Re: How to tell the running process--csrss.exe is malicious or not?
From: Galen (galennews_at_gmail.com)
Date: Mon, 25 Apr 2005 10:19:28 -0400
john <firstname.lastname@example.org> had this to say:
My reply is at the bottom of your sent message:
> From the information about csrss.exe on the internet, it could be
> normal process or virus.
> But how can I find out its true attributes? By some specific
> software, or not?
> Thank you.
It's actually potentially a legitimate file but, as you've been told, it's
also potentially a virus. It's normally the main exe file for the Microsoft
Client/Server Runtime Server Subsystem but it's also capable of being a
number of viruses and trojans. Here's some varied links if they are what
you're really interested in.
www.grisoft.com - AVG
www.antivir.com - AntiVir
http://www.my-etrust.com/microsoft/index.cfm - CA eTrust
www.lavasoft.de - AdAware
http://security.kolla.de/ - Spybot
Microsoft Anti-Spyware Beta
www.emsisoft.com/en/software/free/ - a Squared
http://swatit.org/ Swat It
Before cleaning download this:
LSP-Fix - a free program to repair damaged Winsock 2 stacks:
Use that should cleaning out your PC remove or damage your in-place winsock
and you can't connect to the internet.
>From the virus and trojan category pick one application, they're all free,
download it and install it. Make sure that you update it. From the spyware
category pick all three, download them and update them to the latest
definitions. Reboot, press the F8 key over and over again, from the menu
select Safe mode without networking. Do your cleaning in there. Reboot to
regular mode and run the scans again. This isn't going to be quick or easy
but it might just solve your problems and it should prevent you from further
problems so long as you keep them updated and scan often. Most of them can
be enabled to update and scan automatically.
-- Signature changed for a moment of silence. Rest well Alex and we'll see you on the other side.