and staff those positions, so they probably take a loss on that $200 if it takes longer than a couple minutes to find the problem. Generally, level 1 tech support people are trained only to follow a checklist which only addresses the most common and easy to fix problems.

How could that have anything to do with Windows on your computer? If you disconnect the printer from your computer or network and you still get the same errors, it would be impossible to blame Windows. And how do you connect this device, BTW. I hope through your network via Ethernet or wireless, since the printing device supports network connections.

 

I would like to report a very strange happening that just took place on my computer. I was reading the news reports on MSN.com homepage when an audible alarm started beeping and a bunch of pages came up about a serious infection in my computer and to call Windows Technical Service @ 877-563-5714. The message told me not to shut down my computer or it would result in my boot system being corrupted. I called the number and the Tech (funny thing Tech had same accent as previous encounter) proceeded to run a remote check of my computer showing me all kinds of what he described as errors that were infecting the Windows 10 configuration. He also noted my security applications such as Malwarebytes, AdwareCleaner, CC cleaner, ToolWiz, Bitdefender-AntiWirus, Spybot as being non compatible with Windows 10. He displayed an Administrative Events page that supposedly showed 3,499 errors and told me that for $199.99 and 60-90 minutes later my computer would be cleaned and updated. I must admit, this scared the hell out of me. What are all these errors and what the hell is going on with Windows 10.? What caused the disruption of my computer in the first place?

 

First mistake!

And your second and biggest mistake.

You might have just doomed yourself. Understand socially engineered methods of malware distribution are most effective because they sucker users into clicking on unsolicited links that let the bad guys and/or their malicious code in. I would URGE you to follow LJ's and now Pete's very sound advice and have one the site's malware removal experts check out your computer. I would also urge you to IMMEDIATELY change all your passwords.

And in the future, never - as in NEVER EVER allow anyone remote access to your computer unless you initiate the entire transaction through a site you know for a fact to be legitimate. If you are not sure the site is legitimate, don't click on their links or let them in.

What is Social Engineering?

As I noted above, the user is ALWAYS the weakest link in security and I already warned you about being "click happy" on unsolicited links. Yet it appears you clicked on an unsolicited link anyway to allow this bad guy have remote access. As I also noted, I recommend MBAM and use it on all my W10 systems. I also use CCleaner so obviously, they are compatible. He probably does not want you to use them because they will identify his code as malware or spyware.

 

I would like to add a comment to this. A non-technical friend had the same experience and also allowed the 'tech' remote access. When he wanted money she also ended the session and then brought the computer to me. I was easily able to fix it by just doing a system restore and comprehensive virus scans turned up nothing. A few weeks later I was browsing a site and clicked on a link and all kind of alarms started going off with URGENT! warnings in red not to shut down and a phone number for help. I took a closer look and quickly discovered that it was just another browser hijacker. My browser lets me choose whether to reopen tabs when it encounters a forced shutdown so I went through the history file, found the culprit, and reloaded all the other tabs. No more problem.

Not much later the same thing happened again on a different site. This seems to be a fairly widespread scam at the moment, but in the three encounters I have had, no changes were made to my system and nothing was infected. All that happens is the phony warnings and alarms and blocking your ability to close the browser, but that can easily be got around just by closing the process with Task Manager. After that the browser can be restarted and everything will be back to normal as long as you don't reload the hijack site.

 

Yeah, these big scary urgent warnings are actually very harmless pop-ups - until you click on them. In spite of their dire warnings, the best thing to do is to close them immediately via the X in the window's upper right corner, or via Task Manager if no X. NEVER click on a link inside the pop-up.

Remember, if you have kept Windows and your security apps fully updated and running, it is highly unlikely any malicious code actually reached your computer. It only gets there if you open the door and let it in by clicking on their very enticing and persuasive links.