CSRSS.EXE

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

What can anyone tell me about this Trojan?

My virus scanner picked it up and quarantined it but can't repair it.

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Usually an indication of a NetSky(variant) infection. Most AV scanners should be able to pick this up and clean it. You sure it's not a false positive? CSRSS.exe is a legit program if running in the System32 directory - it's only if it's running elsewhere that it's bogus. I'm assuming it IS running in another location - otherwise your AV scanner shouldn't have detected it as an infection.

Run an AVG scan of the loation the AV scanner picks the file up from and see if that fixes it. If not, with something like this, you are likely to have all sorts of other crap on your PC as well so it may be time to get your passport and visit 'Format & Reinstall Country'

 

Normally CSRSS.exe is the ClientServer Sub System, a standard part of windows. I doubt if the system will run without it.
I don't think the file itself is a trojan, but the file could be infected. I suggest the repairmode during the setup of windows. You start from the installation CD and press the R(epair). You could replace the offending file with a fresh one from CD. You'll have to use the expand command to do this. Are you absolutely sure it is that file?

 

I know csrss.exe is a valid process but the trojan is called csrss.exe. My antivirus picked it up and quarantined it, I have checked MS's articles relating to it and run some tests and my PC seems ok. It happened after a Windows Update so I wonder if the AV picked up the updated version of crss.exe and incorrectly reported it?

 

am sure the case is what give it away CSRSS.EXE, does your av scanner not say what its infected with? #Have a read

 

Try this link http://searchg.symantec.com/search?...c_en_US&output=xml_no_dtd&context=gbh&x=8&y=6

 

Thanks for the links, I already had a look at both those sites last night. NAV says it has quarantined it but I ran another full system scan and it's still there. There are supposedly ways to get rid of the hijacked file, we'll see, if it's got Symantec scratching their heads I might just wait and see what they come up with.