Solved

how to remove csrss.exe?

Posted on 2013-05-14
8
677 Views
Last Modified: 2013-11-22
hi experts,
 
 it looks like i have a trojan on my computer. a lot of services have stopped and i have a lot of errors in even viewer. What is the best way to remove this?
0
Comment
Question by:frankbustos
8 Comments
 
LVL 24

Expert Comment

by:aadih
Comment Utility
Try scanning and cleaning with MalwareBytes AntiMalware (free):

< http://www.malwarebytes.org/ >

If it does not work in normal mode, boot up in safe mode and scan (you must have the latest data updates, however).  Then scan using normal mode again.

Also scan with TDSSKiller:

< http://www.bleepingcomputer.com/download/tdsskiller/ >
0
 
LVL 21

Expert Comment

by:Haresh Nikumbh
Comment Utility
The csrss.exe file included with Microsoft Windows is not spyware, a trojan, or a virus. However, like any file on your computer it can become corrupted by a virus, worm, or trojan. antivirus programs can detect and clean this file if it has become infected. Because this file is part of Microsoft Windows users should never delete or remove this file if they think it is infected, let the antivirus program handle it.

http://support.microsoft.com/kb/555021

If its taking 100% CPU utilization then create new profile and install Microsoft Security essential, its good antivirus and spyware removal.
0
 
LVL 24

Accepted Solution

by:
aadih earned 500 total points
Comment Utility
Oops. First, however, do a system restore to say (yesterday).
0
 
LVL 33

Expert Comment

by:paulmacd
Comment Utility
You need CSRSS.exe.  It may be infected, but you can't just delete the file.  If you can boot, open a command prompt and run SFC /SCANNOW.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 29

Expert Comment

by:Sudeep Sharma
Comment Utility
Running MBAM is good suggestion. However you should run RogueKiller before running the MBAM.

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 

Author Comment

by:frankbustos
Comment Utility
ok, so i ran these three below and they've come back with no threats found....

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

i'm downloading microsoft security essentials now...
0
 
LVL 24

Expert Comment

by:aadih
Comment Utility
Your PC is clean.

What problem are you having now?
0
 

Author Closing Comment

by:frankbustos
Comment Utility
aadih, i did  a system restore and everything is back to normal. thanks so much!
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now