Work and Earn at Home

My windows account suddenly changed it’s password!
I can’t login to my computer, I don’t know the password!
Can’t remember my password, can’t remember if I changed it! I remember trying to open Mr. bean AVI but nothing happened..
There’s a funny mr. bean AVI in my flash drive, I don’t remember putting it there??
Mr. bean AVI in my Program menu in windows….

Sounds familiar? You may have been infected with the Mr. bean trojan/malware or commonly called the csrss.exe / command.exe malware.

If you don’t remember putting a password or changing your windows password but you suddenly can’t login, try space ” ” (without the quotes.

Once you have been able to login, try going to your START menu and check for a Mr. Bean AVI in your Programs or Recently opened items. If you don’t find any, it’s still hiding somewhere else. Here are some things you can do to try and remove this pesky malware.
1. DONT try to open the Mr. Bean AVI file since this is a .exe file posing as an innocent video file.
2. While you still can, download or get a copy of the HijackThis program from Trendmicro.com or download it from download.cnet.com.
3. Follow the instructions on how to install the program, or if you can’t read, just run it..
4. Once you have installed HijackThis, open it from your Desktop or START menu.
5. Click on Open the Misc Tools Section and under “System Tools”, click on the “Open Process Manager” button.
6. Look for Command.exe from the list and if you find it, select it and click on the “Kill Process” button.
7. Also look for CSRSS.exe. This is a normal Windows system file however it should only be located under WINDOWS\SYSTEM32. Other than this location, it should be killed and deleted. Leave the one in WINDOWS\SYSTEM32
8. Once you are sure you have killed both processes, click on the “Main Menu” button to go back to the main menu (of course).
9. On the Main Menu, click on any of the “Do a system scan..” buttons to run a check on the Start up programs of your Windows.
10. Look for an entry of CSRSS.exe usually alongside the UserInit entry: UserInit=C:windowssystem32userinit.exe c:windowscsrss.exe
11. Select this line and click on the Fix Checked button.
12. Now it’s time to search your entire drive/s for any remnants of the command.exe, csrss.exe and mr. bean AVI. You can do this from the command prompt however you will need some knowledge on ATTRIB and basic DOS commands such as DEL and DIR.
13. Let’s start with your Drive C:
Click on START, RUN then type CMD
-to go to the root of Drive C, type cd
C:\>documents and settingsmy foldermy documents>cd
c:\>dir /ah —–this searches for hidden files
-if you find command.exe and mr. bean AVI
c:\>attrib -s -h -r command.exe —this will unhide and unprotect the hidden malware
c:del command.exe —-guess what.. it deletes the file..
-do the same for mr.bean AVI
-tip, if you find it hard to type in the very long file name, try pressing the TAB button after typing in the first few characters of the filename, you’ll be surprised how easy it is to type long filenames..
- if you have a flash drive, do the same procedure of finding and deleting the same files above.

That’s all for now folks!! Hope this helps