1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

CSRSS.EXE

Discussion in 'Computer Security' started by Lee, Jul 11, 2007.

  1. Lee

    Lee Nibble Poster

    58
    0
    18
    What can anyone tell me about this Trojan?

    My virus scanner picked it up and quarantined it but can't repair it.
     
    Certifications: A+ C Programming
    WIP: Network+
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Usually an indication of a NetSky(variant) infection. Most AV scanners should be able to pick this up and clean it. You sure it's not a false positive? CSRSS.exe is a legit program if running in the System32 directory - it's only if it's running elsewhere that it's bogus. I'm assuming it IS running in another location - otherwise your AV scanner shouldn't have detected it as an infection.

    Run an AVG scan of the loation the AV scanner picks the file up from and see if that fixes it. If not, with something like this, you are likely to have all sorts of other crap on your PC as well so it may be time to get your passport and visit 'Format & Reinstall Country'
     
    Certifications: A few
    WIP: None - f*** 'em
  3. wagnerk
    Highly Decorated Member Award

    wagnerk aka kitkatninja Moderator

    10,831
    357
    341
    There are so many different viruses, malware, trojan, etc out there I can't say off the top of my head for each specific one. However have you tried booting into safe mode and then running your anti-virus to clean it or delete it?

    -ken
     
    Certifications: CITP, PGCert, BSc, HNC, LCGI, PTLLS, MCT, MCITP, MCTS, MCSE, MCSA:M, MCSA, MCDST, MCP, MTA, MCAS, MOS (Master), A+, N+, S+, ACA, VCA, etc... & 2nd Degree Black Belt
    WIP: PGDip
  4. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Normally CSRSS.exe is the ClientServer Sub System, a standard part of windows. I doubt if the system will run without it.
    I don't think the file itself is a trojan, but the file could be infected. I suggest the repairmode during the setup of windows. You start from the installation CD and press the R(epair). You could replace the offending file with a fresh one from CD. You'll have to use the expand command to do this. Are you absolutely sure it is that file?
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  5. Lee

    Lee Nibble Poster

    58
    0
    18
    I know csrss.exe is a valid process but the trojan is called csrss.exe. My antivirus picked it up and quarantined it, I have checked MS's articles relating to it and run some tests and my PC seems ok. It happened after a Windows Update so I wonder if the AV picked up the updated version of crss.exe and incorrectly reported it?
     
    Certifications: A+ C Programming
    WIP: Network+
  6. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    am sure the case is what give it away CSRSS.EXE, does your av scanner not say what its infected with? #Have a read
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  7. Tinus1959

    Tinus1959 Gigabyte Poster

    1,539
    42
    106
    Try this link http://searchg.symantec.com/search?...c_en_US&output=xml_no_dtd&context=gbh&x=8&y=6
     
    Certifications: See my signature
    WIP: MCSD, MCAD, CCNA, CCNP
  8. Lee

    Lee Nibble Poster

    58
    0
    18
    Thanks for the links, I already had a look at both those sites last night. NAV says it has quarantined it but I ran another full system scan and it's still there. There are supposedly ways to get rid of the hijacked file, we'll see, if it's got Symantec scratching their heads I might just wait and see what they come up with.
     
    Certifications: A+ C Programming
    WIP: Network+

Share This Page

Loading...