Useless processes running on your pc? csrss.exe
 

Is there any reason I should not delete this file.

csrss.exe

I know what it is. I want to delete it. There is some confusion about it being benign or not.

I downloaded some software and my pc bogged down.
It is one of two running.

I got it cornered in my program files. I am going to delete the thing that makes it duplicate. My finger resting on the delete button ready to execute it.

wait!

lol


I am not doing anything rash until I know for sure.


I can't stand the half answers when I google it. "Oh it's ok" " It is windows enviroment..blah blah blah but it can be exploited and can look like similar files and so ...to make sure download half a dozen spy ware products that have loads more spy ware products on them" bah!

csrss does something important. Forgot what. If you remove it using task manager, it will return.

However there is one process that I cannot discover a purpose. Wbemcore. It makes a computer consume 100% CPU time when nothing else it executing. MS documents say it performs an essential Windows function. But the task is defined cryptically - simple to the reasons that proved Saddam had WMDs. When I remove it, Windows works fine.

Apparently Wbemcore does some kind of maintenance function. But it also slows other processes noticeably. That is one I would ask about (it is part of one of the Svchost tasks - the one that is consuming so much CPU time).

csrss.exe is both an important Windows process and a trojan running under the same name. I believe csrss has something to do with card readers or client/server.

If you have Process Explorer (link to Microsoft Download) or another improved task manager, it will give you a full name and the Company name, although this can be faked.

crss.exe is definitely a trojan/virus.

From here

So if you do START-RUN and start MSCONFIG, you should not see CSRSS.EXE in the list. If you do, you definitely have the trojan. If that's the case, search your hard drive and remove the one that is not in your system folder.

Here are basic instructions.

Good Hunting.

I think csrss.exe is ok, CSRSS.EXE is the trojan.

Not sure about caps/non-caps, but crss.exe (without an s after the c) is a trojan. In that case they used a name similar to, but not exactly the same as csrss.

yay I just ran msconfig and it is not in my start up.
Thanks rich and bruce

My memory and my cpu runs pretty low usually so it must have been the serif software I downloaded hogging resources for a moment.



All I knew was the csrss is exploitable or helpful process a trojan or both so thanks for the imput.

( @ tw I usually find a task or process list online that explains each function but the list I found today had conflicting information. )

Brought to you by Microsoft. This little service announcement.

Acknowledgments
Microsoft thanks the following for working with us to help protect customers:
•Tim Garnett of Determina Security Research for reporting the MsgBox (CSRSS) Remote Code Execution Vulnerability - CVE-2006-6696

The trojan could be anything looking similar. You're both right I'm sure.

CSRSS - wait a minute!
 

CSRSS.exe is the Client Server Runtime Subsystem.

Source: http://en.wikipedia.org/wiki/CSRSS

If you had deleted that and it was the real thing, you would not be typing on that computer.

It does not appear in the startup sequence at all. If you see it there, delete it using AutoRuns.

Wbemcore is used for Windows Management Instrumentation, aka WMI. It's used to keep the internal DB of hardware/software data used by that current. I've had issues with this before, including ones where it caused issues with Microsoft Installer. To fix that issue, run the following from Safe Mode:

http://www.microforge.net/kb/102

Thanks,

Mitch

Thanks Mitch

Also check out -

http://www.what-is-exe.com/

It doesn't have every possible program, but it does help.....

Ah, my bad. Thought you had just misspelled it. :o