(adsbygoogle = window.adsbygoogle || []).push({});

If you just got a virus or you wanna check do you have... then read this! :yuno:

So there are much of ways to check it.. Im going from the easiest till the hardest.

Content

• Scan your computer
  
• Looking for processes
  
• Looking for active connections
  
• Disabling the startup of a virus
  
• If you succesfully removed a virus...
  
• If you still have the virus
  
• How to prevent getting a virus
  
• Credits <3
  

Scan your computer

I recommend you to download one or more of these tools.

• Malwarebytes - You must login or register to view this content.
  
• Spybot: Search & Destroy - You must login or register to view this content.
  
• SuperAntiSpyware - You must login or register to view this content.
  

Do a full scan with it / them. If it found anything delete them and restart your computer immediatly.
If you think you didnt get rid of it continue reading...

Looking for processes

This basicully tells if you got a active virus (rat / keylogger) on your computer.

If you see any suspicious processes, tell to me.

Non suspicious processes

• taskhost.exe
  
• csrss.exe
  
• nvvsvc.exe
  
• winlogon.exe
  
• svchost.exe
  
• explorer.exe
  

If you see same process more than once, its a bad thing (but you can have many svchosts)

If you think you found a suspicious process, end it.

And with this method (thanks to Curt), you can check if your csrss.exe is infected
You can tell if your csrss.exe is infected by this.

1) go to task manager and locate the .exe itself as shown here -
You must login or register to view this content.

2) now you gotta right click and go down to properties You must login or register to view this content.

3) if your csrss.exe has the same ticks as mine then you are not infectedYou must login or register to view this content.

Looking for active connections

So, this will tell active connections to you.

Go Start>Run>cmd>type netstat - and wait till it lists all connections.
You should see many 127.0.0 connections aswell your ip connections on the Local Addres tab. They are fine.

If you look under Foreign Address and find your ip, there should be "xxx.xxx.xxx.xx:80" They are fine too. That 80 is a port number, and it shows up when your internet is on.
If there is many non-80 or 25 ports, close ALL programs FULLY and do this scan again.
If there still is "xxx.xxx.xxx.xx:1524" or a number between 1-9999 it MAY be a rat or keylogger. Don't worry we will fix it

Disabling the startup of a virus

Go Start>run>msconfig.
Then go to "startup" tab and try to find a suspicious application there.
If you see something like "server.exe" uncheck it!
Now the rat / keylogger wont start when the computer boots up next time We basicully killed the virus.

If you succesfully removed a virus...

Alright, so congrantulations if you got rid of a virus!
Now download a program called You must login or register to view this content..
We will fix the registry with it, becouse rats and keyloggers may **** it up.
I think you find a way how to do it with CCleaner :yuno:

...I had over 300 errors in Registry week ago, lol

If you still have the virus

So, if you still have the virus I would recommend to format your PC.
First, take your external harddrive and put all important things to it (pics, porn, small games, DON't put any keygens or hacking tools)
You can google a way how to Format your computer... Good luck!

How to prevent getting a virus

Now, you don't want any viruses don't you?
DownloadYou must login or register to view this content.
Now run all malicious files in it, and check how many processes pops up (Sandboxie Control)

Scan your computer every week with your Anti-Malware tool.

And... dont download everything!

Good luck

// There are much of more advanced ways to check if you are infected, but these are the basic ones.

Credits
Tuhoaja, me for writing this thingy
Coders that made those great programs!

PS. Ignore my english

Erm, Theres a button when your in editing mode just insert the BB code where you want a page to start

Keep in mind, "Non suspicious processes" can become infected. So treat every file with uncertainty.

---------- Post added at 07:03 PM ---------- Previous post was at 07:00 PM ----------

Some of you guys are complete idiots. Server IS A VIRUS?!?! It's a ****ING MICROSOFT SERVICE!!!!!!! JESUS. ****ING. CHRIST.

---------- Post added at 07:07 PM ---------- Previous post was at 07:03 PM ----------

You must login or register to view this content.

Rage much?
Yeh, server.exe can be Microsoft Printing Service...

You must login or register to view this content.

But 70% of the time its not.

Maybe add this?
You can tell if your csrss.exe is infected by this.

1) go to task manager and locate the .exe itself as shown here -
You must login or register to view this content.

2) now you gotta right click and go down to properties You must login or register to view this content.

3) if your csrss.exe has the same ticks as mine then you are not infectedYou must login or register to view this content.

hope this helped you.

Oh yeah, I knew that but I forgot where I saw it...
Thanks, I'll throw it to the thread :love:
But can you check if any process is infected with that method?

Yeah, this helped me remove mine :fyea:

Lol, I rage when people pretend to know what they're talking about (not you, the other people) and are completely wrong. Leave it to the professionals, eh? xD

lol, no problem.
In fact i didnt know that Microsoft Service thingy... but thanks for telling

No problemo!

By professional, I don't mean to be cocky but I'm doing A+ and CCENT certification. (So, I tend to know a lot about this stuff)