Anybody else run into a nasty little csrss.exe virus? I've had four machines now in two days that have this infection, and it's been a real pain in the ass to get rid of - and so far, I haven't been sane enough to figure out how I got it off the first two. Tried stinger and AVG with mixed results, anyone got a better solution?
I have csrss.exe currently running when I do CRTL+ALT+DEL on my rig, the thing is I can't see the file-path of the executed file and can't tell where it's coming from, a google search brough up this
It depends on were the program is located, if its in the Windows system32 folder then its *probably legitimate. So seeing that process isn't a sign of infection.
Got it, and I figured out how to get rid of it. 1. download a process viewer, the one I used is here 2. go to /windows/system32/rpowaxdanz/ 3. make sure you can view hidden files 4. in process viewer, right click on the csrss.exe and click Kill to terminate the process 5. delete the entire /rpowaxdanz/ folder. 6. open regedit, find and delete all entries of "rpowaxdanz" 7. reboot, problem solved. *Edit* the "rpowaxdanz" folder can be created as anything, so navigate to the folder which the process viewer tells you to, and just follow the above steps. *Edit2* upon further investigation, it appears to be the "KELVIR.CP" worm, which sends itself through MSN and AIM, or so HouseCall tells me
Hmm mine is fine...phew...that Process program is good though, I downloaded another one that didn't even recognise the csrss.exe process...
Great find, i often have problems trying to work out what a process is actuall doing (ie why is it running) so having this little tool in my collection wil help greatly! Thanks lot
csrss.exe ? are you sure thats a virus? i have it on my computer in processes, i thought it was somthing to do with counter strike source :s what exatly does it do, if it does nothign but just sit there, i aint too botherd. are you sure its a virus? http://www.neuber.com/taskmanager/process/csrss.exe.html
http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/ http://www.neuber.com/taskmanager/process/csrss.exe.html Try them for an explanation, it should be alryt running from C:/WINDOWS/SYSTEM32/CSRSS.EXE
if its from /system32/csrss.exe it should be fine. if its being run from say /system32/bleh/csrss.exe, its bad news.
