Posted 20 November 2013 - 04:02 PM
csrss.exe is the user-mode portion of the Win32 subsystem (Win32.sys is the kernel-mode portion) and the main executable for the Microsoft Client/Server Runtime Server Subsystem. It is responsible for managing most graphical commands in Windows, console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment. This process is important for stable and secure operation of your system and should not be terminated. Determining whether csrss.exe is malware or a legitimate Windows process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate csrss.exe file is located in the C:\Windows\System32 folder but you may find legitimate copies in other folders such as:
If found running from a different location, it's usually indicative of malware. The csrss process always runs as SYSTEM user...a csrss.exe process running as a different user may be indicative of malware.
.Windows Insider MVP 2017-2018Microsoft MVP Reconnect 2016Microsoft MVP Consumer Security 2007-2015 Member of UNITE, Unified Network of Instructors and Trusted EliminatorsIf I have been helpful & you'd like to consider a donation, click