For the last some days I was unable to connect to the internet, and was unable to find the cause for that, DSL disconnected was shown on the Admin control Panel page. I was cursing the MTNL (my Internet Service Provider), and was thinking to register a complain about this. But I was shock to know, who the culprit was?
My internet security program was showing a warning of 'ICMP Flooded' and just after that my internet connection went off. Since it was mid-night and cold, I've switched off my fan and my Notebook was on just idle mode, and I heard my Laptop's fan was too crying out too loud. I saw the CPU usage meter gadget, it was showing the 100% usage on both the cores.
I opened the Task Manager, I was shock to see that 352 processes were running, among which only 76 processes were running in the processes tab, I clicked on the button, show processes from all users, and there's I found the culprit, it was csrss.exe. I found that there are number of the csrss.exe application running. Now from Microsoft website I found that it was an essential Client Server Runtime Process.
But the reason I was shocked is that there are more than 275 copies of the csrss.exe, so I googled it and found that it is a malware and essential both.. Confused? Let me explain it...
I suspected, there may be duplicate csrss.exe but all were ran by SYSTEM, so to confirm that, I used my old technique of identifying viruses.
Under the memory(Private working set) column the first two csrss.exe were using 1,296 and 1,284 K memory respectively, while rest of them were just using 108,104,112 or 100 K, that's it, these are the culprits.
To ensure that these are the real unwanted processes I right clicked on them and selected 'End process tree' and got usual warning which comes for non essential processes, further by clicking an error was prompted "Unable to terminate process- Access is denied", clearly a virus.
But when I tried to do the same on the Original essential process, I got the message window stating "Ending this Process will immediately shut Down the system and you will loose all data. Are you sure to continue?"
So, now the question arises how it was affecting my internet connection?
The answer is simple, by DOS(Denial-of-Service) Attack. Also termed as Ping of death Attack.
a number of simultaneous connection requests are sent to the target that it cannot handle and fianlly crashes. It was very popular at the time of windows 98. Thus after investigating Event Log of my Internet security software I found ICMP Flooding reports from last three days which comes under DOS attacks.
Any suggestions/improvements/complaints are heartily welcomed...
When I start my computer and I check processes with task manager I see a csrss process running that has no information, it does not allow yoi to see any property or file location. I can remove or stop 0r kill this process.I got help from here you can try it.
ReplyDeleteThanks, for your time and effort to comment on this post.
DeleteAnd heartily thanks for the link you provided.