Virus Hell from upperhost and CsdDriver

Category »  Windows Tips
Posted By Guido on 24 September 2006
Comments   |   Print   |   Mail it
Finding you have a virus is bad enough but when you hava a variant is even worse! On friday evening I found that my virus software AVG Free detected a trojan horse PSW.Generic 2.IGX in c\windows\system32\CsdDriver.sys OK I could ignor, heal or move to the vault since I had no idea as to what this system file did I decided to heal the file AVG said it had done this then moments latter the same warning! :-((

The warning was from AVG resident shield it had not found a virus during the regular scan.
Where had this come from I had not installed anything new for a while this must have arrived through some web site I had visited I do a bit of auto surfing so I would think one of these sites had infected me! Which one who knows.

Trying to find csdDriver.sys with search in a folder was a hard job each time you tried to do a search it closed down the folder.
I did a search on web for csdDriver.sys but found very little information except people who had a similar problem with csdDriver.sys but no real answers as to how to get rid of this pesk!!!
I had used a ll the regular software to try to eliminate csdDriver.sys using such as Anti-Spyware Software as Hijackthis, CWShredder, Lavasoft's Ad-Aware, Spybot S&D, and a trial version of Ewido Antimalware I won't give you here the url's but a quick click here

http://www.searchhuts.co.uk/forum/topic.asp?TOPIC_ID=154

will give the URL's.
Ewido Antimalware found some java applets which would seem as though they could cause a problem. I also found a tool bar had been installed!
I followed the instauctions with each thinking I was getting somewhere but after a reboot the problem still persisted.
I then in a last bid approach found that a dll upperhost.dll was calling csdDriver.sys again searching google for upperhost.dll not many sites with any infomation so taking the bull by the horns I decided to use Killbox to try to kill these two pesks.
I restarted my computer in safe mode F8 as the machine is booting up at the early stages will get you safe mode.
I ran Killbox which I saw as my last ray of hope that the file upperhost.dll seemed involved it's a hidden system file which can be found at c:\windows\system32\upperhost.dll enter this into or search for the file in killbox.exe since it's a dll and you search feature in windows folders did not work I wanted to delete it I also thought about it for a while and decided to unregister the dll with killbox so that it could not be called from an application it also backs the file up in case your wrong!

KillBox is a tool to delete files that are in use. If the file is running, KillBox will try to end what the file is doing and delete it.

Quick reboot AVG seemed it had found a virus infected file CsdDriver.sys it had deleted it with some system restore points. So at this stage I would have deleted all restore points by clicking on Start ->Control Panel -> System. There should be some tabs at the top of this window called System Properties click the tab named System Restore, click Turn off system restore then apply this deletes old restore points. This step I should have done before re booting into safe mode. But hey I'm not a geek!

Since these two files upperhost.dll and CsdDriver.sys were deleted I can report that I have not had any problems with AVG resident shield telling me of a trojan horse PSW.Generic 2.IGX in c\windows\system32\CsdDriver.sys

Please note that I take no responsibility as to what you do or what effects it might have on your computer. The above worked for me it may not be suitable for anyone else but I hope it will give you some information for you to make your own judgement.

Base url for this article is
http://www.searchhuts.co.uk/portal/articles/activenews_view.asp?articleID=57


Powered by Active News