Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Is csrss.exe a trojan?

20 Sep 2015   #41
UsernameIssues

W7 Pro SP1 64bit
 
 

Quote   Quote: Originally Posted by kacperrools View Post
When i try to do properties it does not do any thing ... please help . is it a virus ?
See this post about Process Explorer and VirusTotal:
Process Explorer 16

You might also want to select:
Options > Verify Image Signatures.


My System SpecsSystem Spec
.
10 Dec 2015   #42
reign

windows 7 professional x64
 
 

I am also having this issue, however i cannot post the req info via this thread as its too big.
My System SpecsSystem Spec
10 Dec 2015   #43
LMiller7

Windows 7 Pro 64 bit
 
 

Welcome to the forum.

What issue are you having?
The fact that the process is running is not an issue.
My System SpecsSystem Spec
.

26 Dec 2015   #44
jmrathbun

Win 7 Pro (64)
 
 
I have this issue also

I have the file csrss.exe active. Unlike the others on the list, right-clicking and trying to open the location doesn't work. My scan for the file location showed this result:

Is csrss.exe a trojan?-csrss.jpg

Your thoughts?


My System SpecsSystem Spec
26 Dec 2015   #45
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Hi jmrathbun, welcome to 7F!

The first location looks okay, but the second in the winsxs folder does not.
When I searched for the class ID attached to the second csrss file: 31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3 I had one hit and it was a user looking for malware removal help. This doesn't necessarily mean your machine has malware, but,

Do you notice any recent peculiarities with your machine?
  • Slowness,
  • Browser redirects,
  • Unusual web activity even when no one is using your machine and it's asleep (watch your router lights),
  • HDD thrashing.

I would start several cleaning processes with these and the freeware versions are okay to use:

If after running these and your CMD search still turns up that second csrss in winsxs I would seriously consider starting a new separate thread here in the System Security Forum.
My System SpecsSystem Spec
26 Dec 2015   #46
jmrathbun

Win 7 Pro (64)
 
 

Thanks for your input!

I got interested when I saw a popup at logon this AM asking if it was OK for a program I didn't recognize to do a disc write. Unfortunately, I wasn't alert enough to write down the program's name, but I wasn't so stupid as to allow it to go to work on my system.

I tried to rename the second copy of CSRSS but it won't let me; it requires permission of 'Trusted Installer'. I don't know who that would be other than me, because I built this machine myself!

Currently I'm running a deep scan with Webroot, since that's already installed. I've noticed a few unexpected behaviors this AM but was attributing that to having run around 150 Windows Updates yesterday.

I wonder if there's a way to edit the Registry to give me access to the second copy of CSRSS?
My System SpecsSystem Spec
26 Dec 2015   #47
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

You're welcome.

What you describe could indicate malware (a disk write). Try to get the name if it pops up again..

You could go to the Properties >Security tab of the file csrss in winsxs then click on advance. it might show more info on who/what is the trustedinstaller (TI), malware developers use TI to mask/spoof the real installer.

Have you tried to access the registry key with an elevated registry editor?
Type regedit into the Start Menu Search box, then right click on the first listing regedit.exe under Programs, and click 'run as administrator'

If that doesn't work try this, it may help the registry edit; Go to step #3 under Here's How: To Change the Access Permissions of a Registry Key

Remember to back up the Registry: Registry - Backup and Restore
My System SpecsSystem Spec
26 Dec 2015   #48
jmrathbun

Win 7 Pro (64)
 
 

Well, here's what it has to say for itself:
Is csrss.exe a trojan?-csrss-properties.jpg

I'm currently corresponding with Webroot technical support to see if that's possibly part of their library of malware names.


My System SpecsSystem Spec
26 Dec 2015   #49
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Well, it seems an old dog can learn new tricks, and I'm going to have to re-think this csrss thing....

I've been looking around and if one has more than one csrss it's because; You have one for your logged on user and one for all users, that is normal.
Quote:
"If you have more than one running in task manager for any/each user, there's a good chance you may be infected. If so, post back and we'll discuss how to deal with that. Otherwise it's not only normal but required."

You have one for your logged on user and one for all users, that is normal.
Multiple processes listed more than once is also normal.
svchost is a host process used by many different things. It is not unusual to see many listed running copies of this process.

-steve

Source; The bottom of page two
The trick here is: IF, you have more than one running in task manager for any/each user, then you have a problem.

Then at the top of page six, the second and third posts I found another user in the second post on that page that has the same class ID (CLSID) as you C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3.with Stephen Boots reply:

Quote:
Hi there

I have the following csrss.exe files appear, can you look through them for me please to see if they are fine or not? Not sure how to get a file listing to post here

1) amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3_csrss

2) csrss..........System32 (C:\windows)

3) csrss..............C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3

4) csrss.exe.mui.....en-US (C:\Windows\System32)

5) csrss.exe.mui.....en-US (C:\Windows\SysWOW64)

6) csrss.exe.mui.....C:\Windows\winsxs\amd64_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_3685fcbdfb21a5ac

7) csrss.exe.mui.....C:\Windows\winsxs\x86_microsoft-windows-csrss.resources_31bf3856ad364e35_6.1.7600.16385_en-us_da67613a42c43476

Thanks

Mike


Stephen Boots
MVP Insider Community Moderator Wiki Author MCC: Content Creator MCC: Content Curator Launch expert - Windows 10

All good.

#2 is the one that is installed and running.

All the rest are either inside installers and backup copies.

-steve
So, according to Stephen Boots your screenshot is showing either and inside installer or a backup copy. Look at your screenshot, both are the same size and date.

Bottom line; If you don't have the problems I mentioned in my first reply to you, your two instances of csrss are normal.

Here's something to scare the masses, this is what SystemLookup has found: http://Search | csrss.exe | www.systemlookup.com
My System SpecsSystem Spec
26 Dec 2015   #50
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

One of my system that has no problems or infections.

Is csrss.exe a trojan?-today-only.png


My System SpecsSystem Spec
Reply

 Is csrss.exe a trojan?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
csrss.exe
I have been experiencing unusual lag which never happened to me before when I used a Unity application and while watching a Youtube video so I opened Task Manager to check what was causing this. I saw a process which was at at around 116000K usage when I was using a Unity application. Then I...
System Security
Trojan called 'Trojan.Generic.2582177' on my system
Hi, I have Window7 Ultimate 64 bit on my system. I use Bitfender as my antivirus software. This morning it informed me that it has found a file infected with a virus called 'Trojan.Generic.2582177' which it cannot clean. I've contacted Bitfender to see if they know what I should do but haven't...
System Security
Csrss.exe
Hi, I've made a post before about my old wireless connection and many strange things happening with my computer and accounts, influenced contacts, passwords changing by itself denying me any acces, people blaming me for various reasons, Often the same person writing to me under various names...
BSOD Help and Support
Csrss.exe?
Hi I have read much terriable about this file called Csrss.exe. I have scanned my hard disk and found this, is it normal? It's also running 2 times..?
System Security
CSRSS
I have installed a clean copy of Windows 7, after a full format of the drives. However CSRSS.exe has started doing nonstop I/O reads and I can find no way to stop it. (I know not to touch the exe itself) I shut down everything that may be hitting the hard drive including the virus scan and it...
Installation & Setup


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:54.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App