CSRSS.exe

Status
Not open for further replies.
G

girishrane

Posts: 27   +0
Hi,

I downloaded torrent powerISO(stupid me) and installed. It prompted me to reboot. After reboot my sygate firewall detected that csrss.exe is trying to connect to r.animeam.net[212.13.224.101] using remot port 8163. I got scared out of it man and I blocked it. Now I did complete virus scan using CA's etrust didnt find anything.
Now wat exactly it is? Is it spyware or trojan? How do I fix it?
Regards
Girish
 
Looks like you`ve got a trojan.

Go HERE and follow the instructions in the order they are given.

Post a fresh HJT log, only after doing the above.

Regards Howard :)
 
this may not be a trofan though, Csrss.exe is a windows process I know this b/c I had a sililar problem and I did a complete reformat of my HD and csrss.exe was still there and i checked my othyer systems running XP Home and they all displayed csrss.exe in the task mangers process tab

AMD
 
Thanks Guys

It disabled my etrust antivirus then
I checked with trend micro and CA online for viruses and there were no viruses and Trojans.
But while doing spyaudit, My Laptop froze and then I had to restart.
Now Its not restarting at all. It goes in to chkdsk mode but says
sector [number] unreadable
sector [number] unreadable (this looks to me strange though)
and goes on and then gives blue screen saying uninstall recently upgraded HW/SW.
My Harddrive is brand new and I installed it just 2 weeks back.

I'm really frustrated now. What would be the best way? reformat?
I got some really important docs there.

Is there a possibility that there is some new virus/worm that is killing the hard disk/boot sector?

Thanks for your help
Regards
Girish
 
It sounds to me like your hard drive is faulty.

Doing a format may solve the problem, then again it might not.

Regards Howard :)
 
Drive fitness test is showing its healthy !! What are the chaces of windows getting corrupted?

Thanks
Girish
 
girishrane said:
Drive fitness test is showing its healthy !! What are the chaces of windows getting corrupted?

Thanks
Girish
Click to expand...

That does happen sometimes.

Try doing a Windows repair as per this thread HERE.

If that doesn`t help, then maybe you`re going to have to consider a reformat.

Regards Howard :)
 
howard_hopkinso said:
CSRSS.exe is indeed a Windows process, but it can also be a trojan depending on where it is located.

Regards Howard :)
Click to expand...

I did not know that, thank you howard now if i have another problem i know that it may be a trojan

thanks for the info
 
Trojans etc, can use a variety of names, including some Windows file names. However, they are either not located in the proper directory, or they are in the proper directory, but the spelling is a little different.

Regards Howard :)
 
OK

I think i may have your problem solved.

Disclaimer: I am not responsible for any damage done to your machine. If your system breaks down to the point where you cant use it, im not responsible. you may have to reformat your harddrive.

Boot windows into safe mode. Heres how you do it:

When you see your boot image, press F8 several times. It will take you to Windows Advanced Startup Options. Choose 'Safe Mode'. It will show a list of system files it loads. This is normal.

When you have booted into safe mode(if your normal windows doesnt work), press ctrl+alt+del. It brings up windows task manager. Heres the tricky part. Look for "csrss.exe". Next to it, it should say 'SYSTEM' if it says owner or something else, end it.

Hope this works, but if not, read the disclaimer

regards, sw123(copying howard lol)
 
yes serious damage could be done to ur system since csrss.exe is labeled by windows as a "critical system process" so use EXTREME CAUTION, as he said u may have to reformat that means losing all personal files so weigh the benefits and the risks,if possible back up all documned to another media (CD/DVD, floppy, JumpDrive)
 
Yes back up all your personal data, as AMD said. Also, back up all your drivers for everything(graphics, sound, processor, motherboard, etc.)

Next time don't download that file next time
 
Thank you very much guys for your help.
I’m ready to format the drive but It’s the data that I want to backup desperately. I do have external Hard Drive so that I can back it up.(***** me I should have done that in timely manner)
when I try to repair after booting by CD it says partition is unformatted or damaged.
So I’m unable to repair or even install a fresh copy of windows.

So what would be the next step?IS it possible to repartition and install?
Thanks
 
Yes its possible. But it seems your trojan is preventing that from happening. If it just wont get off, I would just trash your old hard drive, back up your clean personal data and get a replacment harddive. It almost seems your trojan is impossible to remove. Or, you can try running Norton Anti-Virus 2005. I have it and it detects and removes viruses, and fixes any registry errors also.

Hope I helped!

sw123
 
have you tried to do a low level format? it will wipe all data and partitions off the hdd and make it back to a condition like it just left the factory.... download the utility reletive to your hdd maker then try to repartition and install windows on it...

three most common ones:
www.seagate.com ->diskwizard or disk doctor
www.maxtor.com ->powermax
www.westerndigital.com ->data lifeguard (cant remember)
 
Thanks Guys
This is what I tried.
I tried to Install WINXP on my external USB drive but it didn’t boot after install and gave me 7B error.
Then I changed the Bios settings 32 bit block enabled. It worked it booted very slowly and took well long time but it did. I copied important files and reformat it. But now I get SMART failure error. This drive is still in warranty so I’m gonna send this back to Toshiba. But then this is second drive failed in 5 months. I’m just wondering what could be the problem.
Regards
Girish
 
I think your trojan has infected the real csrss.exe, so I would boot from Windows XP cd and recopy csrss.exe. See what that does.
 
Status
Not open for further replies.

Similar threads

midian182
Man says bingeing Starfield saved his family from a fire
Replies
9
Views
470
Kam7r
K
janda
  • Locked
Inactive Multiple infection CoinMiner.BLF + Ramnit.A + Wacatac.C!ml + Occamy.CAC + DOS attack
Replies
5
Views
3K
Broni
Broni
midian182
Days Gone dev: If you love a game and want a sequel, buy it at full price
2
Replies
35
Views
3K
Gypsygib
Gypsygib

Latest posts

Back