I believe that I've recently recieved a vuris (worm or trojan), but have had no luck identifying it or removing it. The symptoms are as follows: IE6 homepage defaults to: http://www.alfa-search.com/home.html, upon startup. The following programs are running in task manager, which I know are commonly associated with viruses: lsass.exe csrss.exe smss.exe My 2nd monitor is receiving a signal error and no longer displays (this could possibly be a coincidence, but worth mentioning) "Runtime Error 5 0040437F" appears in a window immediately after startup, but then never again. MSupdate.exe and MSupdater.exe were both added to the startup program list (not previously there). I disabled them but nothing seemed to change, and then they even appeared again. I've run two recent versions of virus check software; Sophos Sweep and BullGuard, but neither found a thing. I also ran AdAware 6 and SpyBot S&D. Both turned up nothing unusual. I also ran a google search for the error and the task manager files, and those associated with viruses (listed above). The runtime error search didn't return examples that seemed to describe what was happening in my situation, and the task manager program file search (coupled with the word 'virus' and the name of the web address corrupting my hompage) didn't return any results. When I ran the searchs for the task manager programs listed above, I found a lot of viruses associated with them, and making copies in the registry and whatnot, but none of the smyptoms matched mine other than having those files. And I don't have Lady.exe anywhwere on my system, which seems to be the most common culprit for those files. Any help would be appreciated. I'm willing to try anything at this point. Hopefully it's an easy answer and I've just overlooked something. Thanks.

To tell u the truth i dont know where to begin. if it was me i would format but since its not, what u can do is get norton or another anti virus and also go too http://housecall.trendmicro.com/ and do a scan there also

Andrew Try following the instructions on This post. Particularly CWShredder, and if that fails post your Hijack This log on the security forum, lots of help there. hth shep

None those 3 executables that you suspect to be associated with viruses aren't what you thought to be. Those are system processes. Following is the explanation for each of the processes. --------------------- Process File: lsass or lsass.exe Process Name: Local Security Authority Service Description: The Windows Local Security Authority Server Process Handles Windows Security Mechanisms. --------------------- Process File: csrss or csrss.exe Process Name: Client/Server Runtime Server Subsystem Description: The Windows Client Server Runtime Subsystem handles Windows and Graphics Functions for all Subsystems --------------------- Process File: smss or smss.exe Process Name: Session Manager Subsystem Description: The Session Manager Subsystem initializes system environment variables, MS-DOS devices names such as LPT1 and COM1, loads the kernel for the Win32 subsystem, and starts the Windows Logon Process ---------------------

Andrew... If it makes you feel any better, you're not alone! You've described my situation exactly. You can rule Norton Anti-virus and Win doctor as well, both have found/fixed nothing. I too used Spybot and ad-adware with no results. I'll keep checking back and will post any progress. Looks like we're the unlucky victims of something new. P.S. You can get rid of the anoying Alfa-search problem by changing it in Internet Options, then locking the home page using tweak UI (XP Professional)

Hey Andrew. If you haven't tracked it down already Coolwebshredder is the fix for this problem. The url is: http://www.spychecker.com/program/cwshredder.html You can read all about it at the following url: http://www.computercops.us/postt7405.html

You are knackered mate. This is a Trojan that enables the downloading of other Trojans. Therefore, although it will not harm your machine itself, any other Trojan that is downloaded may well be malicious. I only say this because it appears that you neither update your virus definitions for whatever AV software you use nor do you run a firewall. If you use AV software - I use Norton (with up-to-date virus definitions it detects and quarantines this virus) - you should boot into 'safe mode' and run the virus checker. My guess is it will identify 5 files that are affected. Quarantine them, and then go into the quarantine area and delete them. As it appears to simply enable the downloading of other Trojans it does not affect any other file so deleteing is np. Next step is to install a firewall. I use Zonealarm as it is free, yet very good. This will allow you to block any malicious program trying to access the net, therefore saving you from any further problems - in this case msupdate.exe attempting to download other programs. Finally, delete you IE cache, history and cookies. Reset your homepage to blank and restart your machine. This should remove the reassigned homepage problem. The other issues you mention do not appear to be virus related. Making the above fixes may or may not solve these. If you use AV software make sure it runs constantly in the background, enable the auto definition updater as well. With both this and Zonealarm you will immediately identify the majority of these viruses quickly enough to deal with them before any damage may occur. (Usually 80)