Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Info on virus named "csrs.exe trojan".


  • Please log in to reply
5 replies to this topic

#1 august22

august22

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:14 AM

Posted 13 June 2014 - 10:32 AM

 I need some information on the subject named virus. I want to know how to get rid of it and what this virus does.

Thank You



BC AdBot (Login to Remove)

 


m

#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:08:14 AM

Posted 13 June 2014 - 10:44 AM

 Doing a Google search turned up this answer from a Microsoft MVP:

http://answers.microsoft.com/en-us/protect/forum/mse-protect_scanning/is-csrssexe-a-safe-process/26bba20c-2691-4d42-bec4-637436c53c4f

 

 He says this file is an integral part of Win32 subsystem that must be kept running at all times.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:14 PM

Posted 13 June 2014 - 10:58 AM

@wpgwpg: Slightly different name assuming the OP did not make a typo/mistake.

 

@august22: Are you having problems with this file, where is it located?

 

xXToffeeXx~


Edited by xXToffeeXx, 13 June 2014 - 10:58 AM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:14 AM

Posted 13 June 2014 - 04:29 PM

Determining whether a file is malware or a legitimate process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there.

BTW, When searching for suspicious files, new malware or malware removal assistance (and removal guides) on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or removal tool. In some cases if the fix is a free download, users may be enticed to download a malicious file or be redirected to a malicious web site. In other cases you are referred to contact the site's Tech Support for assistance which is only provided for a fee.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:08:14 AM

Posted 13 June 2014 - 04:43 PM

@wpgwpg: Slightly different name assuming the OP did not make a typo/mistake.

 

@august22: Are you having problems with this file, where is it located?

 

xXToffeeXx~

 Oops, you're right.  Thanks for straightening me out.   :whistle:


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:14 AM

Posted 13 June 2014 - 08:21 PM

And both csrs.exe and csrss.exe can be malware, the later depending the location it is running from.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users