csrss.exe in winsxs

Tutorials Win: Microsoft Windows Forum

I saw somewhere that there are versions of csrss.exe which are malware.
The posts said that versions of csrss.exe that are not in the
windows/system32 directory are probably malware and should be deleted. I
did a search of my harddrive and found that there are in fact two
versions of csrss.exe, one in the windows/system32 directory and another
burried deep within the windows root directory. The file is the only
file sitting in this directory:

C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c

I tried to rename the file to see what happens but Vista told me that I
didn't have permission to do that (gotta love Vista!). Anyway, I did a
little research into winsxs and found this article interesting:

'Demystifying the WinSxS directory in Windows XP, Vista and Server
2003/2008 - Aaron Tiensivu's Blog'
(http://blog.tiensivu.com/aaron/archives/1306-Demystifying-the-WinSxS-directory-in-Windows-XP,-Vista-and-Server-20032008.html)

Could someone verify that another copy of csrss.exe is supposed to be
sitting in the winsxs directory?

Thanks


--
Meir
Top

Re: csrss.exe in winsxs by Dave

Dave
Thu May 08 23:14:59 PDT 2008

Meir wrote:
> I saw somewhere that there are versions of csrss.exe which are
> malware. The posts said that versions of csrss.exe that are not in the
> windows/system32 directory are probably malware and should be
> deleted. I did a search of my harddrive and found that there are in
> fact two versions of csrss.exe, one in the windows/system32 directory
> and another burried deep within the windows root directory. The file
> is the only file sitting in this directory:
>
> C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c
>
> I tried to rename the file to see what happens but Vista told me that
> I didn't have permission to do that (gotta love Vista!). Anyway, I
> did a little research into winsxs and found this article interesting:
>
> 'Demystifying the WinSxS directory in Windows XP, Vista and Server
> 2003/2008 - Aaron Tiensivu's Blog'
> (http://blog.tiensivu.com/aaron/archives/1306-Demystifying-the-WinSxS-directory-in-Windows-XP,-Vista-and-Server-20032008.html)
>
> Could someone verify that another copy of csrss.exe is supposed to be
> sitting in the winsxs directory?
>
> Thanks


I have csrss.exe in:

c:\windows\system32
c:\windows\winsxs\long garbled folder name
c:\windows\winsxs\backup

Plus various manifest files and other odd named files with
csrss embedded in the file name in the windows sub folders.

Don't be so paranoid and don't believe everything you read or hear about virus/malware.





Top