Hope this helps!
Sent from my iPhone
On 17 Mar 2011, at 05:34 PM, Riky <ratis...@gmail.com> wrote:
> i am getting these 2 worms every tym eventhough after formating, any1
> knows how to kill them???
>
> --
> null - Spreading the right Information
> null Mailing list charter: http://null.co.in/section/about/null_list_charter/
>
> This list is supported by Institute of Information Security http://iisecurity.in
> Real-world hackers, real-world training – Certified Professional Hacker at IIS
The process winlogon.exe runs in the background. Winlogon is a part of the Windows Login subsystem, and is necessary for user authorization and Windows activation checks.
This is the user-mode portion of the Win32 subsystem; Win32.sys is the kernel-mode portion. Csrss stands for Client/Server Run-Time Subsystem, and is an essential subsystem that must be running at all times. Csrss is responsible for console windows, creating and/or deleting threads, and implementing some portions of the 16-bit virtual MS-DOS environment.
So basically they are not worms but essential files required for system to perform well.
Also, there are chances that they may forged and can act as virus or worm. They usually come as auto-run Worms
i am getting these 2 worms every tym eventhough after formating, any1
knows how to kill them???
--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
This list is supported by Institute of Information Security http://iisecurity.in
Real-world hackers, real-world training – Certified Professional Hacker at IIS
Thanks & Regards
mhshah
+91-9967771131/ +91-9029092684
i am getting these 2 worms every tym eventhough after formating, any1
knows how to kill them???
-
TAS
http://twitter.com/p0wnsauc3
Do you what UTM stands for? A: I dunno, U Tell Me?
thnx n bdy i m getting 2 folders named $Recycle.bin n
$system.volume.information thought they r from these 2
--
The folders you are getting are too genuine folders of Windows.
As mentioned earlier in this conv, winlogon and csrss are also genuine
executables of windows so I guess you need not worry about any
infection.
But still winlogon and csrss can be a infection only if these
executables are located in other than their standard location i.e
Windows system folders.
Worms do not reside into the system if it is formatted. It has to be a
MBR rootkit or any similar infection.
--
Thanking You.
Warm Regards.
Pushkar
If it is really necessary, you may further think of running Windoze in VM.
-Sudhanwa
On Thu, Mar 17, 2011 at 5:34 PM, Riky <ratis...@gmail.com> wrote:
> i am getting these 2 worms every tym eventhough after formating, any1
> knows how to kill them???
>
> --
> null - Spreading the right Information
> null Mailing list charter: http://null.co.in/section/about/null_list_charter/
>
> This list is supported by Institute of Information Security http://iisecurity.in
> Real-world hackers, real-world training – Certified Professional Hacker at IIS
>
--
~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!~!
www.projects4students.com
--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
This list is supported by Institute of Information Security http://iisecurity.in
Real-world hackers, real-world training – Certified Professional Hacker at IIS
Sent from BlackBerry® - Vodafone