10 February 2020
When one switches on his PC or notebook (named as PC), he might notice
a) the CPU fan was running very fast. It would make a lot of fan noises after some idling moment. This was despite having no other running programs running; the CPU is 99% idling as indicated by Task Manager.
b ) the CPU’s graphical plot next page showed CPU running at 50% load;
c) the Network Activity showed heavy usage and;
d) the TCP Connection showed a lot unidentifiable connections
What had happened?
Likely the PC has a virus called “CloudNet virus”
What is CloudNet?
CloudNet is an Web consulting firm in Central Minnesota. But this CloudNet virus has nothing to do with it. The CloudNet virus happened to use the same name.
Initially, this virus was an xtension hiding behind the web browser. It would hijack PC user’s Internet home page. It would distribute promotional materials, display banners, coupons, pop-ups and other advertising products. PC users can remove this virus with a few simple steps. May be because of this, the new virus is now hidden and embedded in a System protected program. Ordinary users and novice might not be able to remove it without any effort.
Is the Virus Harmful?
This virus will use one's PC to send signals to various designated Internet addresses. It is not known exactly for what purpose. May be it is sending "clicks" to those addresses to earn some advertising money. Anyway, it will make one's PC running slow and will help to consume lot of CPU power.
How to Remove?
There are plenty of articles written in the Net about how to remove this virus. As CloudNet is embedded and hidden behind a protected System process called "CSRSS", it will need some special steps to remove it.
What is CSRSS?
It stands for client/server run-time subsystem. It is an essential subsystem that must be running in the background. It must also run in the Safe Mode. The process handles the creation and deletion of threads. It also deal with some parts of the 16-bit virtual MS-DOS environment. Hence, there is no way to remove it using Windows Explorer using traditional method.
What are the Methods ?
3 possible methods
Method 1:
It involves restoring the system images. If one has a good copy of system image saved earlier, this is the best and easiest method. However, not many users has the habit of updating and keep a recent copy of the system.
Method 2:
It involves disabling the control of the Windows system that prevents users from deleting CloudNet. This method requires one having to change the security setting of "CloudNet".
To do that one must first change the ownership of the "CloudNet". From the “CloudNet” search directory using Windows Explorer, right click to select Property. In the property of CloudNet, change the ownership from "System" to "Administrator control. After that edit the permission of the system so that the System will be "Deny Full Control" of CloudNet. Once the System lost the control, Windows Explorer can delete the "CloudNet".
But there is still one more step i.e. to disable the Startup Autorun of CloudNet. This is because Windows operating system will always protect any running program.
To disable Autorun, one can use "CCleaner" or "Hijackthis" or Microsoft's Autorun program. Make sure CloudNet will not run in the next start up before deleting it.
Method 3
This method involves the repair and replacement of CSRSS. This CSRSS is located in System32 in the Windows directory. One can download a fresh copy from either a trusted website or extracted it from another PC or installation disk.
One would not be able to replace the existing copy of CSRSS because it is protected bythe Operating System. To replace CSRSS, one could use another operating system like the Unix Operating System used in either Knoppix CD or Hiren's boot CD. However, can it allow CloudNet to be deleted when starting up Windows has yet to be tested.
The 3 methods are shown in this video presentation
Will these Methods work for Windows 10?
The same 3 methods should also work for Windows 7 as well as windows 10
No comments:
Post a Comment