Results 1 to 3 of 3

Thread: cscrss.exe Backdoor Virus?

  1. #1
    Junior Member
    Join Date
    Jul 2003

    cscrss.exe Backdoor Virus?

    Alright, I ran the Trend Micro online virus scanner and it ran across my csrss.exe file being infected. Obviously I can't just delete it. I checked out the folder it's in and came across a file called csrss.exe.manifest file as well. I'm not sure what this means. I checked out the source in notepad and here's what I got:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="" 
    processorArchitecture="X86" name="HybridDesign.WindowsXP.Example" 
    type="win32" /> <description>Windows Core Component Kernel32 - 
    Evil Karma is GOD ;).</description> <dependency> 
    <dependentAssembly> <assemblyIdentity type="win32" 
    name="Microsoft.Windows.Common-Controls" version="" 
    processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" 
    language="*" /> </dependentAssembly> </dependency> </assembly>
    If you look closely, you can see "Evil Karma is GOD " in there, leading me to assume something is amiss. Before I attempt to repair it or download a virus scanner that can clean it, does anyone have any suggestions?


  2. #2
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Hi there,

    There are 2 viruses that I found through google that tamper with the csrss.exe the first one
    is the Melare worm and the second one is the ladex worm .

    For removal instructions you can check out the websites they give you the way to do it but you best use some antivirus program like symantec antivirus or Mcafee , or Sophos or f-secure (need I go on )
    then you don't have to do all that work

    The melare worm is low risk and spreads through mail mostly ..the other is a bit more serious and uses (or tries to use shares)

    Hope this helps a little

    Back when I was a boy, we carved our own IC's out of wood.

  3. #3
    Junior Member
    Join Date
    Jul 2003
    Thank you kindly.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts