• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 701
  • Last Modified:

how to remove csrss.exe?

hi experts,
 
 it looks like i have a trojan on my computer. a lot of services have stopped and i have a lot of errors in even viewer. What is the best way to remove this?
0
frankbustos
Asked:
frankbustos
1 Solution
 
aadihCommented:
Try scanning and cleaning with MalwareBytes AntiMalware (free):

http://www.malwarebytes.org/ >

If it does not work in normal mode, boot up in safe mode and scan (you must have the latest data updates, however).  Then scan using normal mode again.

Also scan with TDSSKiller:

http://www.bleepingcomputer.com/download/tdsskiller/ >
0
 
Haresh NikumbhSr. Tech leadCommented:
The csrss.exe file included with Microsoft Windows is not spyware, a trojan, or a virus. However, like any file on your computer it can become corrupted by a virus, worm, or trojan. antivirus programs can detect and clean this file if it has become infected. Because this file is part of Microsoft Windows users should never delete or remove this file if they think it is infected, let the antivirus program handle it.

http://support.microsoft.com/kb/555021

If its taking 100% CPU utilization then create new profile and install Microsoft Security essential, its good antivirus and spyware removal.
0
 
aadihCommented:
Oops. First, however, do a system restore to say (yesterday).
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
Paul MacDonaldDirector, Information SystemsCommented:
You need CSRSS.exe.  It may be infected, but you can't just delete the file.  If you can boot, open a command prompt and run SFC /SCANNOW.
0
 
Sudeep SharmaTechnical DesignerCommented:
Running MBAM is good suggestion. However you should run RogueKiller before running the MBAM.

I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

Basic Malware Troubleshooting
http://www.experts-exchange.com/A_1940.html

Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_4922.html

Stop-the-Bleeding-First-Aid-for-Malware
http://www.experts-exchange.com/A_5124.html

Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

Sudeep
0
 
frankbustosAuthor Commented:
ok, so i ran these three below and they've come back with no threats found....

1. RogueKiller/TheKiller
2. MalwareBytes
3. TDSSKiller

i'm downloading microsoft security essentials now...
0
 
aadihCommented:
Your PC is clean.

What problem are you having now?
0
 
frankbustosAuthor Commented:
aadih, i did  a system restore and everything is back to normal. thanks so much!
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now