BleepingComputer.com: csrss.exe on D drive

I've seen posts that claimed that csrss.exe found anywhere except C:\WINDOWS\System32 could be a virus or trojan. I found 2 other csrss.exe locations on my D drive D:\MiniNT\system32 & D:\I386\SYSTEM32. Taken literally, these 2 files are viruses, is that right ? Any problem deleting these files ? Will they stay deleted ?
I also have another csrss.exe file at C:\WINDOWS\ServicePackFiles\I386. Is this file harmful ?
Other than running slower than other newer computers, I'm not having problems. And a Norton 360 & MalawareByte Anti-Malware comprehensive scan found 0 infections. Am I safe ?

csrss.exe is the user-mode portion of the Win32 subsystem (Win32.sys is the kernel-mode portion) and the main executable for the Microsoft Client/Server Runtime Server Subsystem. It is responsible for managing most graphical commands in Windows, console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment. This process is important for stable and secure operation of your system and should not be terminated. Determining whether csrss.exe is malware or a legitimate Windows process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate csrss.exe file is located in the C:\Windows\System32 folder but you may find legitimate copies in other folders such as:

C:\i386
C:\Windows\$NTServicePackUninstall$
C:\Windows\ServicePackFiles\i386
C:\MiniNT\system32

Anytime you come across a suspicious file or you want a second opinion, submit it to one of the following online services that analyzes suspicious files:

• Jotti's virusscan
  
• VirusTotal
  
• VirSCAN

In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

thanks quietman7 for your detailed response...other locations, that csrss.exe could be legit,that u listed are all on the C drive. I have 2 that r on the D drive. [b]Does the drive location make a difference ? I ran comprehensive scans using Norton 360, Malawarebyte Anti-Malware & SpyBotS&D, no problems Is it possible for an infected file, specifically a corrupt csrss.exe file, to evade all these searches ?
I wouldn't be worried about it except that when i asked HP Support if increasing my 512MB RAM would improve performance (speed), they logged on to my computer, claimed to find a trojan (the csrss.exe file, which they pointed out while reviewing my Task Manager processes) and tried to sell me $299 worth of software warranty & included removing the trojan), or they would remove the trojan for $130 (but it could come back, thus the need for the warranty). They proceeded to alarm me about a hacker stealing my on-line banking information, etc. I'm a bit skeptical, and wanted a 2nd opinion. I'd like to think the scans are proof enough. But all these programs leave a little wiggle room.
If you are not sure about the csrss.exe lacations on the D drive, I will try:
Jotti's virusscan
virusTotal
VirSCAN

okay I checked the 2 csrss.exe files on my D drive using Jotti's malware scan. No problems found.
I submitted both locations on the D drive, but the 2nd response stated that the file had previously been checked. Seems like the location did not matter. I don't know how this jives with "the csrss.exe file could be disguised malware if found in other locations (than C:\WINDOWS\system32)".
Anyway, it appears that I am okay..so not sure where HP Support was coming from.

Yes, they could be on your D: drive...probably a partition rather than a separate drive. How a drive is set up and partitioned varies from one vendor to another and can vary even more with custom set ups.

Sounds like HP was either trying to sell support or the tech just wasn't sure. Submissions to Jotti or the other online file analyzers are a great resource for getting a second opinion. Also be aware that most anti-virus vendors have procedures in place that allow you to submit files you find suspicious.

Thanks a bunch for your help.

You're welcome.