Hacktool virus removal

Question

Hi My Norton's has detected the 'Hacktool' virus on my system but can delete it, whats the best way to remove it? Thanks John name: Hacktool virus in: C:\WINDOWS\SYSTEM\DRIVER\csrss.exe http://www.sarc.com/avcenter/cgi-bi...o.cgi?vid=20685

dxernnj · Answer

John,

See if this info from SEMANTEC helps.

http://securityresponse.symantec.com/avcenter/venc/data/hacktool.jpegdownload.html

Other frequent posters on this site may have some additional information for you. ky331 often provides excellent help.

ky331 · Answer

thanks for the 'plug', but i'm not familiar with everything :smileywink:   if you can't remove it on your own (via Symantec instructions),   Download the latest version of HJT(hijackthis) (version 1.99.1) from http://majorgeeks.com/download3155.html you must create a separate folder and place it there.... people commonly use C:\HJT.   Note:  Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP. The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer.   If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe ) After Unzipping, double click on HiJackThis.EXE Click on  Do a System Scan and Save a LogFile This will automatically open NotePad Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there: http://forums.us.dell.com/supportforums/board?board.id=si_hijack Be sure to include a detailed description of any problems/errors/warnings you are encountering. Hopefully, one of the HJT experts will get to it as quickly as possible.   WARNING:  HiJack This is a VERY POWERFUL tool.  Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!!   Improper use of this tool can severely damage your system.     Supplemental note:  The procedure as worded above has been carefully edited over time, so as to expedite the process of helping people.   Nevertheless, it seems that many individuals try to be 'creative', and make some variations.  It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process.  Specifically, the following are 3 very common BAD deviations which will cause delays: a)  BAD:  using an older/outdated version of HiJackThis... The experts only work with the current version.   So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log. b) BAD:  using a TEMP directory or your DESKTOP for HJT.... Some experts may insist you move HJT before they'll begin working with you.   Others will start the repair process, advising you to move HJT as one of the very first steps.   Failure to do so can result in losing potentially critical information.   So please,  just use the suggested  C:\HJT  directory, rather than try to be creative. c) BAD:  posting your log in the wrong forum... if you post your log back here, in the Virus/SpyWare forum, it will 'sit idly', either until the forum moderator gets around to move it for you... or until you decide to repost your log...  in the HiJackThis forum.   POST SCRIPT:   It has come to my attention that many people are unfamiliar with how to create the recommended sub-directory/folder   C:\HJT   ;  while others are able to create this directory, but are unsure how to move HJT into it (from wherever it happened to get downloaded into, 'by default')...   If you have either of these 'problems', then you should d ownload a self-extracting copy of HijackThis from http://downloads.malwareremoval.com/hijackthis_sfx.exe      Save it to your Desktop. Double-click on the file    hijackthis_sfx.exe    file, and it will self-extract into its own folder, C:\Program Files\HijackThis

8300-john · Answer

thanks guys

I booted up in save mode, turned off system restore, and manually deleted it, now Norton's is not picking up any virus on my system and ad-aware is clean too

I'm still unsure about my system though, so I'm going to run hijackthis and post up the log to see if you guys could be so kind to check it for me.

john

Virus & Spyware

Hacktool virus removal

Was this post helpful?