Thread Closed 
 
Thread Rating:
  • 1 Votes - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Remove CSRCS.exe virus
09-05-2009, 09:35 PM
Post: #1
Remove CSRCS.exe virus
CSRCS.exe is a virus or trojan specifically and is located in Windows system32 folder. Known file sizes on Windows XP are 49,152 bytes (41% of all occurrence), 503,426 bytes, 453,788 bytes, 510,270 bytes, 419,942 bytes, 453,648 bytes, 41,936 bytes, 454,656 bytes, 496,756 bytes, 484,420 bytes.

Removing CSRCS.exe is not very difficult.
csrcs.exe virus lacks file description and appears to user like an important Windows system file. This virus or trojan downloader is loaded duridng the Windows boot process and could be under any or all of the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce.

As mentioned CSRCS.exe stays invisible under hidden and readonly attributes. It is an unknown file in the Windows system32 folder which is typically installed in C:\Windows\System32 assuming C: is the root drive where windows is installed. It listens for or sends data on open ports to LAN or Internet. csrcs.exe is able to monitor applications, hide itself, record inputs, manipulate other programs.

If you have a firewall installed, it may pop message that CSRCS.exe is trying to connect or access internet or something similar. In such cases, you just block the attempt as it'll invariably try to download more malicious content and may send important data to the attacker.

Lets remove CSRCS.exe
It is ususally registered as W32.Spybot.CF Virus. While removing it make sure YOU DO NOT REMOVE CSRSS.exe which is an important file used by Windows. The attackers of this virus can access your computer and gain access to important data remotely.

To remove the trojan, do the following:

1. Scan the system with a good and updated Anti Virus. If you do not have time to do a complete virus scan, make sure you scan atleast your Windows folder and Windows\system32 folder specifically. Your antivirus may not detect the infection as in our testing it was found out that Avira Antivir completely failed to detect csrcs.exe as a virus.

2. Open Task Manager, locate csrcs.exe (not csrss.exe) under the processes tab and kill the process.

3. Click start -> run and type msconfig in the Run box, and then go to startup tab. Locate this exe file, if any, and then remove it from there as well. It'll prevent it from starting up.

5. Open windows explorer, click tools -> folder options -> view and check the radio box "show hidden files and folders" also uncheck "hide protected operating system files (recommended)"

It is important to do the above as only then we'll be able to see the file.

6. Go to your system 32 folder by start -> run -> and typing "system32" without quotes. Locate csrcs.exe and shift delete the file. Alternately, you can search the file using windows search in all the drives. Delete all the csrcs.exe instances you find.

Voila you have just manually killed a virus!

Make sure you do not touch CSRSS.exe which is important windows file and may make your system unstable should you temper or delete it accidently.

7. As a safeguard, go back to windows explorer and put a check against "hide protected operating system files" to hide the files again.

7. Reboot the PC for changes to take place.

See how easy it was to disinfect your system and Remove CSRCS.exe virus!
Visit this user's website Find all posts by this user
09-12-2009, 11:17 PM
Post: #2
More on Removing CSRCS.exe virus
If CSRCS.exe virus is not removed properly, users may get this error message
Windows cannot find 'csrcs.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

[Image: csrcs_error-1.jpg]


In order to remove this error, you will need to make sure you completely wipe out all instances of csrcs.exe from your system.

Generally this trojan or virus should be say places its entries in the registry keys. The one in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\R​un

[Image: csrcs.jpg]


You can use Autoruns utility to locate it and delete it as shown in the image above. This is not the it however. There is more to removing csrcs.exe so that the error message does not pop up again when you start your computer.

You will need to clean your registry with the csrcs.exe values.

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon and double click on shell in the right hand side pane.

[Image: csrcs_registry.jpg]


In the Edit string box, remove the csrcs.exe value leaving Explorer.exe intact there.

[Image: csrcs_changevalue.jpg]


Next is to search the registry for csrcs and delete all the values you come across with the name.
If you succesfully perform the steps above, you can rest assured that you have completely removed the virus from your system and there won't be any nag screens or pop ups.

NOTE: You have to be extremely careful that you only remove the entries with CSRCS and not CSRSS in the registry. Since registry editing is a dangerous process, it is always advisable to back up the registry before touching it and improperly modifying it may crop up errors and sometimes may make the system unusable. Remember we don't have to do the very thing manually that the viruses intend to do. Smile
Visit this user's website Find all posts by this user
10-16-2009, 02:22 PM
Post: #3
RE: Remove CSRCS.exe virus
Hi
Nice information sharing. csrss.exe is not a virus at all, DO NOT REMOVE IT, it stands for client server runtime subsystem, i thought it was a virus too at first but read up on it and realized that it was one of the main functions of the computer, and if you remove it, you will probably have the blue screen of death. what i suggest is downloading malwarebytes to your system and doing a full scan then erasing anything that comes up. many people try to tell you that csrss.exe is a trojan, virus, worm, etc. just to trick you, and the programs that u download from them to fix it just gives u worms and virus' and trojans, i hoped i helped!
Find all posts by this user
10-16-2009, 02:29 PM
Post: #4
RE: Remove CSRCS.exe virus
Yeah, I have seen on so many websites that CSRSS.exe is blamed as a virus or trojan which is false. That's why I had to mention specifically that users just remove CSRCS and NOT CSRSS. Thanks for highlighting it. You probably saved people from getting a BSOD!
Visit this user's website Find all posts by this user
03-04-2010, 12:05 AM
Post: #5
RE: More on Removing CSRCS.exe virus
thanks a lot! it really works!!Big GrinBig GrinBig Grin
Find all posts by this user
03-17-2010, 04:23 PM
Post: #6
RE: Remove CSRCS.exe virus
You have collect very nice information.I have given some tips.The csrsc.exe is a process which is registered as W32.Spybot.CF Virus. Don't be confuse it with csrss.exe which is an important file used by Windows.Csrcs.exe, also known to be created under: autolfb.exe, wscrt.exe, systemchk.exe.The process is not visible and loads during the Windows boot process and when started, it connects to a remote IRC server waiting for instructions to be executed. Csrcs.exe is known to be associated with a number of other threats.The attackers of this virus can access our computer and gain access to some important data remotely.Steps to remove this virus:-

1. Scan the system with a good and updated Anti Virus.
2. Open Task Manager, locate this exe.
3. Now type msconfig in the Run box, and then go to startup tab.
4. Locate this exe file, if any, and then remove it from there as well.
5. Now search the file in the C: drive.
6. Permanently delete the file csrcs.exe or csrsc.exe only from the computer.
7. Reboot the PC for changes to take place.

The virus should have gone.
Find all posts by this user
03-18-2010, 05:01 PM (This post was last modified: 03-18-2010 10:37 PM by Aakash.)
Post: #7
RE: More on Removing CSRCS.exe virus
Thanks for your Help. It works well.
Find all posts by this user
01-09-2011, 05:16 AM
Post: #8
RE: Remove CSRCS.exe virus
If you have a firewall installed, it may pop up message CSRCS.exe is trying to connect or access the Internet or something like that. In this case, you just try to stop, because it will always try to download more malicious content, and can be sent to the attacker's important data.
Find all posts by this user
02-01-2011, 04:22 PM
Post: #9
RE: Remove CSRCS.exe virus
Thanks for sharing!@!!!!!
Find all posts by this user
Thread Closed 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)