csrss.exe & smss.exe ?'s

Discussion in 'other security issues & news' started by Rilla927, May 14, 2006.

Thread Status:
Not open for further replies.
  1. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    I done a file search for the heck of it on these files. I know there supposed to be in C:\Windows\System32 folder. Can anyone verify the other locations if they are okay or not? Here are two screen shots.

    Thanks in advance.
     

    Attached Files:

  2. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    For some reason it didn't take the second screen shot. Here it is.

    For some reason it won't do the csrss.exe screen shot. It shows it completed, but when I check the post it's not there. Any suggestions?
     
    Last edited: May 14, 2006
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    for ur image, u can try using imageshack to host it, then place the image in ur post.

    as for smss.exe, i can only verify C:\Windows\System32. i dont have the other folders.

    my guess is that the first is a backup (from before sp2) and the third is a backup (after sp2). im not certain after teh second entry.
     
  4. tlu

    tlu Guest

    I have it also in system32\dllcache

    That one might be a trojan - see http://www.file.net/process/smss.exe.html
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    It would be funny blind guessing, but:
    I would say the capital lettered one is not ok plus the size, but it sits in an ok folder. And it's date stamp seems rather old, so if you suddenly discovered some anomaly then it has been there for a long time. Furthermore, I have the same one in the same location, so it looks dandy.
    Now seriously, why do you suspect anything? What brings you to a dark conclusion that any of these might be something bad?
    Mrk
     
  6. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    I don't think the location for the second one is OK.

    All of the other paths can be found on google but I can't get any hits for c:\windows\i386\system32
     
  7. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    the i386 directory *could* be a copy of winxp's installation files but like previous posters said, the size seems way off and the capital spelling of teh file seems suspicious.
     
  8. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    Hi WSFuser, tlu, Mrkvonic, SpikeyB

    I happen to check them and was concerned about the second entry as well, but Mrkvonic says he has it also so maybe it's okay.

    WSFuser thanks, I forgot about Image Shack.

    I ran all my scanners and nothing came up and then I went to Kav online scan and it came up clean, then I went to Panda Active Pro online scan and it found cws.olehelp and cleaned and removed it.
     
  9. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    I'm gonna try the csrss.exe screen shot again.
     

    Attached Files:

  10. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    its similar to the results of smss.exe but without the odd entry. seems ok.
     
Loading...
Thread Status:
Not open for further replies.