|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
05-08-2008
| #1 (permalink) |
| Vista Home Premium 32bit | csrss.exe in winsxs I saw somewhere that there are versions of csrss.exe which are malware. The posts said that versions of csrss.exe that are not in the windows/system32 directory are probably malware and should be deleted. I did a search of my harddrive and found that there are in fact two versions of csrss.exe, one in the windows/system32 directory and another burried deep within the windows root directory. The file is the only file sitting in this directory: C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c I tried to rename the file to see what happens but Vista told me that I didn't have permission to do that (gotta love Vista!). Anyway, I did a little research into winsxs and found this article interesting: Demystifying the WinSxS directory in Windows XP, Vista and Server 2003/2008 - Aaron Tiensivu's Blog Could someone verify that another copy of csrss.exe is supposed to be sitting in the winsxs directory? Thanks |
My System Specs |
|
05-09-2008
| #2 (permalink) |
| | Re: csrss.exe in winsxs Meir wrote: Quote: > I saw somewhere that there are versions of csrss.exe which are > malware. The posts said that versions of csrss.exe that are not in the > windows/system32 directory are probably malware and should be > deleted. I did a search of my harddrive and found that there are in > fact two versions of csrss.exe, one in the windows/system32 directory > and another burried deep within the windows root directory. The file > is the only file sitting in this directory: > > C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c > > I tried to rename the file to see what happens but Vista told me that > I didn't have permission to do that (gotta love Vista!). Anyway, I > did a little research into winsxs and found this article interesting: > > 'Demystifying the WinSxS directory in Windows XP, Vista and Server > 2003/2008 - Aaron Tiensivu's Blog' > (http://blog.tiensivu.com/aaron/archi...-20032008.html) > > Could someone verify that another copy of csrss.exe is supposed to be > sitting in the winsxs directory? > > Thanks I have csrss.exe in: c:\windows\system32 c:\windows\winsxs\long garbled folder name c:\windows\winsxs\backup Plus various manifest files and other odd named files with csrss embedded in the file name in the windows sub folders. Don't be so paranoid and don't believe everything you read or hear about virus/malware. |
| My System Specs |
|
07-24-2009
| #3 (permalink) |
| vista home premium 32bit | Re: csrss.exe in winsxs what he is claiming is a spyware or malware is true. I have the EXACT same folder name, with a csrss.exe in it- and even console recovery (the vista equivalent) can't touch it- and it isn't the appropriate file size (should be almost exactly 6kb, is instead 7.5kb) and a duplicate (this is how it is confirmed to be a virus) of csrss.exe running on my machine as a process. Also, i have an additional copy of csrss.exe saved in my folders! You can also check the created or last edited date to coincide with your computer's OS install time- if it is off, then its been added at a different time...another indicator of malware. Also, yes, that particular folder name has the VIRUS version of csrss.exe in it. It is particularly agitating, as it is blocking windows update, destroys antispyware programs, randomly disconnects my internet, and is overall a problem. This is most likely a remote takeover trojan or a keylogger/password stealer. Don't be so quick to tell users they don't have a virus. Calling people paranoid is quite rude! |
| My System Specs |
|
10-08-2009
| #4 (permalink) |
| Vista Home Premium 32bit | Re: csrss.exe in winsxs  Quote: Originally Posted by Dave  Meir wrote: Quote: > I saw somewhere that there are versions of csrss.exe which are > malware. The posts said that versions of csrss.exe that are not in the > windows/system32 directory are probably malware and should be > deleted. I did a search of my harddrive and found that there are in > fact two versions of csrss.exe, one in the windows/system32 directory > and another burried deep within the windows root directory. The file > is the only file sitting in this directory: > > C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c > > I tried to rename the file to see what happens but Vista told me that > I didn't have permission to do that (gotta love Vista!). Anyway, I > did a little research into winsxs and found this article interesting: > > 'Demystifying the WinSxS directory in Windows XP, Vista and Server > 2003/2008 - Aaron Tiensivu's Blog' > (Demystifying the WinSxS directory in Windows XP, Vista and Server 2003/2008 - Aaron Tiensivu's Blog) > > Could someone verify that another copy of csrss.exe is supposed to be > sitting in the winsxs directory? > > Thanks c:\windows\system32 c:\windows\winsxs\long garbled folder name c:\windows\winsxs\backup Plus various manifest files and other odd named files with csrss embedded in the file name in the windows sub folders. Don't be so paranoid and don't believe everything you read or hear about virus/malware. What abnerjames said is still applicable. Make sure that the two csrss.exe files were created on the same date, have the same file size, and were created by Microsoft. |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| What is csrss.exe? | Vista security | |||
| Csrss.exe ?!? | General Discussion | |||
| csrss | Vista security | |||
| csrss.exe | Vista General | |||
| csrss.exe | Vista General | |||
