Csrss.exe
Csrss.exe is a legitimate file and necessary for the smooth functioning of a Windows XP or Windows Server 2003 operating system. However, many kinds of malware may pretend to be Csrss.exe files to hide on your system. There are a number of signs, such as location, memory used and file size that can be used to determine whether a particular Csrss.exe is malicious or genuine. Finding a fake Csrss.exe is always signs of an infection, and should be dealt with just as you'd handle any virus.
The Cracks in the Csrss.exe Disguise
If you're using Windows XP or Windows Server 2003, Csrss.exe is kept running continuously, and your computer can't operate properly without Csrss.exe. You shouldn't ordinarily notice this, however, because Csrss.exe has a very low memory usage of around 3K to 4K. As a frame of reference, this is no more taxing on your system than Notepad. If you open Windows Task Manager and see a Csrss.exe that is taking up far more memory than that, or is taking up more and more memory over time, then it's an infection.
Another way to detect a bad Csrss.exe file is to look at the location and file size. Your Csrss.exe file will always be in the System32 subfolder of your Windows folder. Any Csrss.exe files anywhere else are infections. Csrss.exe is also only 6 kilobytes in size, and many Trojans and other infections will be easy to recognize by significantly divergent file sizes.
The final way to know you have a Csrss.exe that doesn't belong is if you're running any operating system other than Windows XP or Windows Server 2003. Csrss.exe isn't used by any other operating system, including other versions of Windows. Seeing a Csrss.exe process running on any other OS is a sure sign of malware being aboard.
Smacking Down the Imposter Windows-antivirus.net
For users of Windows XP or Windows 2K3, it can be a tad more difficult to stop a malware Csrss.exe, since the system will usually prevent you from shutting down the process in Task Manager. The remedy to this is to stop Csrss.exe from starting up to begin with, which can be done through a simple Safe Made reboot. An anti-malware scan will then be able to detect and remove the malware safely without any major risk of system damage. Manual removal is also possible, but you should take care to remember the identifying characteristics of the true Csrss.exe and not delete it by mistake. Doing so could damage your computer!
Csrss.exe infections have been reported to cause keylogging, pop-ups and browser hijacking. Since putting up with a Csrss.exe imposter can put both your privacy and the safe operation of your computer at risk, you shouldn't wait to deal with an infection so daring or so potentially serious.
Dear sir
i have a problem in step 2 that i can't kill csrss process because when i try to end this process i get a system error which can't end this process .
what i can do ?!!!!
thanx very much
Can anyone confirm my thoughts about verifing a .exe program? Should all legitimate ones found in the task manager have some properties to them? Answer me back if you can help me with this question,Thanks ! (I recently open my task mng.looking 4 rouge stuff and found csrss.exe and searched it on this site and I think I have to remove it but just want to be sure for the future u know)
i tried to delete the process and i got blue screen error. i tried twice in safe mode and i still got the blue screen error so i searched for the registry values and they appeared to be non existent. please help!
I have a Vista machine. Using Task Manager, I can see CSRSS running as a process (the user name is blank). I can’t stop or delete the process. Doing DIR from a command prompt on C:\, I have identified the directory that csrss.exe is in, but I can’t do a DEL (access denied). When running regedit, I am unable to find a reference for csrss.exe by automatic or manual searching means.
If you can offer any direction this, that would be great.
Phil
Dear Sirs,
When in safe-mode I opened the Windows Task Manager and I found in two places the Csrss.exe, then right-clicked the one and selected "End Process" key but the only think that happened was to crash the system and restart the computer.
What should I do to remove the Csrss.exe ??
Dear sir i have a problem in step 2 that i can\'t kill csrss process because when i try to end this process i get a system error which can\'t end this process . what i can do ?!!!! thanx very much
After deleting all temporary files and folders you can from the date you noted the infection.....in regulare safe mode.
1) Shut down and restart in Safe Mode (Command Prompt)
2) Type "regedit"
3) Search (Edit/Find) for "Csrss.exe"
4) Delete the command line containing the file.
5) Reboot
all the procedures mentioned above won\'t work. Once you boot it is still there. That procedure is only to know that your pc is infected. The effective procedure to permanently delete the cssrs.exe is to use clean host(another clean pc or through a network.) then delete by the use of clean pc, that\'s easy figure that out, or use online remover free in the internet just search for it or if you are not online just reformat and reinstalled apps. Almost all anti-virus won\'t work.
HOPE THIS IS REAL...CURES...AND EFFECTIVE.