how to remove csrss.exe?

Posted on 2013-05-14
Last Modified: 2013-11-22
hi experts,
 it looks like i have a trojan on my computer. a lot of services have stopped and i have a lot of errors in even viewer. What is the best way to remove this?
Question by:frankbustos
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 24

Expert Comment

ID: 39165508
Try scanning and cleaning with MalwareBytes AntiMalware (free): >

If it does not work in normal mode, boot up in safe mode and scan (you must have the latest data updates, however).  Then scan using normal mode again.

Also scan with TDSSKiller: >
LVL 22

Expert Comment

by:Haresh Nikumbh
ID: 39165509
The csrss.exe file included with Microsoft Windows is not spyware, a trojan, or a virus. However, like any file on your computer it can become corrupted by a virus, worm, or trojan. antivirus programs can detect and clean this file if it has become infected. Because this file is part of Microsoft Windows users should never delete or remove this file if they think it is infected, let the antivirus program handle it.

If its taking 100% CPU utilization then create new profile and install Microsoft Security essential, its good antivirus and spyware removal.
LVL 24

Accepted Solution

aadih earned 500 total points
ID: 39165516
Oops. First, however, do a system restore to say (yesterday).
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

LVL 34

Expert Comment

by:Paul MacDonald
ID: 39165522
You need CSRSS.exe.  It may be infected, but you can't just delete the file.  If you can boot, open a command prompt and run SFC /SCANNOW.
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 39165618
Running MBAM is good suggestion. However you should run RogueKiller before running the MBAM.

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting



Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs


Author Comment

ID: 39165809
ok, so i ran these three below and they've come back with no threats found....

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

i'm downloading microsoft security essentials now...
LVL 24

Expert Comment

ID: 39165828
Your PC is clean.

What problem are you having now?

Author Closing Comment

ID: 39166015
aadih, i did  a system restore and everything is back to normal. thanks so much!

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Operating system developers such as Microsoft ( and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question