Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cannot open file windows\inf\csrss.exe error


  • Please log in to reply
5 replies to this topic

#1 bigeasy2002

bigeasy2002

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 31 October 2010 - 08:21 AM

Is this a virus?

Edited by hamluis, 31 October 2010 - 11:40 AM.
Moved from Vista forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 dodes

dodes

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:28 AM

Posted 31 October 2010 - 09:57 AM

Probably.

1) As far as I know, csrss.exe does not run from windows\inf, it runs from windows\system32. I don't have access to a vista machine, but I performed a search for csrss.exe in my windows\inf folder on my Windows 7 machine and did not find anything.
2) csrss.exe is a critical windows component. If the REAL csrss.exe really wasn't opening you would encounter blue screens.
3) Go to www.virustotal.com and browse for this mysterious csrss.exe in windows\inf\ and upload it, if you can find it in there. VT may in fact show infections. If for some reason your browser just won't let you access VirusTotal, that's another indicator of malware.
4) Get in touch with a Malware Response Team member to talk about scanning your computer for infections.

Edited by dodes, 31 October 2010 - 10:03 AM.

Windows 7 Pro x64
Biostar TH55B-HD
WD Corsair Black 500GB | Samsung Spinpoint F3 1TB
G-Skill 2x2GB 1066 DDR3 SDRAM
NVIDIA GeForce GT 240

#3 TheH4ck3r

TheH4ck3r

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:05:28 AM

Posted 31 October 2010 - 11:26 AM

Definitively.

csrss.exe is a process system, which means it its name is commonly used by malware developers to 'mask' their software for it not to be recognized by unaware users. It is also used to avoid detection. So, if csrss.exe is an active process and does not run from x:\%System% (x:\ being your HDD) it definitively is malware. But, if there is an error saying that this file cannot be opened, or it is corrupted, or it is a fake error, or something is blocking it, or these are remnants of malware that was removed but only partially. If you still think this might be dangerous in some way, you can and should open a new post HERE.

--EDIT--

I only read the subtitle now :thumbsup:. If you get this message every time you start your computer, it may be because the registry key under
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
that is attempting to open csrss.exe under the directory x:\Windows\inf cannot start it for some reason.

Edited by TheH4ck3r, 31 October 2010 - 11:32 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:28 AM

Posted 31 October 2010 - 11:39 AM

Looks like malware to me, see File Activity for SMSS.exe at http://www.prevx.com/filenames/4096822801623188680-X1/SMMS.EXE.html

Moving to Am I Infected forum.

Louis

#5 bigeasy2002

bigeasy2002
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 31 October 2010 - 02:05 PM

Thanks for the replys , Here is a more accurate version of my error message:

"Could not load or run C:\windows\inf\csrss.exe specified in the registry"

#6 bigeasy2002

bigeasy2002
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 02 November 2010 - 06:38 PM

Thanks for all of the help, i used Hijackthis and found a win.ini file with this scrss reference in it and deletede it. now i no longer get there message!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users