Alright, I ran the Trend Micro online virus scanner and it ran across my csrss.exe file being infected. Obviously I can't just delete it. I checked out the folder it's in and came across a file called csrss.exe.manifest file as well. I'm not sure what this means. I checked out the source in notepad and here's what I got:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0"
processorArchitecture="X86" name="HybridDesign.WindowsXP.Example"
type="win32" /> <description>Windows Core Component Kernel32 -
Evil Karma is GOD ;).</description> <dependency>
<dependentAssembly> <assemblyIdentity type="win32"
name="Microsoft.Windows.Common-Controls" version="6.0.0.0"
processorArchitecture="X86" publicKeyToken="6595b64144ccf1df"
language="*" /> </dependentAssembly> </dependency> </assembly>

If you look closely, you can see "Evil Karma is GOD ;)" in there, leading me to assume something is amiss. Before I attempt to repair it or download a virus scanner that can clean it, does anyone have any suggestions?

Thanks.
~Hypoxide

Hi there,

There are 2 viruses that I found through google that tamper with the csrss.exe the first one
is the Melare worm (http://vil.mcafee.com/dispVirus.asp?virus_k=100306) and the second one is the ladex worm (http://www.viruslist.com/eng/viruslist.html?id=51071) .

For removal instructions you can check out the websites they give you the way to do it but you best use some antivirus program like symantec antivirus or Mcafee , or Sophos or f-secure (need I go on :D )
then you don't have to do all that work ;)

The melare worm is low risk and spreads through mail mostly ..the other is a bit more serious and uses (or tries to use shares)

Hope this helps a little

C.

Thank you kindly. :)