csrss.exe in winsxs

I saw somewhere that there are versions of csrss.exe which are malware.
The posts said that versions of csrss.exe that are not in the
windows/system32 directory are probably malware and should be deleted. I
did a search of my harddrive and found that there are in fact two
versions of csrss.exe, one in the windows/system32 directory and another
burried deep within the windows root directory. The file is the only
file sitting in this directory:

C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d 7e415ae4c

I tried to rename the file to see what happens but Vista told me that I
didn't have permission to do that (gotta love Vista!). Anyway, I did a
little research into winsxs and found this article interesting:

'Demystifying the WinSxS directory in Windows XP, Vista and Server
2003/2008 - Aaron Tiensivu's Blog'
(http://blog.tiensivu.com/aaron/archi...-20032008.html)

Could someone verify that another copy of csrss.exe is supposed to be
sitting in the winsxs directory?

Thanks


--
Meir

Meir wrote:
> I saw somewhere that there are versions of csrss.exe which are
> malware. The posts said that versions of csrss.exe that are not in the
> windows/system32 directory are probably malware and should be
> deleted. I did a search of my harddrive and found that there are in
> fact two versions of csrss.exe, one in the windows/system32 directory
> and another burried deep within the windows root directory. The file
> is the only file sitting in this directory:
>
> C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d 7e415ae4c
>
> I tried to rename the file to see what happens but Vista told me that
> I didn't have permission to do that (gotta love Vista!). Anyway, I
> did a little research into winsxs and found this article interesting:
>
> 'Demystifying the WinSxS directory in Windows XP, Vista and Server
> 2003/2008 - Aaron Tiensivu's Blog'
> (http://blog.tiensivu.com/aaron/archi...-20032008.html)
>
> Could someone verify that another copy of csrss.exe is supposed to be
> sitting in the winsxs directory?
>
> Thanks


I have csrss.exe in:

c:\windows\system32
c:\windows\winsxs\long garbled folder name
c:\windows\winsxs\backup

Plus various manifest files and other odd named files with
csrss embedded in the file name in the windows sub folders.

Don't be so paranoid and don't believe everything you read or hear about virus/malware.

what he is claiming is a spyware or malware is true. I have the EXAC
same folder name, with a csrss.exe in it- and even console recovery (th
vista equivalent) can't touch it- and it isn't the appropriate file siz
(should be almost exactly 6kb, is instead 7.5kb) and a duplicate (thi
is how it is confirmed to be a virus) of csrss.exe running on my machin
as a process. Also, i have an additional copy of csrss.exe saved in m
folders! You can also check the created or last edited date to coincid
with your computer's OS install time- if it is off, then its been adde
at a different time...another indicator of malware
Also, yes, that particular folder name has the VIRUS version o
csrss.exe in it. It is particularly agitating, as it is blockin
windows update, destroys antispyware programs, randomly disconnects m
internet, and is overall a problem. This is most likely a remot
takeover trojan or a keylogger/password stealer
Don't be so quick to tell users they don't have a virus. Callin
people paranoid is quite rude

--
abnerjames

abnerjames <> wrote:

>Don't be so quick to tell users they don't have a virus. Calling
>people paranoid is quite rude!

You are a dumbass: the post you replied to was written OVER A YEAR AGO
and the person who wrote it isn't using that awful Usenet gateway you
are using so he won't even know you replied.