csrss.exe – Here is the scoop on Ahlem.A Worm as it pertains to computer network security. The big question: what is csrss.exe and is it spyware, a trojan and if so, how do I get rid of Ahlem.A Worm?
csrss.exe (Ahlem.A Worm) – Details
The process named csrss.exe which runs on your computer normally can become infected with a strain of the Ahlem.A worm.
Csrss stands for Client Server Run-Time Subsystem which your Windows system depends upon and must be running at all times, unfortunately, programs like this are a high target for a virus like Ahlem.A Worm because you can’t delete the file without causing system wide problems.
Ahlem.A Worm is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of csrss.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information to websites.
CSRSS.EXE – Confusion
Csrss.exe is the Microsoft client server runtime which generates worker threads for client requests. The confusion over csrss.exe comes from Trojans or viruses that use the same executable name (.exe) as that of csrss.
Many spyware/malware programs use filenames of usual, non-malware programs.
The legitimate csrss.exe is part of the Microsoft client server software and is a very important part of the system which should not be removed.
One way to determine if csrss.exe is a legitimate file besides looking at the date modified is to right click on csrss.exe inside Task Manager and attempt to end process. Because csrss is a critical file, Microsoft should inform you with a message that csrss.exe is a critical system process and end it is not possible.
If you do not receive this message when attempting to end the csrss.exe process, then it may indeed be a virus. If you decide to terminate the csrss.exe process, make sure any applications are shutdown (such as word, etc) and that you have a backup of your data.
Any vulnerability should be removed immediately. If your have not already done so, you should visit our anonymous surfing section to make sure you are not giving away private information!
CSRSS.EXE – Disclaimer
Every attempt has been made to provide you with the correct information for csrss.exe or AHLEM.A WORM. Many spyware / malware programs use filenames of usual, non-malware programs. If we have included information about csrss.exe that is inaccurate, we would greatly appreciate your help by leaving a comment with the correct information below and we’ll do our best to correct it.
You should verify the accuracy of information we provided about csrss.exe.
I think the whole thing is a SCAM – just like I feel about BLUE REGISTER CLEANER.
Steve, you hit it on the money. I had the exact
Scenario you deacribe, and your directions fixed my long fought issue
Steve, you’re a star! Thank you, i’ll get to work on that now.
Thanks again
Syn
I successfully removed the file: “csrss.exe “, suddenly I got a pink screen that said “Fatal Error! Your hard drive crashed, You will need to format your hard disk”. What should I do?
Listen to what steve says. thats what i did and it works
csrss.exe is a virus and can not be deleted. What should I do? I need to have a fully functional computer clean … Can you please answer to this problem? Thank you
Hey take it easy. I’m VERY friendly but very vulnerable. Once I get infected, it’s over for you and I. It’s not my fault at all that you don’t have any security protocols or such that is sufficient enough to keep me clean and virus free! I’ll be missed with my other process buddies *tears* they’re going to need me to function correctly so instead of removing me, clean me!
I had the csrss.exe virus on my XP machine and I was able to eliminate it without any malware or anti-virus program (but its tricky). Here’s what I did: Open up Windows Taks Manager (CTRL_ALT_DEL) and click on the processes tab. If you have what I had, you will see three processes runing; conhost, dwm, and csrss (probably 2 csrss processes, the legitimate and the malware ones). Bring up your search window and search for dwm.exe. You will see several versions; some simply called dwm.exe and others with dwm.exe embedded in a long name in a Prefetch folder. You need to delete all of them, but first you need to kill the process in the Task Manager. Do it quickly before they regenerate. Then do the same for conhost.exe. The csrss is more difficult. Task Manager won’t let you kill it because it thinks it is a legitimate process. You can’t delete the file because the process is running, but do delete all of the Prefetch versions. What I did was rename the csrss.exe file (it was located in c:Tmp) to junk.txt. Now go into the Registry (Start, Run, regedit). READ THIS DISCLAIMER: There are legitimate versions and malware versions of csrss. The trick is eliminating the bad ones only. If you delete a good one, then it could seriously damage your Windows image, so err on the conservative side and only eliminate the ones that look suspicious (like why would Microsoft put a critical task file in a Tmp or Applications Data directory). If you don’t eliminate all of the bad ones, you just have to go through these steps again. To delete them, go to the top folder than do Edit, Find csrss. Continue to do Find Next until you find all of them. I had (I believe 2 legitimate instances and 2 bad ones). Next do the same thing for dwm and conhost. Now go back to the task manager and see if you have conhost or dwm running (you will still have 2 csrss processes running). Then do a search again on dwm, csrss, and conhost. If you see anything, you will have to do this all over again. If you have deleted everything, cross your fingers & reboot. Open up your task manager and you should only have one csrss process and no conhost or dwm. Congratulations!
a process named csrss.exe is running on a computer infected? ROFL csrss.exe is a file part of your system and the csrss is running on EVERY windows computer, if you end the process named csrss.exe then you get a blue screen of death,
I am using Windows XP and in my case the malicious csrss.exe was being loaded from this key in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
The Value was Load and the data was pointing to a csrss.exe that had got copied to my userprofile folder.
I also had two other rogue (conhost.exe and dwm.exe) processes that were being loaded from the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
csrss.exe is not a virus.. the virus is CSSRS.exe
my CSRSS removal have found many problems someone say it is virus and other say it is part of program
if it isn’t virus what for is then csrss removal???
I have this crsss.exe process running under image name. It used 1,548K memory out of 3Gb size physical memory. Can someone tell me whether csrss.exe is normal process or virus? My laptop runs Windw 7 operating system. Thanks a lot!
A good way to check if the csrss.exe process is a virus is to see how much ram the process is useing, if above 948k and around 20,948k its likely to be a trojan.
I already had Ad-Aware installed on my infected PC. I didn’t think it would help since all other apps likely to defeat the bogus csrss.exe were blocked from execution. I was astounded when it ran normally and thrilled when it quaratined the two offending files, csrss.exe and another app whose precise name I don’t recall (something like xjsgbugiwin.exe). It restored the original version of csrss.exe and problem solved.
Does anyone know if there is a product that can detect this sort of attack before it takes over the PC? I was thinking a more recent and sophisticated version of Ad-Aware (mine is a bit dated) or Kaspersky Internet Security 2010 might work.
be cerfull when removing it could damage your windows
I too have CSRSS.EXE problem. It canot remove by AVG. I will be pleased if u tell me the solution for this.
Well you know csrss.exe is not a virus by default, usually it´s a vital part of windows software, so just deleting it is not a good idea.
I found this program running in the background when I opened the Task Manager. So I did what you said and tried ending the process to see if it was a trojan or any other virus. When I did this, a little window came up saying “Access Denied”. So I guess it IS a legitimate file?
Please reply. Thank you.
I had the csrss.exe virus and worked at getting rid of it for a few days. I had a couple of other viruses that seemed to work with the csrss.exe one, once I got rid of the other ones using BitDefender 2010 I downloaded unlocker.exe to get access to the csrss.exe and the windows updater file in the system32 directory (the window updater file was also infected and wouldn’t allow any connection with MS (maybe I should have left it there..lol) In any event I then used the Unlocker.exe to override the access and move them to my desktop. Once I had them removed from the system32 directory I reboot my computer using the VISTA CD boot and did a repair and restore and everything is working well now.
Hope this helps someone.
I have use spyware doctor and Registry booter and it cleaned a lot of programs and the Windows Task Manager showed CPU usage back to normal then I restated the computer and the screen was blank I have tried to restore and that did not work I then tried running in safe mode and that did not work I am at a loss any help would be appreciated.
Hi Edward,
What I do is take the drive to another computer with personal antivirus and spyware removal software, install it as the secondary drive (making sure NOT to boot from that drive!) and then scan it. This has had a 100% success rate for me!
I also had the csrss.exe virus on my laptop and the immediate thing i had to do was to format my drive and install a new copy of my windows. I will be glad if you can send me an easier solution to delete the virus.
I am listening Ryan and I’d like you to come back to the Windows camp! I’d like to offer you 10 free hours of telephone support so that any future problems with csrss.exe can be resolved fast.
and to your question, it’s me, I’m your Daddy :)
csrss.exe is just trouble! – and I’m not happy! (Bill are u listening?)
I decided to ditch Windows – and go with MAC instead!
Who’s your daddy !
I’m having a huge problem with csrss.exe and think it’s the source of all my problems so I’m looking for ways to delete it.
after remove this file – I get blue screen!
how can i remove the csrss.exe to my computer? please i need your help. thank you very much!