Re: why got \??\ in the path ?

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/23/05

• Next message: Derek D...: "Probable virus of some sort..."
• Previous message: Polaris: "why got \??\ in the path ?"
• In reply to: Polaris: "why got \??\ in the path ?"
• Next in thread: Lionel Fourquaux: "Re: why got \??\ in the path ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 23 Apr 2005 02:07:27 -0500

I don't know offhand the reason but I would download Process Explorer from
SysInternals to see what it shows in the process properties as the path.
Also on my computer XP SP2 Process Explorer shows in the image page of the
process properties that csrss.exe is "verified" from Microsoft Corp. which
means that it is digitally signed and authentic though not all MS files
related to processes are verified/signed. It certainly would not hurt to run
an antivirus program being sure to have the latest virus definitions before
scanning and maybe try the RootkitRevealer from SysInternals. --- Steve

http://www.sysinternals.com/ntw2k/freeware/procexp.shtml
http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml
http://www.liutilities.com/products/wintaskspro/processlibrary/csrss/ ---
info about csrss.exe

"Polaris" <etpolaris@hotmail.com> wrote in message
news:OFvC238RFHA.3496@TK2MSFTNGP12.phx.gbl...
> Hi Experts:
>
> Wrote a small program on XP to get a list of running processes. I used the
> GetModuleFileNameEx, EnumProcessModules to go through each process and get
> the process path, most of the returned path is ok, but noticed strange one
> below:
>
> \??\C:\WINDOWS\system32\csrss.exe (0x4A680000)
>
> Anyone knows why there is \??\ at the front of the path? Does that mean
> the csrss.exe is a virus? In task manager, the csrss.exe is running and
> cannot be stopped.
>
> Any thought is appriciated.
>
> Thanks In Advance!
>
> Polaris
>
>

---

• Next message: Derek D...: "Probable virus of some sort..."
• Previous message: Polaris: "why got \??\ in the path ?"
• In reply to: Polaris: "why got \??\ in the path ?"
• Next in thread: Lionel Fourquaux: "Re: why got \??\ in the path ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: why got ?? in the path ? ... I don't know offhand the reason but I would download Process Explorer from ... SysInternals to see what it shows in the process properties as the path. ... > Wrote a small program on XP to get a list of running processes. ... (microsoft.public.windows.server.security) Re: why got ?? in the path ? ... I don't know offhand the reason but I would download Process Explorer from ... SysInternals to see what it shows in the process properties as the path. ... > Wrote a small program on XP to get a list of running processes. ... (microsoft.public.security) Re: why got ?? in the path ? ... I don't know offhand the reason but I would download Process Explorer from ... SysInternals to see what it shows in the process properties as the path. ... > Wrote a small program on XP to get a list of running processes. ... (microsoft.public.windowsxp.security_admin) Re: why got ?? in the path ? ... I don't know offhand the reason but I would download Process Explorer from ... SysInternals to see what it shows in the process properties as the path. ... > Wrote a small program on XP to get a list of running processes. ... (microsoft.public.win2000.security) Re: Bugs in donkey.lib ... The persistence even in the face of clear proof using the Sysinternals ... Process Explorer after having developed the originals using Task ... Microsoft Task Manager 0% change ... of polling loops to be mistaken. ... (alt.lang.asm)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)