Getting multiple suspicious files: Csrss, Dwm and Conhost.exe files

[Iksha]

I am using Windows XP in my installed in my computer along with the Bit defender total security running. Last night Active Virus control prompted me to either block or allow the csrss.exe file when I was browsing on MySpace page of someone. Immediately I was prompted to allow/block the dwm.exe file. By unaware of it I just clicked on allow. The problem is whenever I am browsing on the google search, it displays the advertising pages instead of the search page. After sometime I was prompted to block or allow conhost.exe file. I found that task manager lists these files (csrss.exe, dwm.exe and conhost.exe) as running in my back ground. With other csrss.exe task. I scanned the system and found that the Csrss.exe file is found on the user/Local Settings/Temp/ map. I also tried to map the dwm.exe and conhost.exe, I got the notification that the, dwm.exe virus name Gen:Variant.Kazy.22500 "BD can't disinfect, delete or quarantine this file. Access to this file has been denied." Ans conhost.exe virus name Gen:Variant.Kazy.22500 "BD can't disinfect, delete or quarantine this file. Access to this file has been denied." Today I found that both the browsers I am using Opera 11.10 and Firefox 4.0.1 not allowing me to browse for anything saying that “can’t connect to proxy server” how can I get rid of these files for sure?

[teenQ]

I think there might be a Trojan that is interfering in between and making you to redirect through the proxy server, this is not the way we use it. Before making a system scan, first try to turn off all your firewalls and then unplug your internet connection to avoid it sending any information through the net. I went through a deep scan last night and I was able to solve the redirecting issue. If you want I can send you a log file of the deep system scan.

[Visala28]

I was able to delete all the files that you have mentioned. But I did this by manually removing it, I removed it by removing the registry values using HijackThis or some other registry tool. After I reboot my system every time when I started using these tools I get this file occurring again, it pop ups with error message pointing out that file cannot be found. It was referring to the entry HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load. I am sure that on every reboot I find F3 - REG:win.ini: load=c:/documents and settings/user/ on using the HijackThis is not a major issue.

[Sabastiaan]

Always keep note that Microsoft has created a windows files named Csrss.exe, the graphical instructions of the Operating System of Microsoft Is managed using this. And if you find any of these files other than %system%\csrss.exe file folder then it could be a virus. Make sure that you make our system scan with an updated Anti-virus. See to it that you have only one antivirus installed in your system. If you have any other Anti-virus installed make them disable, and then scan it.

[Candace]

The file names that you have mentioned conhost.exe and dwm.exe are identified as a Trojan backdoor cycbot in the virus analysis programs report. On a host machine it opens a backdoor which is done by a cycbot which is a Trojan horse. Try removing the file from the registry and also from start up of windows. Some of the programs running on your system may have the same name as the virus name, so first differentiate it using Windows Defender and then delete those files, as some files may be important for your system.