Hello @ ,
Welcome to the Webroot Community,
I've done some reserach of csrss
csrss.exe is the user-mode portion of the Win32 subsystem (Win32.sys is the kernel-mode portion) and the main executable for the Microsoft Client/Server Runtime Server Subsystem. It is responsible for managing most graphical commands in Windows, console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment. This process is important for stable and secure operation of your system and should not be terminated. Determining whether csrss.exe is malware or a legitimate Windows process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate csrss.exe file is located in the C:WindowsSystem32 folder but you may find legitimate copies in other folders such as:
C:i386
C:Windows$NTServicePackUninstall$
C:WindowsServicePackFilesi386
C:MiniNTsystem32
If found running from a different location, it's usually indicative of malware.
My best advice is to submit a Support Ticket so they can look into this for you and this is free of charge with an activve subscription.
Hope this helps,
Kind Regards,
Welcome to the Webroot Community,
I've done some reserach of csrss
csrss.exe is the user-mode portion of the Win32 subsystem (Win32.sys is the kernel-mode portion) and the main executable for the Microsoft Client/Server Runtime Server Subsystem. It is responsible for managing most graphical commands in Windows, console windows, creating and/or deleting threads, and some parts of the 16-bit virtual MS-DOS environment. This process is important for stable and secure operation of your system and should not be terminated. Determining whether csrss.exe is malware or a legitimate Windows process usually depends on the location (path) it is running from. One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides and runs from there. The legitimate csrss.exe file is located in the C:WindowsSystem32 folder but you may find legitimate copies in other folders such as:
C:i386
C:Windows$NTServicePackUninstall$
C:WindowsServicePackFilesi386
C:MiniNTsystem32
If found running from a different location, it's usually indicative of malware.
My best advice is to submit a Support Ticket so they can look into this for you and this is free of charge with an activve subscription.
Hope this helps,
Kind Regards,
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.