csisf.exe/autorun.exe [Worm/Trojan/Virus]

• Kaspersky: Backdoor.Win32.IRCBot.rsh
• Sophos: Mal/Palevo-A
• Bitdefender: Trojan.Generic.KD.105432
• Panda: Bck/IRCBot.CXY
• GData: Trojan.Generic.KD.105432

What is Csisf.exe?

Csisf.exe is a worm cum Trojan program that was first seen a couple of months back. It may also enter the system with the name autorun.exe. If you notice a process running with any of the names Csisf.exe or autorun.exe, you'd be helping your computer by ending them immediately. Csisf.exe is a Trojan program that can execute itself in most of the Windows operating systems such as Windows XP or Windows 7.

How did Csisf.exe virus enter my system?

Csisf.exe may enter one's computer either through the Windows messenger or from another computer connected in the network. Due to the security features disabled in a few shared systems, it becomes easy for viruses like Csisf.exe to propagate from one computer to the other. Another possibility of Csisf.exe virus entering a system is through other malicious programs. Programs called backdoors connect to a few particular servers from which such files are downloaded. The location of these files is mostly the temporary folder.

What does Csisf.exe do to my system?

As mentioned earlier, Csisf.exe is a Trojan also exhibiting the characteristics of a Worm. It creates several copies of itself making the deletion process difficult. Moreover, the Csisf virus saves itself in all the drives of the computer along with an autorun.inf file such that it gets a chance to execute itself every time the user opens that particular drive. Not just that, the Csisf.exe Trojan mainly uses the Windows Messenger to spread itself to your chat friends. While this Csisf.exe process is under execution, it gathers the user information and mails its creator regularly. If updated, the virus can cause serious damage to your computer.

Are you getting a Csisf.exe/autorun.exe error?

Csisf.exe error might popup if you had tried to remove the virus earlier. The main key to removing this Csisf.exe virus is in the registry. Even if you had deleted the actual file, autorun errors might crop up saying that one of the files are missing. So please go through the instructions properly to avoid such errors. Follow the instructions given below for csisf.exe removal.

What does csisf.exe do to my system?

Once the Csisf.exe virus enters your computer, it creates several copies of itself in every drive of your computer connected to an autorun file. This way, it gets itself executed everytime the user double-clicks a drive. A Desktop.ini is also created by the csisf.exe trojan just like the others of its kind. Registry is accessed during the execution of the csisf.exe process and thus several changes are made to it such that it is executed at every system startup. If you take too long to look for the csisf.exe process and kill it, that might not just help. 'Cuz csisf.exe virus also injects its malicious code into crucial processes like explorer.exe. Not only that, it is also very good at stealing information from your computer. Information here refers to your passwords using which you login to your personal accounts. Browsers like the Internet Explorer and Mozilla Firefox are usually targeted by such viruses for this job. It also pings to a server to which these passwords are sent and more malicious files are downloaded in exchange. Apart from all these, the csisf.exe virus also tries to spread itself on the peer to peer networks, sends its code to your friends list on your messenger and also opens up a port on your computer through which your computer can be easily controlled. Csisf.exe trojan is extremely dangerous and must be removed as early as possible. Follow the instructions given to delete csisf.exe completely from your system.

How to remove Csisf.exe?

Always reboot your computer in the Safe Mode before you try deleting a virus. Trouble booting? Click here.
Go to Start --> Run and type regedit to open the Registry Editor. Here, you'll have to delete or modify a few entries to get your system back to its original form.

Go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete the following registry key on your right side
• "Taskman"="%recycle bin%\%CLSID%\csisf.exe"
Most of the work is done already. You just have to search for the string named Conhost using Ctrl+F in the registry and removing only the name or path of the virus and leaving the rest as it is.

Suppose that you find a key where you see two paths or files.Just like this

"Explorer.exe"|"%recycle bin%\%CLSID%\csisf.exe"

Just delete the path "%recycle bin%\%CLSID%\csisf.exe" from it so that the rest of it remains like that.
Now you just have to restart the system again in Safe Mode to perform a few actions. Once booted, DO NOT OPEN ANY DRIVES. Go to Start --> Run and type cmd to open the Command Prompt.
The Command Prompt opens in the default path i.e C:\Documents and Settings\Administrator> in Windows XP or %Home drive%\%Home path% in Windows 7. Type C: followed by the Enter key to come to the drive. Here you'll have to type a couple of commands to remove the virus. Follow the instructions below:
- attrib -r -a -s -h csisf.exe
- del csisf.exe
- attrib -r -a -s -h autorun.inf
- del autorun.inf
Once you're done, you may go to the next drive by typing the drive letter followed by the colon. So the next command would be D: and the same commands are to be issued. You'll have to perform this action to all the drives.
Reboot your computer once you're done. Your system should be Csisf free now!