Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is csrss.exe a trojan?

08 Nov 2014   #11
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi Emerogork,

Go to C:\Windows\System32\csrss.exe, right click and choose copy.

Next, go to your desktop, right click and choose paste.

Now, go to VirusTotal and click on the Choose File button and navigate to the file on the desktop to upload.

Post the link when scan has completed.

I believe the reason that the file can not be found when searching within the system32 folder from VirusTotal is because it is a protected system file. I'd love to hear what others have to say about my thoughts on this concept.


My System SpecsSystem Spec
.
08 Nov 2014   #12
Emerogork

Windows 7 32
 
 

Quote   Quote: Originally Posted by DonnaB View Post
Hi Emerogork,

Go to C:\Windows\System32\csrss.exe, right click and choose copy.

Next, go to your desktop, right click and choose paste.

Now, go to VirusTotal and click on the Choose File button and navigate to the file on the desktop to upload.

Post the link when scan has completed.

I believe the reason that the file can not be found when searching within the system32 folder from VirusTotal is because it is a protected system file. I'd love to hear what others have to say about my thoughts on this concept.
I am not sure why I could not see it before but I looked again and there it is. I ran the VT test and it reports 0/52. Interesting that (cmd) dir /s csrss.exe did not find it but I just ran it again and it did find it now that it is on the desktop and reports only that one. (7,680 bytes)
My System SpecsSystem Spec
10 Nov 2014   #13
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Quote:
I believe the reason that the file can not be found when searching within the system32 folder from VirusTotal is because it is a protected system file. I'd love to hear what others have to say about my thoughts on this concept.
I would say you are correct in your assumption. I looked through virustotal's faqs and documentation, but couldn't find anything on the subject.

A system file is in use when the OS is up and running and to remove or open it while it's in use would crash the system. Oh, you could open it, but you would have to jump through hoops resetting the permissions to do it.

There are other system files that need to be looked at, most notably is the .cbs file when checking for update errors, but if you try to open it you will see an Access Denied popup, what you have to do then is copy it to your desktop, open and read it there.
You can make a copy of any system file and send that to virustotal.

I just happened to come across your concept by accident, if you would really want to know what the other members think you should post it as a separate thread here in the System Security Forum, it would garner more attention that way.


Emerogork, as long as you only found one instance of csrss and it is located in C:\Windows\System32\csrss.exe you have nothing to worry about.

If your machine is slow there are two other reasons its that way, 1.) Malware, you need to do scans of a third-party tool like mbam or SAS; 2.) You have a corrupt profile.

And please, you need to create your own thread, it is impolite to hijack another thread, and for the same reason I told Donna, you will get more visibility and responses if you have a separate thread.
My System SpecsSystem Spec
.

01 Dec 2014   #14
mrick36

Windows 7, 64 bit
 
 

I get an error message when I try to run the Farbar download.

I am finding csrss.exe in the task manager with no User Name or Description listed.
I download the Farbar file successfully yet this message comes up when I try to run the file:

"Windows cannot find................" Apparently Norton refuses to allow this FRST64 file to run. Norton says that it is unsafe.

Next suggestion?
My System SpecsSystem Spec
01 Dec 2014   #15
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Hi mrick36,

Welcome to Windows Seven Forums!

Quote:
I am finding csrss.exe in the task manager with no User Name or Description listed.
That is normal. That same file is located in my Task Manager as well, without information for User Name nor Description.

What issues are you experiencing that you feel the need to download and install FRST?

You can learn more about csrss.exe in the link below:

What is the Client/Server Run-time Subsystem?


My System SpecsSystem Spec
01 Dec 2014   #16
mrick36

Windows 7, 64 bit
 
 

Thanks DonnaB!

I am searching for the reason my network identification and connection process is now moving so slowly. I can literally sit and watch the entire process unfold. I posted a new thread for this problem since I could not find one that was similar. My concern here was identifying whether the csrss.exe I was finding in the task manager was the original system file or a virus posing as that file. I read this thread and was under the assumption FRST was going to identify the file. I should say that I was reading this thread and came to that assumption.

BTW, my mind goes back to Sasquatch before I can read most of what is written on that Wiki page! LOL! ADD uses up most of the memory cells. And the heart can't take the ADD meds. Aaaaahhhhhhh!
My System SpecsSystem Spec
01 Dec 2014   #17
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

That's too funny! I guess that since your heart can't take the ADD meds you fit right in with the best of us.

I found your thread here and will follow it.

You can go ahead and follow the instructions in post #11 and upload the file to VirusTotal as I had instructed to make sure it is found to be the original file. You doing so will not interfere with oscer1's instructions. If you do follow the instructions to upload the file, please post the link to the results so I can see.

It is best to focus on one thread at a time to prevent confusion or conflicts. So do no more than what I ask in this post.

Donna
My System SpecsSystem Spec
01 Dec 2014   #18
mrick36

Windows 7, 64 bit
 
 

Post the link?

This file was last analysed by VirusTotal on 2014-12-02 04:03:39 UTC, it was first analysed by VirusTotal on 2009-08-17 19:46:37 UTC.

Detection ratio: 0/55

You can take a look at the last analysis or analyse it again now.
My System SpecsSystem Spec
01 Dec 2014   #19
mrick36

Windows 7, 64 bit
 
 

https://www.virustotal.com/en/file/c...c03a/analysis/


VirusTotal.......got that page bookmarked now!

Thanks DonnaB! That's great page to have!
My System SpecsSystem Spec
02 Dec 2014   #20
DonnaB

Win7 64-bit, Vista 32-bit, XP 32-bit, W2K 32-bit (VM)
 
 

Looks like the file is the legit file. Make sure to delete the copy of the file from your desktop.
My System SpecsSystem Spec
Reply

 Is csrss.exe a trojan?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
csrss.exe
I have been experiencing unusual lag which never happened to me before when I used a Unity application and while watching a Youtube video so I opened Task Manager to check what was causing this. I saw a process which was at at around 116000K usage when I was using a Unity application. Then I...
System Security
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
Csrss.exe
Hi, I've made a post before about my old wireless connection and many strange things happening with my computer and accounts, influenced contacts, passwords changing by itself denying me any acces, people blaming me for various reasons, Often the same person writing to me under various names...
BSOD Help and Support
Csrss.exe?
Hi I have read much terriable about this file called Csrss.exe. I have scanned my hard disk and found this, is it normal? It's also running 2 times..?
System Security
CSRSS
I have installed a clean copy of Windows 7, after a full format of the drives. However CSRSS.exe has started doing nonstop I/O reads and I can find no way to stop it. (I know not to touch the exe itself) I shut down everything that may be hitting the hard drive including the virus scan and it...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:47.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App