Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

csrss.exe issue


  • Please log in to reply
17 replies to this topic

#1 PatL

PatL

  •  Avatar image
  • Members
  • 355 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 March 2021 - 08:35 AM

Hi guys I'm on the latest insider build and my csrss.exe has a 1 malware warning by it and an untrusted root certificate under details. my PC has no malware so I'm curious how do I replace csrss.exe with a clean version without reloading my system?



BC AdBot (Login to Remove)

 


#2 PhillPower2

PhillPower2

  •  Avatar image
  • BC Advisor
  • 3,494 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 29 March 2021 - 08:52 AM

Hello PatL

 

You could try the Windows 10 reset while keeping your files etc option, see MS info here


PSU guidance - 10 stripe - Johnny Lucky - PC Mech - PSU Review Database PSU Lemon List Which power supply do you need?

 

Due to differing time zones not all of us can always be around at the same time and on occasion there may be a delay between replies.

 

Please note that I do not respond to members who have previously abandoned - not concluded their earlier topics, the assistance here at BC is 100% free, please use this service and not abuse it, knowing the outcome good or bad is valuable information that we all may learn something from. 


#3 Rocky Bennett

Rocky Bennett

  •  Avatar image
  • Members
  • 6,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Mexico, USA
  • Local time:09:57 PM

Posted 29 March 2021 - 09:02 AM

What anti-virus are you running? If you are using an insider build you should disable all third party anti-virus software.


Mr. Rocky Bennett

Linux User and Windows 10 Lover.


#4 PatL

PatL
  • Topic Starter

  •  Avatar image
  • Members
  • 355 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 March 2021 - 09:07 AM

I am running Windows Defender with Malwarebytes Premium



#5 PatL

PatL
  • Topic Starter

  •  Avatar image
  • Members
  • 355 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 March 2021 - 09:09 AM

If I reset though I may as well do a clean install. I really don't want to do that though!


Edited by PatL, 29 March 2021 - 09:09 AM.


#6 PatL

PatL
  • Topic Starter

  •  Avatar image
  • Members
  • 355 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 March 2021 - 09:12 AM

VT list it as having a 1 infection and untrusted root certificate



#7 PhillPower2

PhillPower2

  •  Avatar image
  • BC Advisor
  • 3,494 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 29 March 2021 - 09:19 AM

You have been advised to post here by a malware removal expert and they would not have done that if it were not safe for us to help you.

 

Regarding the reset, did you read the information at the link provided, only Windows gets reinstalled and not your personal stuff, that said, you should never do anything such as a reset without backing up your personal data first in any event.

 

As an asides, Insider Previews are akin to Beta software and you will often get such glitches such as this, it comes with the territory.


PSU guidance - 10 stripe - Johnny Lucky - PC Mech - PSU Review Database PSU Lemon List Which power supply do you need?

 

Due to differing time zones not all of us can always be around at the same time and on occasion there may be a delay between replies.

 

Please note that I do not respond to members who have previously abandoned - not concluded their earlier topics, the assistance here at BC is 100% free, please use this service and not abuse it, knowing the outcome good or bad is valuable information that we all may learn something from. 


#8 PatL

PatL
  • Topic Starter

  •  Avatar image
  • Members
  • 355 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 March 2021 - 09:55 AM

I read about the reset. Unfortunately I tried that method before and bricked my device, so I'm wary to redo that tbh. I looked at the windows.old csrss.exe and it's clean but still has the untrusted root certificate. I'm going to assume this is a bug and not a super hacker coming after me and just relax on it for a bit.



#9 PhillPower2

PhillPower2

  •  Avatar image
  • BC Advisor
  • 3,494 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 29 March 2021 - 10:01 AM

I`m afraid that without carrying out what is effectively a repair installation learning to live with it until the next Insider Preview release may be your only option.

 

Question, why are you running Insider Preview in any event, those who do so long term are well aware of such issues.


PSU guidance - 10 stripe - Johnny Lucky - PC Mech - PSU Review Database PSU Lemon List Which power supply do you need?

 

Due to differing time zones not all of us can always be around at the same time and on occasion there may be a delay between replies.

 

Please note that I do not respond to members who have previously abandoned - not concluded their earlier topics, the assistance here at BC is 100% free, please use this service and not abuse it, knowing the outcome good or bad is valuable information that we all may learn something from. 


#10 PatL

PatL
  • Topic Starter

  •  Avatar image
  • Members
  • 355 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 March 2021 - 11:35 AM

Nasdaq actually wnts me to delete the file...I think if you delete it the system breaks. In regards to your question, I misread the information apparently and by the time I realized you can't opt out of or roll back from Developer builds, it was too late, oh well, such is life, right?

 

I am fine waiting till the next release really no big deal in my mind.


Edited by PatL, 29 March 2021 - 11:36 AM.


#11 PhillPower2

PhillPower2

  •  Avatar image
  • BC Advisor
  • 3,494 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 29 March 2021 - 11:48 AM

How to opt out of Insider Previews info here


PSU guidance - 10 stripe - Johnny Lucky - PC Mech - PSU Review Database PSU Lemon List Which power supply do you need?

 

Due to differing time zones not all of us can always be around at the same time and on occasion there may be a delay between replies.

 

Please note that I do not respond to members who have previously abandoned - not concluded their earlier topics, the assistance here at BC is 100% free, please use this service and not abuse it, knowing the outcome good or bad is valuable information that we all may learn something from. 


#12 PatL

PatL
  • Topic Starter

  •  Avatar image
  • Members
  • 355 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 March 2021 - 11:53 AM

Yeah I get that but once you install a developer build you must do a clean install and I don't want to have to re-download all my games/files again I don't have the bandwidth.



#13 PhillPower2

PhillPower2

  •  Avatar image
  • BC Advisor
  • 3,494 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 29 March 2021 - 11:59 AM

Not a nice position to be in, rather messy in fact, you really are stuck with waiting on the next preview build and with fingers crossed that it installs without issue.

 

Too late now but this is an example of why Windows should always be installed on it`s own partition away from other programs.


PSU guidance - 10 stripe - Johnny Lucky - PC Mech - PSU Review Database PSU Lemon List Which power supply do you need?

 

Due to differing time zones not all of us can always be around at the same time and on occasion there may be a delay between replies.

 

Please note that I do not respond to members who have previously abandoned - not concluded their earlier topics, the assistance here at BC is 100% free, please use this service and not abuse it, knowing the outcome good or bad is valuable information that we all may learn something from. 


#14 PatL

PatL
  • Topic Starter

  •  Avatar image
  • Members
  • 355 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 29 March 2021 - 12:02 PM

Yeah, it's not the end of the world but it is what it is you know?



#15 cyberwolfe

cyberwolfe

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:57 PM

Posted 02 April 2021 - 04:39 PM

Post the VirusTotal analysis results link showing the results of the CSRSS.EXE file in question.

It would be interesting to see the results and hashes.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users