Wednesday, November 10, 2010

what is Csrss.exe and how to Removal

Posted by OurTech Team | Wednesday, November 10, 2010 | Category: , , , |

What is Csrss.exe?

Csrss.exe is the executable file for the Microsoft Client Server Runtime Server Subsystem. By default, this file is located, in the C:\Windows \System32 directory. This application has been used by every windows operating system since Windows NT to manage graphical instruction sets. Basically, Csrss.exe is a process controller which means that is can create, delete and schedule threads as needed. Threads are the smallest piece of executable that can be scheduled for a processor. Processes are functions and sub-routines that perform tasks and are usually made up of many different threads. Hence, the need for a controller.
Csrss.exe is an essential part of the windows operating system and deleting it can cause stop errors which is the infamous “Blue Screen of Death”.

Can Csrss.exe be a Virus or Trojan?

Yes, there is at least one Trojan that disguises itself as the csrss.exe process controller that can allow hackers to access your computer remotely and steal private information such as credit card numbers, bank data, birth dates and passwords. Some viruses, spyware and worms can also disguise themselves as csrss.exe. One example is the Nimda.E virus.
You may have a Trojan, virus or other malware if there is more than one instance of csrss.exe running on your machine. You can check to see what processes are running by opening the task manager. Open the Task Manager by pressing Ctrl + Alt + Delete or right click on the task bar and select Task Manager as shown below.
image 1
Next, click on the Process tab. Then click on Image Name to list the running processes in alphabetical order to see if there is more than one instance running. Depending on what version of windows you are using, the list should look something like the picture below.
You can see that there is only one csrss.exe instance running on this machine and it is using approximately 1% of the processor capacity and 7,388 K of memory. So, there is no Trojan disguising itself as csrss.exe.
If there is more than one instance running, you will need to delete any file named csrss.exe that is NOT located in the C:\Windows \System32 directory.

What does it mean if you receive a Csrss.exe Error?

The most common error is “The csrss.exe file is using 99%, 100%, or other high abnormal percentage of CPU.”

Cause of the Error

This error is usually caused by the user profile that you logged in with getting corrupted.

How to Fix the Problem

To fix the problem you will need to delete and recreate the corrupted user profile.
IMPORTANT: Deleting and recreating the user profile will delete the following folders: my documents folder, files stored on the desktop, email files, address book and favorites folder. Be sure to back ALL of these items up before you delete the user’s profile.
  1. Once everything is backed up:
  2. Log off as the user and log on as a system administrator
  3. Right click My Computer either on the Desktop or on the Start Menu
  4. Select Properties
  5. Display the Advanced Tab and click on Settings as show below
image 3
6. Highlight the corrupted profile and click Delete.
The next time you log onto windows a new user profile will be created and you can restore the files to it that you backed up earlier.


First, make sure your system is clean. Download and run Download SpyHunter's* Malware Scanner..
You should scan your computer with a good virus and malware program and configure it for continuous scanning to prevent Trojans, viruses, spyware and worms from taking up residence on your hard drive.
Computers are just like most other electronic equipment. They need periodic maintenance tasks performed. You should do a complete registry scan and cleaning as part of your routine computer maintenance. Scanning the registry once a month is fine. A good anti-virus program and periodic registry cleaning should prevent most errors.
 Khaled Alfaiomi

Currently have 1 Comments:


Leave a Reply