well comodo firewall pro poped a message up yesterday about csrss.exe tring to go to the internet and i blocked it and ever sence i blocked it csrss.exe is runing up 100% CPU useage when ever i connect to the internet so i was wondering if there was a way to unblock it?
Hi Ghost57, welcome to the forums.
If the block was created by a Deny-Remembered, then you’ll need to look for CSRSS.EXE in the Component Monitor, or failing that, the Application Monitor (this would indicate that it was CSRSS+something else). If it was a Deny-Not-Remembered, then a simple reboot will clear the block. If you check CFPs Log (Activity tab), then you should be able to find where CFP alerted you to CSRSS.EXE & this will probably indicate which bit of CFP to check for the block.
Hi Ghost57, welcome to the forum.
Csrss.exe is the Microsoft client/server run-time subsystem and is normally found in %Windows%\System32. There is no reason for this to access the Internet. There are, however, a number of possible infections (viruses/worms) that may have entered your PC, pretending to be csrss.exe.
The first thing to do, before allowing this exe to access the Internet, is check to make sure it’s the legitimate version.
You can obtain further information here:
http://www.auditmypc.com/process/csrss.asp
Toggie
im downloading the comodo anti-virus now and in an hr or so when it gets done im going to scan my pc with it will it tell me if my csrss.exe is legit or not?
Edit:my Security Task Manager says that csrss.exe has a 90+ risk dont know if this means any thing or not
I haven’t used Security Task Manager, but I assume it bases it’s rating on known threats and of course csrss.exe is a possible threat.
As far as I am aware, the real file should only be in the directory I mentioned above. Here’s the detail of mine:
[attachment deleted by admin]
mines a fake i think
[attachment deleted by admin]
It very much looks that way, the file size is wrong and the date is too recent. It’s also in the wrong directory. At least you have it blocked. Now, however, you have to consider how to clean your system.
If your unsure how to remove this, you could post a query here:
Virus/Malware Removal Assistance
Toggie
its not blocked its still runing at 100% and the AV didnt detect it i just rememberd when it was trying to go on the internet when i denyed it i didnt click remember but there is an csrss.exe in my app mon maybe if i block it?
Edit: Jotti’s Scan of csrss.exe
Service load:
0% 100%
File: csrss.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file’s scan results will not be stored in the database)
MD5 77a9fd1cd6aa2ad137e53aaff18b77f3
Packers detected:
PE_PATCH.UPX, UPX
Scanner results
Scan taken on 05 Jun 2007 03:45:38 (GMT)
A-Squared
Found nothing
AntiVir
Found TR/Agent.141606
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan-Downloader.Win32.Agent.bl
Fortinet
Found W32/Agent.BL!tr.dldr
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.Agent.bl
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found Trj/Agent.FHZ
Rising Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found Trojan-Downloader.Win32.Agent.bl
its fixed one of my AVs detected it after i scaned the fake csrss.exe
Hey if csrss.exe is running under your user name its a virus. If its running under system its not. you can find that out in task manger. its a virus hacking your passwords. i found that out on google to block it and terminate it go to: Comodo, Defense, Active process list, scroll down until u see it, then right click it and click terminate and quarantine.It also works with any other virus