Solved

how to remove csrss.exe?

Posted on 2013-05-14
8
683 Views
Last Modified: 2013-11-22
hi experts,
 
 it looks like i have a trojan on my computer. a lot of services have stopped and i have a lot of errors in even viewer. What is the best way to remove this?
0
Comment
Question by:frankbustos
8 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39165508
Try scanning and cleaning with MalwareBytes AntiMalware (free):

http://www.malwarebytes.org/ >

If it does not work in normal mode, boot up in safe mode and scan (you must have the latest data updates, however).  Then scan using normal mode again.

Also scan with TDSSKiller:

http://www.bleepingcomputer.com/download/tdsskiller/ >
0
 
LVL 22

Expert Comment

by:Haresh Nikumbh
ID: 39165509
The csrss.exe file included with Microsoft Windows is not spyware, a trojan, or a virus. However, like any file on your computer it can become corrupted by a virus, worm, or trojan. antivirus programs can detect and clean this file if it has become infected. Because this file is part of Microsoft Windows users should never delete or remove this file if they think it is infected, let the antivirus program handle it.

http://support.microsoft.com/kb/555021

If its taking 100% CPU utilization then create new profile and install Microsoft Security essential, its good antivirus and spyware removal.
0
 
LVL 24

Accepted Solution

by:
aadih earned 500 total points
ID: 39165516
Oops. First, however, do a system restore to say (yesterday).
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39165522
You need CSRSS.exe.  It may be infected, but you can't just delete the file.  If you can boot, open a command prompt and run SFC /SCANNOW.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39165618
Running MBAM is good suggestion. However you should run RogueKiller before running the MBAM.

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 

Author Comment

by:frankbustos
ID: 39165809
ok, so i ran these three below and they've come back with no threats found....

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

i'm downloading microsoft security essentials now...
0
 
LVL 24

Expert Comment

by:aadih
ID: 39165828
Your PC is clean.

What problem are you having now?
0
 

Author Closing Comment

by:frankbustos
ID: 39166015
aadih, i did  a system restore and everything is back to normal. thanks so much!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is the best Ransom ware protection for Servers and clients? 13 100
Local Drive Access Denied 5 102
Symantec Endpoint Protection blocking autorun.if 13 58
is this a virus? 3 59
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question