Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 tidahu62


  • Members
  • 1 posts
  • Local time:08:03 PM

Posted 20 November 2013 - 01:26 PM

I saw csrss.exe running in Processes in Task Manager. What is this and should I remove it?

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,905 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:03 PM

Posted 20 November 2013 - 04:02 PM

csrss.exe is the user-mode portion of the Win32 subsystem (Win32.sys is the kernel-mode portion) and the main executable for the Microsoft Client/Server Runtime Server Subsystem. It is responsible for managing most graphical commands in Windows, console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment. This process is important for stable and secure operation of your system and should not be terminated. Determining whether csrss.exe is malware or a legitimate Windows process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate csrss.exe file is located in the C:\Windows\System32 folder but you may find legitimate copies in other folders such as:


If found running from a different location, it's usually indicative of malware. The csrss process always runs as SYSTEM user...a csrss.exe process running as a different user may be indicative of malware.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users