Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! i have two csrss.exe running on my Windows 10!


  • Please log in to reply
15 replies to this topic

#1 GalaxyHunter199

GalaxyHunter199

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 April 2017 - 04:47 AM

ok so i found this youtuber named NateVang and he uploads roblox hack everyday!! i've been trusting him for months now... but then one day he uploaded this video named ROBLOX LOKI LEVEL7 HACK/EXPLOIT BEST!!!

 

Link of the video:

 

https://www.youtube.com/watch?v=M05DUwndXXX

 

so I quickly watched the video and downloaded it without hesitating.. then I figured it was patched (not working anymore) and so I deleted the file and reviewed the comments.. and when I did review the comments others said it was a rat, others said its a keylogger, others said its a virus, others said its a false positive, others said they're PC is fine and nothing happened... now for the past few days nothing bad has happened YET... but this morning when I started my PC (windows10) it was laggy on startup and the application took a while to respond.. so I quickly refreshed and checked task manager.. and I saw two client server runtime processes! (csrss.exe) now I would please like to know if this is normal or if this is a rat, virus, keylogger, Trojan, malware, or whatever....

​only I am signed in.. I even restarted and still there are still two! now when I checked in the users tab, only I am signed in and when I clicked the arrow facing down in the left of my profiles name it showed me the processes running in that profile and there were only one client server runtime process (csrss.exe)... am I being ratted?? keylogged?? am I virused??

 

proof that only I am signed in:

Attached File  proof that only i am signed in.PNG   9.33KB   0 downloads

 

only 1 is in my profile

Attached File  only 1 is in my profile.PNG   17.73KB   0 downloads

 

there are two client server runtime processes

Attached File  two client server runtime processes.PNG   11.7KB   0 downloads

 

Mod edit :  Potentially harmful link rmade inoperable


Edited by Chris Cosgrove, 03 April 2017 - 04:36 PM.
See Mod edit.


BC AdBot (Login to Remove)

 


#2 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 April 2017 - 05:05 AM

guys i am very worried about my PC... can i please get an answer??



#3 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 April 2017 - 05:11 AM

T~T


#4 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:07:44 PM

Posted 03 April 2017 - 05:42 AM

Its normal to have more then one Client Server Runtime Process running as long as they are running from  C:\Windows\System32 directory everything is fine.


Posted Image


#5 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 April 2017 - 05:45 AM

thank you for your reply, they are both from C:\Windows\System32 directory...



#6 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:07:44 PM

Posted 03 April 2017 - 05:49 AM

You are very welcome!


Posted Image


#7 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 April 2017 - 07:33 AM

Can I please get more opinions about my PC?? Im still kinda worried... but I am really thankful for the reply... it was really helpful... I just want to confirm if my PC is fine.. so I need more opinions...

#8 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 April 2017 - 09:41 AM

Uhh im still waiting for more opinions but I am very worried cause I searched an some said it may be a trojan or virus or something bad.. one also said that only 1 csrss.exe will run if 1 profile is signed in and if two profiles are signed in then two csrss.exes should be running... still curious and worried... what if im being ratted.. and the other csrss.exe is from the pc ratting me.... there are some weird tasks running in my backround and windows processes... T~T
*and

#9 FreeBooter

FreeBooter

  • Members
  • 3,137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Turkey - Adana
  • Local time:07:44 PM

Posted 03 April 2017 - 12:19 PM

Ask moderator to move your thread to Am I infected? What do I do?


Posted Image


#10 Chris Cosgrove

Chris Cosgrove

  • Moderator
  • 6,550 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:05:44 PM

Posted 03 April 2017 - 04:38 PM

Topic moved to 'Am I infected ?'

 

Chris Cosgrove



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:44 AM

Posted 04 April 2017 - 10:03 AM

Please run the following scans and post the logs in your topic, do not use a host website to post these logs.  Run the scans in the order they are requested and post the logs in the same order.  Do not wrap the logs in code, quotes, or spoilers.
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.

The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!

Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

Note:  The log may be very long.  You may need to break it into parts to post the whole log.

Post this in your topic.
 
 
Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  

mbam1_zps98e7fba9.png

3)  Click on Settings, you will see a image like the one below.

malware%20settings_zpsixkea5sd.png

When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.

malwarenew_zps34b58fdc.png

6)  Please post the Malwarebytes log.

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the entire log in your topic.

 
Please run AdwCleaner

Please download AdwCleaner and install it.

When AdwCleaner opens you will see an image like the one below.

adwcleaner11_zps48314883.png

Click on Scan to start the scan.

Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.

If there are no malicious programs are found you will receive the following message.

adwcleaner%20111_zpsiduqrrrp.png  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.


Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
    here
    .
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • If threats are found click on Save to text file in Documents.
  • Open Documents, find the report, copy and paste it in your topic.

Edited by dc3, 04 April 2017 - 10:04 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 04 April 2017 - 11:31 AM

Ok I used malwarebytes and some other antiviruses including norton and even windows defender but no malware nor PUP files are detected... I did as you instructed but still no malware or PUP files are found...I already did multiple scans but still nothing.. ill post the log....

#13 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 06 April 2017 - 08:10 AM

uhhmm the log file is short ._. I'm not sure if this is even the log file
 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/6/17
Scan Time: 9:01 PM
Logfile: log file.txt
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.96
Update Package Version: 1.0.1673
License: Expired
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: SIMON\JinSimon
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 650605
Time Elapsed: 6 min, 17 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled (should this be disabled??)
Rootkits: Disabled (should this be disabled??)
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)

(end)


#14 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 06 April 2017 - 08:30 AM

am i safe!?



#15 GalaxyHunter199

GalaxyHunter199
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 06 April 2017 - 08:38 AM

am i being ratted!? tell meh!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users