CSRSS.EX_ possible virus

Soldato
Joined
21 Aug 2006
Posts
7,512
Hi Guys

Last couple of days i've been getting an error message at startup on my work PC saying that CSRSS.EX_ failed to run. Just as well cos a little internet searching tells me it is a Trojan!!!

csrss.exe in the sytem32 folder is a legit service and runs in task manager fine, however the CSRSS.EX_ instance is found in the C:\I386 folder and fortunately fails to initialise.

What should i do to get rid of it or should i just tell IT to sort it out? Running a McAfee scan now.

Hoping it's just spyware :(
 
IT should already know if they have a decent virus system. You shouldnt have had any warning though as the virus/exe should have been blocked/deleted.

Ring IT
 
No hits on virus scanner - right o, better hide msn, skype, chrome and opera then :rolleyes:

Or i could install Ad-aware and run that first?
 
No hits on virus scanner - right o, better hide msn, skype, chrome and opera then :rolleyes:

Or i could install Ad-aware and run that first?

Sounds like your IT department actually need to sort out their user restriction policies.

Allowing end-users to download/install/run what they like?

Moronic IT department deserves all the Virii it gets.
 
Sounds like your IT department actually need to sort out their user restriction policies.

Allowing end-users to download/install/run what they like?

Moronic IT department deserves all the Virii it gets.

this. if your users so much as go on a site with dodgy temp files they get blocked/deleted and we get warnings. Thats if the site manages to get through the strict category filer
 
Is this def a virus cos it doesnt give me the error message anymore and Adaware, SuperAntiSpyware and McAfee dont pick it up?

McAfee is ****. It might not be adware. Just a virus. When i switched from McAfee to NOD32 it found about 3 viruses on my machine. (that was luckily a few years ago now)
 
When my work network got hit by a virus we would get the same 'failed to run...' message on boot up but only because IT had already removed the virus but for some reason the startup links were still there.

Don't know a huge amount about the subject but it certainly sounds like a similar situation, feel free to ignore if I'm talking poo ;)
 
Just to update, MBAM found one suspicious file in the registry which it claims is a trojan but is actually the logon scripts using wkix32 (kixtart.org).
 
Back
Top Bottom