is CSRSS.EXE a virus?

Hello,
iam confused. After install Process Guard free version i saw that csrss.exe was trying to gain "write" access on NOD32.

Some website said csrss.exe is a windows process but other said is a trojan called Ciador and copy itself to %windows%csrss.exe

according to McAfee : Backdoor-ATM.gen alias Backdoor.Padmin

this site said is a trojan>
http://www.alerta-antivirus.es/virus/detalle_virus.html?cod=3271

I didn't find any keys related to this "trojan" on my box but i want to be sure...

Thx in advance

 

Hi xTiNcTion,

WinTasks Process Library

csrss - csrss.exe - Process Information
Process File: csrss or csrss.exe
Process Name: Client/Server Runtime Server Subsystem
Description: Windows client server run-time subsystem handles Windows and graphics functions for all subsystems.
Company: Microsoft Corp
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A


Here's the link - http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/

Hope that helps.

Steve -

 

Also ...

Following is a list of the processes that must be up in order for Windows XP to run:

- System Idle Process
- System
- CSRSS.EXE
- EXPLORER.EXE
- LSASS.EXE
- SERVICES.EXE
- SMSS.EXE
- SVCHOST.EXE (shows up twice)
- WINLOGON.EXE


Problem Description
Minimum Processes Required for Windows XP to Run


Problem Environment
Microsoft Windows XP

http://www.symantec.com/techsupp/primus/id4975.html

Following is a list of the processes that must be up in order for Windows 2000 to run:

- System Idle Process
- System
- SMSS.EXE
- CSRSS.EXE
- WINLOGON.EXE
- SERVICES.EXE
- LSASS.EXE
- EXPLORER.EXE
- SVCHOST.EXE
- SPOOLSV.EXE
- SVCHOST.EXE
- REGSVC.EXE
- MSTASK.EXE
- WINMGMT.EXE
- NWTRAY.EXE
- IEXPLORER.EXE


Problem Description:
Minimum Processes Required for Windows 2000 to Run


http://www.symantec.com/techsupp/primus/id4338.html

 

Right now the csrss.exe process on my computer is hogging all of my system resources. When I try to end the process, I get a message telling me that it's a critical system process and it can't be terminated. However, right away I suspected something was weird because it was listed as an enduser process, not a SYSTEM process. In fact, I found that there were two csrss.exe processes running, the "enduser" version of which was causing the problems. After searching my harddrive, I found that there are two copies of the file - one in the system32 folder and the other in system32\dll\ - the second of which was describe as being a proxy server. I scanned it for viruses and came up with nothing. Is system32\dll\csrss.exe some kind of virus or corrupt file? What can I do to delete it?

 

The csrss.exe that sits in:
windows/system32
is the system exe that is required for XP/2000 to run.

The other copy is unwanted and unrequired. Probibly dropped by malicious code.
for example one of the Haxdoor variants
Andy

 

From www.answersthatwork