Solved

how to remove csrss.exe?

Posted on 2013-05-14
8
680 Views
Last Modified: 2013-11-22
hi experts,
 
 it looks like i have a trojan on my computer. a lot of services have stopped and i have a lot of errors in even viewer. What is the best way to remove this?
0
Comment
Question by:frankbustos
8 Comments
 
LVL 24

Expert Comment

by:aadih
ID: 39165508
Try scanning and cleaning with MalwareBytes AntiMalware (free):

http://www.malwarebytes.org/ >

If it does not work in normal mode, boot up in safe mode and scan (you must have the latest data updates, however).  Then scan using normal mode again.

Also scan with TDSSKiller:

http://www.bleepingcomputer.com/download/tdsskiller/ >
0
 
LVL 22

Expert Comment

by:Haresh Nikumbh
ID: 39165509
The csrss.exe file included with Microsoft Windows is not spyware, a trojan, or a virus. However, like any file on your computer it can become corrupted by a virus, worm, or trojan. antivirus programs can detect and clean this file if it has become infected. Because this file is part of Microsoft Windows users should never delete or remove this file if they think it is infected, let the antivirus program handle it.

http://support.microsoft.com/kb/555021

If its taking 100% CPU utilization then create new profile and install Microsoft Security essential, its good antivirus and spyware removal.
0
 
LVL 24

Accepted Solution

by:
aadih earned 500 total points
ID: 39165516
Oops. First, however, do a system restore to say (yesterday).
0
Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 39165522
You need CSRSS.exe.  It may be infected, but you can't just delete the file.  If you can boot, open a command prompt and run SFC /SCANNOW.
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 39165618
Running MBAM is good suggestion. However you should run RogueKiller before running the MBAM.

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 

Author Comment

by:frankbustos
ID: 39165809
ok, so i ran these three below and they've come back with no threats found....

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

i'm downloading microsoft security essentials now...
0
 
LVL 24

Expert Comment

by:aadih
ID: 39165828
Your PC is clean.

What problem are you having now?
0
 

Author Closing Comment

by:frankbustos
ID: 39166015
aadih, i did  a system restore and everything is back to normal. thanks so much!
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question