Jump to content


Recommended Posts

I just done a malware check and has found a malware as following : 

Memory Processes Detected: 1
C:\Windows\csrss.exe (Backdoor.Bot) -> 2620 -> No action taken.
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Backdoor.Bot) -> Data: "C:\Windows\csrss.exe" -> No action taken.
Files Detected: 1
C:\Windows\csrss.exe (Backdoor.Bot) -> No action taken.
I also found a csrss.exe in C:\Windows\System32\csrss.exe
My question is : is it wise to remove this? and is it truly a malware/Backdoor.bot? Because i has googled for a bit and found that csrss.exe is an important file in windows..
Link to post
Share on other sites

Welcome to the forum.

C:\Windows\csrss.exe <----this is the malware

C:\Windows\System32\csrss.exe <---this is the correct file in the correct location

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)




Link to post
Share on other sites

Weird, i just restart my laptop and i find no sign of the .exe..


The only previous problem that i encounter with the file is when i quarantine it, i become unable to open some installer like CCCP codec installer, but when i restore the file and whitelisted it, the installer run just fine..


I'll try to scan my laptop again to find out if it's still there and i'll notify you again when it reappeared.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.