Global Search

Not sure what a file is? Sort through the possibilities with a quick search of all of the lists.
Or get more accurate results by browsing and searching by list.
CLSID List Results
BHOs, Toolbars, SHs, Explorer Bars

CLSID Name Filename Description Status
{92617934-9ABC-DEF0-0FED-FAD48C654321}(no name)csrss.dllGoldun.C trojanX BHO
{I63I1187-MI57-Q313-WR01-GP8AVJ8II48T}(no name)csrss.exeInfostealer trojan, detected as BDS/Agent.339968X BHO
Startup List Results
Startup Entry

Name Filename Description Status
WinXP-98CSRSS.exeAdded by the Troj/Banker-DS TROJAN! Note: Located in \%Program Files%\WinXP-98\Tools\ Note: Do not remove the legitimate program file in \%WINDIR%\System32\X
auto_updatecsrss.exeAdded by the W32.SillyFDC WORM! Note: Located in \%Program Files%\microsoft frontpage\X
2csrss.exeAdded by the Mal/Behav-043 MALWARE! Note: Located in \%Documents and Settings%\ Note: Do not remove the legitimate program file in \%WINDIR%\System32\ Note: This entry is loaded through one of the "Policies" startup keys.X
1csrss.exeAdded by the Mal/Behav-043 MALWARE! Note: Located in \%Program Files%\microsoft frontpage\ Note: Do not remove the legitimate program file in \%WINDIR%\System32\ Note: This entry is loaded through one of the "Policies" startup keys.X
winlogoncsrss.exeIdentified as Trojan-Proxy.Win32.Agent.kj. Note: Located in \%WINDIR%\X

O23 List Results
Windows Services

Name Filename Description Status
Client Server Runtime Procescsrss.exeAdded by the WORM_SDBOT.BTI WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: Malicious activitiesread the topic. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.X
Client Server Runtime Processcsrss.exeMicrosoft Client Server Runtime ProcessL
Client/Server Runtime Server Subsystem (CSRSS)csrss.exeW32/IRCBot-UN Note: Located in %windir%, not to be confused with the legitimate file in %windir%\system32 (%windir%\system on windows 98/ME) Note: Read the link, allows remote access and steals informationX
Clients Server Runtime Processcsrss.exeAdded by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR% This is not the legitimate Windows Process. (Which is found in the System32 folder.)X
Clients Server Runtime Process (Windows Internet)csrss.exeAdded by the W32/Sdbot-CPF WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder.X

SEH List Results
ShellExecuteHook

CLSID Name Filename Description Status
{3495D328-661A-4FB0-BA67-8ACDD1704D1E}(no name)%SYSDIR%\jh.dll, rx.dll, 9222.dll, 102.dll, 236245.dll, CSRSS.dllPassword stealer trojan of Chinese origin, detected as TSPY_ONLINEGA.PLX
Drivers List Results
Driver Entry

Name Filename Description Status
QTUpdatecsrss.exeRelated to csrss.exe Wireshark Antivirus. Note: Do not remove the legitimate csrss.exe file which is always found in \%WINDIR%\%System%\X
Mozilla Mailcsrss.exeInfostealer trojan, detected by Avira as "TR/Dishigy.A.23"X
Prefecturecsrss.exeAdded by the csrss.exe Infostealer trojan, detected by Microsoft as Trojan:Win32/Dishigy.gen!A Note: Do not remove the legitimate (csrss.exe) file which is always found in \%Windir%\%System%\X
Active Setup List Results
Active Setup - Installed Component

CLSID Name Filename Description Status
{V138V1E4-RGJQ-I1K5-T4OJ-787I24WM8KJL}(no name)csrss.exeInfostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see hereX
{5F41UKUK-02W7-KE6C-D1N0-GU1J320F2KHF}(no name)csrss.exeInfostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see hereX
{105HDHXL-D44V-4XQU-6PI5-3HTK44B6742J}(no name)csrss.exeInfostealer trojan, detected by Microsoft as VirTool:MSIL/Injector.gen!I - also see hereX
{B0SO8400-0R81-K252-PI5N-N78TR3OXWUY2}(no name)csrss.exeInfostealer trojan, detected by Microsoft as Backdoor:Win32/Xtrat.A - also see hereX
{K3TI3TEF-J5S1-8W1K-H103-7F8FTE4L41W5}(no name)csrss.exeInfostealer trojan, detected by Microsoft as Worm:Win32/Rebhip.A - also see hereX

Powered by SystemLookup Engine. © 2008-2018 BrightFort. All Rights Reserved. | Privacy Policy | Terms of Use