| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 50524 | 2004-10-23 06:44:00 | CSRSS.EXE - Bogus or genuine? | Randolf (75) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 283815 | 2004-10-23 06:44:00 | I had (or possibly still have) some form of malware on my Win 95b system which has made the file "csrss.exe" continually try to access the internet. It is blocked by Zone Alarm. I understand this is a very necessary file, that normally resides in Windows/Systems 32 folder. I do not appear to have the folder Systems 32, or the "csrss.exe" file in that folder. The only file I have by the name csrss.exe is in (C:) . It states it was created 21/10/04 (the day the trouble started) and there is also a small AVG update log file of the same date. I understand the malware or whatever, sometimes creates this file, so in some instances there are two of the same name. What I would like to know is - Should there always be one valid file by this name on my system? How can I tell whether the file that is there is genuine or not? I want to be sure I am not deleting an important valid file. Any help would be much appreciated. |
Randolf (75) | ||
| 283816 | 2004-10-23 06:56:00 | This file is nessecary, but it can be hijacked/corrupted. I have read articles about this. Google cause I cant remember where. D. |
drb1 (4492) | ||
| 283817 | 2004-10-23 07:06:00 | This file (csrss.exe) is a legitimate Windows system file but there is a worm that creates another csrss.exe file which is NOT legitimate. You have this worm as evidenced by the Zone Alarm activity. I found that HijackThis reported the csrss.exe file as being a keylogger and Trend Micro also reported it as being related to the Netsky.AI worm which is not picked up by AVG or Norton AV. Go to Start, Run, type msconfig and remove the tick from the csrss.exe entry under Startup. Delete the csrss.exe from the C: drive. You may also need to remove the csrss.exe entry from within the registry but it will be easier to use HijackThis to remove it. |
tommy (2826) | ||
| 283818 | 2004-10-23 07:11:00 | There is a bit of activity with this trojan at the moment. Its fine to delete the csrss.exe in the C : \ directory. There may be a csrss.bin there as well, that can also go. |
godfather (25) | ||
| 283819 | 2004-10-23 07:25:00 | Delete the > csrss . exe from the C: drive . Thanks for this . But as mentioned this is the only csrss . exe file on my system and I've just been told it's necessary to have . I'd like to delete it as it looks suspicious . Is it safe to, and have no csrss . exe file on the computer? ?:l |
Randolf (75) | ||
| 283820 | 2004-10-23 08:19:00 | It should be fine to delete it but if you have doubt just rename it for now then delete it in a week if no ill-effects occur. | tommy (2826) | ||
| 283821 | 2004-10-23 08:19:00 | Randolph, you can safely delete csrss.exe from Win95/98, it is not a system file for those OS. It is a system file for Win2000/XP. I just checked in both win95B and win98, it doesnt exist, so yours is the trojan/virus. |
Terry Porritt (14) | ||
| 283822 | 2004-10-23 08:38:00 | Great!! I've deleted the files. Also as mentioned in separate posting - restored the registry from a recent ERU backup. Computer is back its normal 133Mhz lightning speed! Fingers crossed. (And thanks). |
Randolf (75) | ||
| 1 | |||||