Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

csrss.exe


  • Please log in to reply
8 replies to this topic

#1 RhonB

RhonB

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:02:51 PM

Posted 18 February 2010 - 05:41 PM

My machine seems to be running very hard..even when I am not doing anything on it.

I checked my task manager processes tab and it shows that csrss.exe is using the cpu and when I did a search on it some sites said that it may sometimes be a worm or virus called Nimda.E....and then again it may not be, it might be a necessary system file....how do I know which it is??

Please advise asap.

Thanks

BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 18 February 2010 - 06:23 PM

csrss.exe IS a legitimate process.
It's listed in my Task Mngr also.

Don't know which version of Windows you have.
The versions of Windows that the following article applies to are listed at the bottom of the article.
See this topic at microsoft site: (I know your post didn't specify Right clicking in Windows Explorer, but I thought you might want to read it.)
http://support.microsoft.com/kb/555021

Do you have concern ONLY because of the presence of csrss.exe running in Task Mngr, or do you have other symptoms that are causing you concern?

Do you have alot of stuff running on boot ?
Do you do "clean out" on a fairly regular basis ?


------------------------------------------------------------------------------------------------------------------
First, use either ATF Cleaner or CCleaner to do "clean out".
(Both programs are free.)

ATF Cleaner
:
http://www.atribune.org/index.php?option=c...5&Itemid=25
Instructions (copied/pasted from atribune's web page):
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.

Notes for Windows Vista users:

On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function.

-------------------------------------------------------------------------------------------------------
CCleaner is an alternative to ATF Cleaner.
(There is nothing wrong with ATF Cleaner. I used to use ATF Cleaner until I found CCleaner and it is only a matter of my personal preference.)

The CCleaner website has a tour, including screen shots, so you can see what the program does.
It not only cleans your computer, it also has a Registry tool that will check for/fix registry errors, and it also has an "uninstall programs" tool and a "startup" tool (you can remove items from Startup).
The website for CCleaner is: http://www.ccleaner.com/

--------------------------------------------------------------------------------------------------------
Autoruns:
http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx
"it shows you the currently configured auto-start applications as well as the full list of Registry and file system locations available for auto-start configuration.
To disable an auto-start entry uncheck its check box. To delete an auto-start configuration entry use the Delete menu item or toolbar button."
(copied/pasted from technet.microsoft.com's website)

---------------------------------------------------------------------------------------------------------

If you have concern that you might have infections, scan with the free program Malwarebytes' Anti-malware:
http://www.malwarebytes.org/

Follow the instructions posted by quietman7(Global Moderator):
http://www.bleepingcomputer.com/forums/ind...hl=malwarebytes

Additional information on Malwarebytes' here:
How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Posted by Grinler on February 16, 2010

http://www.bleepingcomputer.com/virus-remo...alware-tutorial

------------------------------------------------------------------------------------------------------------


The following topics have EXCELLENT information:

Slow Computer?, Use this troubleshooting checklist
http://www.bleepingcomputer.com/forums/t/44694/slow-computer/


Understanding Spyware, Browser Hijackers, and Dialers

http://www.bleepingcomputer.com/tutorials/understanding-spyware-browser-hijackers-and-dialers/

How Malware Spreads - How did I get infected
http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/

How did I get infected?, With steps so it does not happen again!
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

-----------------------------------------------------------------------------------------------------------
Please report back.
If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:02:51 PM

Posted 18 February 2010 - 06:45 PM

Thanks for the quick response SashaCat,

Ran Ccleaner about 2 months ago...but it also cleaned out all my stored passwords etc.. (none very important, nothing anybody can get anything from...just a pain) soI don't like to use it. I run Malaware regulary as I had a serious virus problem 2 months ago which this site and it's tech's helped me to clean out.

My only concern right now is that my PC seems to be running very hard...like it's working at doing something, even when I'm not doing anything. I usually re-start and it calms down...but today I decided to look at task manager and see what was using my CPU at that time. Like I said in my previous post...I searched it and some said that it is a legitimate windows system file...but...it could also be a bad file. Oh and I already saw the article you posted...but thanks.

Hmmm...so what else could be making my computer run so hard???? It's not doing it right now because I have re-booted...but I would like to know what it is thats causing that.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,947 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 18 February 2010 - 09:27 PM

csrss.exe is the user-mode portion of the Win32 subsystem (Win32.sys is the kernel-mode portion) and the main executable for the Microsoft Client/Server Runtime Server Subsystem. It is responsible for managing most graphical commands in Windows, console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment. This process is important for stable and secure operation of your system and should not be terminated. The legitimate csrss.exe file is located in the C:\Windows\System32 folder. If found running from a different location, it's usually indicative of malware.

Most of the processes in Task Manager will be legitimate as shown in these links.Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a critical system file like svchost.exe. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. Another techinique is for the process to alter the registry and add itself as a Startup program or service so that it can run automatically each time the computer is booted. Keep in mind that a legitmate file can also be infected by some types of malware such as Virut which is a dangerous polymorphic file infector. A file's properties may give a clue to identifying it. Right-click on the file, choose Properties and examine the General and Version tabs.

Tools to investigate running processes and gather additional information to identify them and resolve problems:These tools will provide information about each process, CPU usage, file description and its path location.

Anytime you come across a suspicious file or one that you do not recognize, search the name using Google <- click here for an example.

Or search the following databases:If you cannot find any information, the file has a legitimate name but is not located where it is supposed to be, or you want a second opinion, submit it to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:02:51 PM

Posted 19 February 2010 - 12:09 AM

Thanks Quietman....

I used the process Explorer and the csrss.exe file is in the right location so I know it's ok. I definately do google anything strange I find on my machine...but not always sure the authenticity of some of the sites information...so thats why, in the end, I come here.. :-) The PC is not running hard right now, not since I rebooted earlier this evening...so I won't worry about it right now...but....should it do it again....any suggestions as to what other issue may be causing it to work so hard...even when I'm not on it??

Let me know and thanks for the help.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,947 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 19 February 2010 - 08:00 AM

should it do it again....any suggestions as to what other issue may be causing it to work so hard...even when I'm not on it??

That will require monitoring your system and investigating the processes using the tools I recommended above to determine which process is consuming resources. It could very well be a legitimate process but one that may be safely disabled.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 20 February 2010 - 01:16 PM

Ran Ccleaner about 2 months ago...but it also cleaned out all my stored passwords etc.. (none very important, nothing anybody can get anything from...just a pain) soI don't like to use it.


Just to let you know, on the subject of CCleaner and stored passwords......when you run the cleaner, if you take the checkmark OUT of "Autocomplete Form History", it will NOT delete your stored passwords.
I use CCleaner DAILY. I do NOT have a checkmark in "Autocomplete Form History", and my store passwords remain intact, and my other "autocomplete" entries remain intact as well.

ATF works also. I used to use it. (There's nothing wrong with it, I just liked CCleaner better; a matter of personal preference.)
If we don't change the direction we are going,
We are likely to end up where we are headed.

#8 RhonB

RhonB
  • Topic Starter

  • Members
  • 729 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Ontario, Canada
  • Local time:02:51 PM

Posted 20 February 2010 - 04:40 PM

Sashacat..thanks for that info on CCleaner...I will try unchecking that and if all is ok will use it reularly.

Quietman7....my machine has not started running hard again in the last few days....so I think I am ok.

Thank you both for your helpful replies...

Happy Weekend!

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,947 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:51 PM

Posted 20 February 2010 - 05:08 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users