A new strain of infection has sprung up that imitates the real windows process Microsoft Client Server Runtime, but modifies itself to allow for a hacker to have a free backdoor into your system. The virus runs silently in the background and collects information like your network configuration, IP address, and system passwords and stores them. When the hacker wishes to intrude on your system through this virus he has all this information readily available to make the process of hijacking your computer easier.

There is a very simple and easy way to tell if this virus is on your system. The newest versions copy themselves to thumbdrives in the form of two hidden files: autorun.inf & csrss.exe which you will find on the root of any attached device including iPods. The other place the virus will hide is in %systemroot%\Users\%username%\Application Data\Temp\

As far as we can etll so far it only installs a single fraudulent csrss.exe file to that one location and to any attached removable media. Its very hard to tell if it is active on your system without looking for those files specifically as t does not directly attack the computer.

***Also note that to find these files you will need to have “hide hidden files” in your folder options turned off.

A round of Combofix and cleaning off the files from your USB drives will fix the issue in most cases.