Is csrss.exe a malware

When I opened my pc and done my usual activity there's a notification that says that do I want to allow a program to make changes to my computer from an unknown publisher.The program name was csrss.exe ,the publisher is unknown, and the program location is C:\Program Data\csrss.exe  .Please help me also to remove the program if csrss.exe is a malware
 

Question Info


Last updated October 10, 2019 Views 1,766 Applies to:

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

And your current anti-virus/anti-malware application would be...?
--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Window Defender

4 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Assuming Win8.1 64-bit...

We'll need to do some "digging" here. Please answer each of the following [admittedly tedious] diagnostic questions in a correspondingly-numbered list in your very next reply, preferably without quoting this post:

1a. When (approx. date) did you purchase the computer?

1b. Did the computer come with Win8 (or Win8.1) preinstalled, did you do a clean install of Win8 (or Win8.1), or did you upgrade a (e.g., Win7) computer to Win8?

1c. Who manufactured the computer (e.g., Dell; HP; Lenovo; Acer)? 

1d. Have you ever done a Refresh or a Reset?

1e. Has Windows 10 ever been installed?

2. When (exact date) did the notification concerning CSRSS.EXE first start?

3a. What Definitions versions are currently displayed in Defender's Update tab?

3b. What Definitions last updated date?

3c. What happens when you click on the UPDATE button on that tab?

4. What third-party anti-malware applications (i.e., not Windows Defender!) are installed, if any?  What third-party firewall, if any?

5a. Has a Norton application or a McAfee application EVER been installed on the computer since you bought it?

5b. Did a Norton free-trial or a McAfee free-trial [pick one] come preinstalled on the computer when you bought it? (Doesn't matter if you never used or Activated it.)

6a. Speaking of tedious => Is KB3154070, KB3156013, KB3156016, KB3156019, KB3155178, KB3156059, KB3153171, KB3153704, KB3153199, KB3156017, KB3142030, and/or KB3155784 listed in Installed Updates (not Update History)? [1]

6b. How about KB3138615, KB3123862, KB3035583, KB2976978 and/or KB3044374?

7a. What Update Version & KB number are displayed in the second line of text in IE11's Help | About [Alt+H+A] tab; e.g., Update Version: 11.0.54 (KB1231231) ?

7b. Is Firefox version 46.0.1 (or higher) and/or Google Chrome version 51 (or higher) or any other alternate browser installed?

8. Is Adobe Flash Player v21.0.0.242 installed? TEST HERE USING INTERNET EXPLORER ONLY! => http://www.adobe.com/software/flash/about/ 

9. Are you in the habit of using "Registry cleaners" (e.g., Registry Mechanic; System Mechanic; RegCure; RegClean Pro; Advanced SystemCare; Total System Care; Glary Utilities; Registry Booster; McAfee QuickClean; AVG Quick CleanAVG PC TuneUp; Norton Registry Cleaner; Norton PC Tuneup; PCTools Optimiser; SpeedUpMyPC; FixMyPC; PC Doctor; TuneUp Utilities; WinMaximizer; WinSweeper; Comodo System Cleaner; Advanced System Optimizer; CCleaner Registry Cleaner component)?

====================================================
[1] Control Panel | Programs and Features | View installed updates (in left-hand menu)

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

PA Bear MS MVP,my answers are:

1a. 6/22/15

1b. It came with preinstalled windows 8

1c. Toshiba

1d. yes

1e. before I reset it

2.   5/25/16

3a. 1.221.817.0

3b. 5/28/16 

3c. It does it's normal work

4.   none

5a. yes

5b. yes

6a. KB3154070,KB3156019 and KB3153704

6b. KB 3123862 and KB 3035583

7a. 11.09600.18321

7b. only Google Chrome

8.   yes

9.   no 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

1. When (exact date, preferably) did you upgrade to Win10?

2. Was the upgrade offered & installed via Windows Update or did you choose to upgrade manually via the Media Creation Tool?

3a. When (exact date) did you do the "reset?"

3b. Not that it matters in the grand scheme of things but may I ask why you choose to go back to Windows 8.1?

4. Did you do a Reset or did you rollback to Windows 8.1?

5. Have you ever run the Norton Removal Tool and/or the McAfee Consumer Products Removal Tool since you purchased the computer?

  • Fact: Norton and McAfee applications are notorious for not uninstalling (or upgrading) cleanly. The "leftovers" may be your troublemaker here.

6. Are you telling us that KB3154070, KB3156019, KB3153704, KB3123862 and KB3035583 are listed in Installed Updates (not Update History) but...

KB3156013, KB3156019, KB3155178, KB3156059, KB3153171, KB3153199, KB3156017, KB3142030, KB3155784, KB3138615, KB2976978 nor KB3044374 are NOT listed?

7. Does the second line of text in IE11's Help | About tab read Update Versions: 11.0.31 (KB3154070) ?

8. Is Google Chrome version 51 (or higher) installed?

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

PA Bear:

1.  3/12/16

2.  I upgraded it manually

3a. 3/24/16 

3b. Because my pc's life when charged is shorter than when I was still using Windows 8.1

4.   I did a reset

5.   No,but after the reset I ran a AVG remover tool

6    No it is listed in update history and yes

7.   Yes

8.   Yes

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

1. Was the Win10 upgrade already being offered to the computer via Windows Update when you chose instead to upgrade manually in late March?

2. Had you ever done a Refresh or a Reset BEFORE you upgraded to Win10 manually?

3a. Has AVG (Free or paid) anti-virus ever been installed on the computer and if so, when (approx. date) did you install it?

3b. Was the AVG application installed when you chose to upgrade to Win10 manually?

4. When (approx. date) did you run the AVG Remover utility?

5. Had you already uninstalled the AVG application via Programs and Features | Uninstall an application before you ran the AVG Remover utility?

6a. Have you ever replaced the laptop battery?

6b. When you're running on external (i.e., AC) power for long periods of time, do you leave the battery in its bay or do you remove it?

  • Laptop batteries are typically engineered for a life-span of roughly two (2) years.

7. One more time: Are KB3156013, KB3156019, KB3155178, KB3156059, KB3153171, KB3153199, KB3156017, KB3142030, KB3155784, KB3138615, KB2976978 and/or KB3044374 listed in Installed Updates (not Update History)? [YES/NO]

=======================================

COMMENT: Chances are (99.99%) that the Toshiba came with a Norton free-trial or a McAfee free-trial preinstalled. Every time you do a Reset, the free-trialware is installed again (but invalid now). Fact: Norton and McAfee applications are notorious for not uninstalling (or upgrading) cleanly. The "leftovers" may be playing a role here.

NOTE: The file Csrss.exe is typically located in C:\Windows\System32 <=this folder. When located in C:\Program Data <=this folder., it's typically an indicatioin of an ongoing FBI MoneyPak Ransomware (AKA W32/Reveton) infection.

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

1.  No

2.  No

3a. Yes,5/25/16

3b. No

4.  5/25/16

5.  No

6a. No

6b. I leave it

7.  No

Comment:

When I went to delete the crss.exe it says that I don,t have the permission from TrustedInstaller to make changes in the file and I want to know where is the C:\Program Data.Thank you also for assisting me and helping me to remove crss.exe and I know you put a lot of effort to solve my problem.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

PA Bear:

        I'm so sorry and please forgive me for the wrong answer in no.7 I checked the installed updates and I saw that there were only 2 updates but I didn't wait for it to finish loading and when replied the first reply today I checked the installed updates and I saw many updates,I checked it and I found all the updates you are looking for.In short, the answer for no. 7 is yes.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

The information you've provided us in this thread very strongly suggest that you're seeing the effects of an ongoing FBI MoneyPak Ransomware (AKA W32/Reveton) infection.

My computer's infected! What do I do now?
    • http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
    • https://forums.malwarebytes.org/?showtopic=9573
    • http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=3071944
    • http://technet.microsoft.com/en-us/library/cc700813.aspx

I

MPORTANT! => The computer should NOT be connected to the internet or any local networks (i.e., other computers) in its current state. All business & personal data (including online banking & credit-card passwords) should be considered at-risk, if not already compromised.

You may obtain Microsoft-sponsored Premium (i.e., paid) Support via the Answer Desk => http://answerdesk.microsoftstore.com


====================================================
DISCLAIMER: Posted AS IS with no guarantees. MS MVPs neither represent nor work for Microsoft.

--
~Robear Dyer (PA Bear)
Microsoft MVP (Windows Client) since October 2002

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.