We’ve now developed a reliable method for removing the USB csrss.exe virus that cropped up recently. While this virus proliferates very quickly and is annoying to deal with, the fix for it is quite simple.
- Attach any USB drives you know to be infected to the system you plan to disinfect.
- Enable viewing of hidden files and folders
- Delete ONLY the autorun.inf from each infected drive
- If running WindowsXP or a 32bit version of Vista or Win7, run Combofix
- If running a 64bit operating system, navigate to C:\Users\%username%\AppData\Roaming\Microsoft\
- Under this directory you will find a copy of csrss.exe. You will need to use ProcXP64 to kill the process before deleting the file.
- After the csrss.exe has been cleaned from the computer, you can now safely delete the copies on the USB drives without them returning