is CSRSS.EXE a virus?

Discussion in 'malware problems & news' started by xTiNcTion, Apr 26, 2004.

Thread Status:
Not open for further replies.
  1. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
    Hello,
    iam confused. After install Process Guard free version i saw that csrss.exe was trying to gain "write" access on NOD32.

    Some website said csrss.exe is a windows process but other said is a trojan called Ciador and copy itself to %windows%csrss.exe o_O

    according to McAfee : Backdoor-ATM.gen alias Backdoor.Padmin

    this site said is a trojan>
    http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3271

    I didn't find any keys related to this "trojan" on my box but i want to be sure...

    Thx in advance
     
  2. dog

    dog Guest

    Hi xTiNcTion, :)

    WinTasks Process Library

    csrss - csrss.exe - Process Information
    Process File: csrss or csrss.exe
    Process Name: Client/Server Runtime Server Subsystem
    Description: Windows client server run-time subsystem handles Windows and graphics functions for all subsystems.
    Company: Microsoft Corp
    System Process: Yes
    Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
    Common Errors: N/A


    Here's the link - http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

    Hope that helps. :)

    Steve - *puppy*
     
  3. dog

    dog Guest

    Also ...

    Following is a list of the processes that must be up in order for Windows XP to run:

    - System Idle Process
    - System
    - CSRSS.EXE
    - EXPLORER.EXE
    - LSASS.EXE
    - SERVICES.EXE
    - SMSS.EXE
    - SVCHOST.EXE (shows up twice)
    - WINLOGON.EXE


    Problem Description
    Minimum Processes Required for Windows XP to Run


    Problem Environment
    Microsoft Windows XP

    http://www.symantec.com/techsupp/primus/id4975.html

    Following is a list of the processes that must be up in order for Windows 2000 to run:

    - System Idle Process
    - System
    - SMSS.EXE
    - CSRSS.EXE
    - WINLOGON.EXE
    - SERVICES.EXE
    - LSASS.EXE
    - EXPLORER.EXE
    - SVCHOST.EXE
    - SPOOLSV.EXE
    - SVCHOST.EXE
    - REGSVC.EXE
    - MSTASK.EXE
    - WINMGMT.EXE
    - NWTRAY.EXE
    - IEXPLORER.EXE


    Problem Description:
    Minimum Processes Required for Windows 2000 to Run


    http://www.symantec.com/techsupp/primus/id4338.html
     
  4. gpaciga

    gpaciga Guest

    Right now the csrss.exe process on my computer is hogging all of my system resources. When I try to end the process, I get a message telling me that it's a critical system process and it can't be terminated. However, right away I suspected something was weird because it was listed as an enduser process, not a SYSTEM process. In fact, I found that there were two csrss.exe processes running, the "enduser" version of which was causing the problems. After searching my harddrive, I found that there are two copies of the file - one in the system32 folder and the other in system32\dll\ - the second of which was describe as being a proxy server. I scanned it for viruses and came up with nothing. Is system32\dll\csrss.exe some kind of virus or corrupt file? What can I do to delete it?
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
  6. asxtc

    asxtc Registered Member

    Joined:
    Mar 2, 2005
    Posts:
    2
    Location:
    Germany
    The csrss.exe that sits in:
    windows/system32
    is the system exe that is required for XP/2000 to run.

    The other copy is unwanted and unrequired. Probibly dropped by malicious code.
    for example one of the Haxdoor variants
    Andy
     
  7. bigbuck

    bigbuck Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    4,877
    Location:
    Qld, Aus

    Attached Files:

Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.