CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars
BHOs, Toolbars, SHs, Explorer Bars
CLSID | Name | Filename | Description | Status |
{92617934-9ABC-DEF0-0FED-FAD48C654321} | (no name) | csrss.dll | Goldun.C trojan | X BHO |
{I63I1187-MI57-Q313-WR01-GP8AVJ8II48T} | (no name) | csrss.exe | Infostealer trojan, detected as BDS/Agent.339968 | X BHO |
Startup List Results
Startup Entry
Startup Entry
Name | Filename | Description | Status |
WinXP-98 | CSRSS.exe | Added by the Troj/Banker-DS TROJAN! Note: Located in \%Program Files%\WinXP-98\Tools\ Note: Do not remove the legitimate program file in \%WINDIR%\System32\ | X |
auto_update | csrss.exe | Added by the W32.SillyFDC WORM! Note: Located in \%Program Files%\microsoft frontpage\ | X |
2 | csrss.exe | Added by the Mal/Behav-043 MALWARE! Note: Located in \%Documents and Settings%\ Note: Do not remove the legitimate program file in \%WINDIR%\System32\ Note: This entry is loaded through one of the "Policies" startup keys. | X |
1 | csrss.exe | Added by the Mal/Behav-043 MALWARE! Note: Located in \%Program Files%\microsoft frontpage\ Note: Do not remove the legitimate program file in \%WINDIR%\System32\ Note: This entry is loaded through one of the "Policies" startup keys. | X |
winlogon | csrss.exe | Identified as Trojan-Proxy.Win32.Agent.kj. Note: Located in \%WINDIR%\ | X |
O23 List Results
Windows Services
Windows Services
Name | Filename | Description | Status |
Client Server Runtime Proces | csrss.exe | Added by the WORM_SDBOT.BTI WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: Malicious activitiesread the topic. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. | X |
Client Server Runtime Process | csrss.exe | Microsoft Client Server Runtime Process | L |
Client/Server Runtime Server Subsystem (CSRSS) | csrss.exe | W32/IRCBot-UN Note: Located in %windir%, not to be confused with the legitimate file in %windir%\system32 (%windir%\system on windows 98/ME) Note: Read the link, allows remote access and steals information | X |
Clients Server Runtime Process | csrss.exe | Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR% This is not the legitimate Windows Process. (Which is found in the System32 folder.) | X |
Clients Server Runtime Process (Windows Internet) | csrss.exe | Added by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. | X |
SEH List Results
ShellExecuteHook
ShellExecuteHook
CLSID | Name | Filename | Description | Status |
{3495D328-661A-4FB0-BA67-8ACDD1704D1E} | (no name) | %SYSDIR%\jh.dll, rx.dll, 9222.dll, 102.dll, 236245.dll, CSRSS.dll | Password stealer trojan of Chinese origin, detected as TSPY_ONLINEGA.PL | X |
Drivers List Results
Driver Entry
Driver Entry
Name | Filename | Description | Status |
QTUpdate | csrss.exe | Related to csrss.exe Wireshark Antivirus. Note: Do not remove the legitimate csrss.exe file which is always found in \%WINDIR%\%System%\ | X |
Mozilla Mail | csrss.exe | Infostealer trojan, detected by Avira as "TR/Dishigy.A.23" | X |
Prefecture | csrss.exe | Added by the csrss.exe Infostealer trojan, detected by Microsoft as Trojan:Win32/Dishigy.gen!A Note: Do not remove the legitimate (csrss.exe) file which is always found in \%Windir%\%System%\ | X |
Active Setup List Results
Active Setup - Installed Component
Active Setup - Installed Component
CLSID | Name | Filename | Description | Status |
{V138V1E4-RGJQ-I1K5-T4OJ-787I24WM8KJL} | (no name) | csrss.exe | Infostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see here | X |
{5F41UKUK-02W7-KE6C-D1N0-GU1J320F2KHF} | (no name) | csrss.exe | Infostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see here | X |
{105HDHXL-D44V-4XQU-6PI5-3HTK44B6742J} | (no name) | csrss.exe | Infostealer trojan, detected by Microsoft as VirTool:MSIL/Injector.gen!I - also see here | X |
{B0SO8400-0R81-K252-PI5N-N78TR3OXWUY2} | (no name) | csrss.exe | Infostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see here | X |
{K3TI3TEF-J5S1-8W1K-H103-7F8FTE4L41W5} | (no name) | csrss.exe | Infostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see here | X |