csrss.exe?

[Kumatech]

I just done a malware check and has found a malware as following : 

 

Memory Processes Detected: 1

C:\Windows\csrss.exe (Backdoor.Bot) -> 2620 -> No action taken.

 

Registry Values Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Client Server Runtime Process (Backdoor.Bot) -> Data: "C:\Windows\csrss.exe" -> No action taken.

 

Files Detected: 1

C:\Windows\csrss.exe (Backdoor.Bot) -> No action taken.

 

I also found a csrss.exe in C:\Windows\System32\csrss.exe

 

My question is : is it wise to remove this? and is it truly a malware/Backdoor.bot? Because i has googled for a bit and found that csrss.exe is an important file in windows..

 

Thanks.

[MrCharlie]

Welcome to the forum.

C:\Windows\csrss.exe <----this is the malware

C:\Windows\System32\csrss.exe <---this is the correct file in the correct location

Please find this file and upload to VirusTotal for a free scan, let me know the results (just copy back the url)

C:\Windows\csrss.exe

http://www.virustotal.com/

MrC

[Kumatech]

Weird, i just restart my laptop and i find no sign of the .exe..

 

The only previous problem that i encounter with the file is when i quarantine it, i become unable to open some installer like CCCP codec installer, but when i restore the file and whitelisted it, the installer run just fine..

 

I'll try to scan my laptop again to find out if it's still there and i'll notify you again when it reappeared.

 

Thanks.

[MrCharlie]

OK.....MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.