Question about Microsoft Windows XP Professional

1 Answer

Csrcs.exe spyware My PC constantly wants to connect to the internet by itself. By Google search I eventually figured it out to be the csrcs.exe file that runs on my PC. I've tried all the removal techniques described over the net to get rid of this pest, but to no avail. Sooner or later the pesky thing reappears on my PC. And yes all my antivirus software is active, running and up to date. I've tryed AVG and Bitdefender. Neither of these protect me against csrcs.exe. Firewall is active as well. Newest windows updates installed. I find this problem on both my PC's, one running XP and the other Vista Home Premium. Any suggestions how to protect my PC against this....?

Posted by on

  • Vitriniet Jan 13, 2009

    Thanks. Will try it out and let you know.

  • Vitriniet Jan 14, 2009

    Found another entry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\WinLogon



    In the righthand pane search for Shell. The value should be "explorer.exe". Mine was "explorer.exe csrcs.exe". Just delete the last part.

×

1 Answer

  • Level 2:

    An expert who has achieved level 2 by getting 100 points

    All-Star:

    An expert that got 10 achievements.

    MVP:

    An expert that got 5 achievements.

    Vice President:

    An expert whose answer got voted for 100 times.

  • Expert
  • 323 Answers

This was posted via symantec: link:

http://www.symantec.com/security_response/writeup.jsp?docid=2003-053013-5943-99&tabid=3

  1. Click Start > Run.
  2. Type regedit
  3. Click OK.

    Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.

  4. Click OK.

  5. In the Registry Editor, navigate to the following subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    RunOnce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
    RunServices
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
    RunServices
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
    RunOnce
    HKEY_CURRENT_USER\Software\Microsoft\OLE

  6. In the right pane, delete any values that refer to the file names that were detected.

  7. Navigate to the subkeys:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger

  8. In the right pane, reset the original value, if known:

    "Start" = "4"

  9. Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

  10. In the right pane, reset the original value, if known:

    "restrictanonymous" = "1"

  11. Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\
    parameters
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\
    parameters

  12. In the right pane, reset the original values, if known:

    "AutoShareWks" = "0"
    "AutoShareServer" = "0"

  13. Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

  14. In the right pane, reset the original value, if known:

    "DoNotAllowXPSP2" = "1"

  15. Navigate to the subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE

  16. In the right pane, reset the original value, if known:

    "EnableDCOM" = "N"

  17. Navigate to and delete the following subkeys, if present:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BoolTern
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BOOLTERN
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rdriv
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_RDRIV

  18. Exit the Registry Editor.

5. To delete the zero-byte files from the Startup folder
Follow the instructions for your version of Windows:

Note: There may be legitimate files on your system that start with "tftp." Delete only the zero-byte files from the Startup folder.

To delete zero-byte files in Windows 95/98/Me/NT/2000
  1. On the Windows taskbar, click Start > Find (or b) > Files or Folders.
  2. Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
  3. In the "Named" or "Search for..." box, type, or copy and paste, the following file name:

    tftp*.*

  4. Click Find Now or Search Now.
  5. Delete the files that are zero bytes in size and contained within any folder whose name ends with "Startup."

To delete zero-byte files in Windows XP
  1. On the Windows taskbar, click Start > Search.
  2. Click All files and folders.
  3. In the "All or part of the file name" box, type, or copy and paste, the following file name:

    tftp*.*

  4. Make sure that "Look in" is set to "Local Hard Drives" or to (C:).
  5. Click More advanced options.
  6. Check Search system folders.
  7. Check Search subfolders.
  8. Click Search.
  9. Delete the files that are zero-bytes in size and contained within any folder whose name ends with "Startup."

6. To reenable the SharedAccess service (Windows 2000/XP only)
The SharedAccess service is responsible for maintaining Internet Connection Sharing and the Windows Firewall/Internet Connection Firewall applications in Windows. (The presence and names of these applications vary depending on the operating system and service pack you are using.) To protect your computer and maintain network functionality, re-enable this service if you are using any of these programs.


Windows XP Service Pack 2
If you are running Windows XP with Service Pack 2 and are using the Windows Firewall, the operating system will alert you when the SharedAccess service is stopped, by displaying an alert balloon saying that your Firewall status is unknown. Perform the following steps to ensure that the Windows Firewall is re-enabled:
  1. Click Start > Control Panel.

  2. Double-click the Security Center.

  3. Ensure that the Firewall security essential is marked ON.

    Note: If the Firewall security essential is marked on, your Windows Firewall is on and you do not need to continue with these steps.

    If the Firewall security essential is not marked on, click the "Recommendations" button.

  4. Under "Recommendations," click Enable Now. A window appears telling you that the Windows Firewall was successfully turned on.

  5. Click Close, and then click OK.

  6. Close the Security Center.


Windows 2000 or Windows XP Service Pack 1 or earlier
Complete the following steps to re-enable the SharedAccess service:
  1. Click Start > Run.
  2. Type services.msc

    Then click OK.

  3. Do one of the following:
    • Windows 2000: Under the Name column, locate the "Internet Connection Sharing (ICS)" service and double-click it.
    • Windows XP: Under the Named column, locate the "Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)" service and double-click it.

  4. Under "Startup Type:", select "Automatic" from the drop-down menu.

  5. Under "Service Status:", click the Start button.

  6. Once the service has completed starting, click OK.

  7. Close the Services window.

Posted on Jan 13, 2009

1 Suggested Answer

6ya6ya
  • 2 Answers

SOURCE: I have freestanding Series 8 dishwasher. Lately during the filling cycle water hammer is occurring. How can this be resolved

Hi,
a 6ya expert can help you resolve that issue over the phone in a minute or two.
best thing about this new service is that you are never placed on hold and get to talk to real repairmen in the US.
the service is completely free and covers almost anything you can think of (from cars to computers, handyman, and even drones).
click here to download the app (for users in the US for now) and get all the help you need.
goodluck!

Posted on Jan 02, 2017

Add Your Answer

Uploading: 0%

my-video-file.mp4

Complete. Click "Add" to insert your video. Add

×

Loading...
Loading...

Related Questions:

1 Answer

Csrcs.exe removal


Steps to remove this virus:

1. Scan the system with a good and updated Anti Virus.

2. Open Task Manager, locate this exe (csrcs.exe or csrsc.exe but not csrss.exe), and kill the process.

3. Now type msconfig in the Run box, and then go to startup tab.

4. Locate this exe file, if any, and then remove it from there as well.

5. Now search the file in the C: drive.

6. Permanently delete the file (csrcs.exe or csrsc.exe only) from the computer.

7. Reboot the PC for changes to take place.

After doing the above steps, you need to clean the registry as well.

  1. Navigate toHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\
  2. On the right side, there is a key named "Shell", it may be having a value "explorer.exe csrcs.exe". Just modify it to delete the csrcs.exe from it (not explorer.exe). Restart the computer

Mar 20, 2011 | Microsoft Computers & Internet

1 Answer

Windows can not find csrcs.exe


Hi

Thank you for your query

You have a virus on your PC

Please carry out the following steps to remove it, please do not confuse csrcs for csrss which is a valid windows file

:
1. Scan the system with a good and updated Anti Virus.
2. Open Task Manager, locate this exe (csrcs.exe or csrsc.exe but not csrss.exe), and kill the process.
3. Now type msconfig in the Run box, and then go to startup tab.
4. Locate this exe file, if any, and then remove it from there as well.
5. Now search the file in the C: drive.
6. Permanently delete the file (csrcs.exe or csrsc.exe only) from the computer.
7. Reboot the PC for changes to take place.
UPDATE
After doing the above steps, you need to clean the registry as well.
  1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\
  2. On the right side, there is a key named “Shell”, it may be having a value “explorer.exe csrcs.exe”. Just modify it to delete the csrcs.exe from it (not explorer.exe). Restart the computer
Please finally re do a virus scan to ensure it has gone


If this has been useful please leave postive feedback/vote/testimonial - Thank You Again

Feb 16, 2010 | HP Computers & Internet

1 Answer

Csrcs.exe


Hi,ist a kind of a spyware which is bothering you so get rid of it follow the link and you will have all your answer I hope.
http://www.spywareremove.com/removecsrcsexe.html

Feb 01, 2010 | Computers & Internet

1 Answer

Troians Problem


Hi friend,,,,, First check CCleaner,software.
or go to run type regedit and find
HKEY_ LOCAL _ MACHINE\ Software\Microsoft\Windows NT\Current Version\Winlogon\

Here u will find a key with the name "shell" check whether the value of the key is something like " explorer.exe csrcs.exe " if u found 'csrcs.exe ' alone.delete it and restart thats all....a back up before doing this is good... thank u...please rate it

Nov 10, 2009 | Computers & Internet

1 Answer

When I scanned by System through Norten Antivirus........it diagnosed that csrcs.exe file/virus exists and must be cleaned/quarantined....so i quarantined it...when I started my system ..... after booting...


Its not a system file.
Try following

  • START-RUN,type there regedit(this will open system registry)
  • ctrl+F
  • Write csrcs(search now)
It'll show you some results, you'll find there "csrcs.exe",just delete it immediately.

If Its not over yet, again do the same search you may see "explorer.exe csrcs.exe" , left click then modify and remove the csrcs.exe part(leave the explorer.exe as it is)

Oct 04, 2009 | Dell Computers & Internet

1 Answer

I would like to know why I continually lose connection while playing YoVille game on Facebook? I'm usually in the middle of a game, and it says I need to refresh, which causes me to loose coins. I asked...


Hi,

The free file information forum can help you find out if csrcs.exe is a virus, trojan, spyware, adware which you can remove, or a file belonging to a Windows system or an application you can trust.
csrcs.exe file information
The process belongs to the software CSRCS.EXE by unknown.
Description: File csrcs.exe is located in the folder C:WindowsSystem32.
Program has no file description. The program is not visible. The file is located in the Windows folder, but it is not a Windows core file. HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce, HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunonce).
It is not a Windows system file. Program listens for or sends data on open ports to LAN or Internet. csrcs.exe is able to hide itself, monitor applications. Therefore the technical security rating is 100% dangerous.
Important: Some malware camouflage themselves as csrcs.exe, particularly if they are located in c:windows or c:windowssystem32 folder. Thus check the csrcs.exe process on your pc whether it is pest. We recommend Security Task Manager:
http://www.neuber.com/taskmanager/index.html?ref=file.net
for verifying your computer's security.
If this information is useful, please mark as helpful. Thanks

Oct 03, 2009 | Microsoft Windows XP Home Edition

3 Answers

Windows cannot find file csrcs.exe


File csrcs.exe is located in the folder C:\Windows\System32.
Program has no file description. The file is not a Windows system file. The application is loaded during the Windows boot process.
The program is not visible. It is an unknown file in the Windows folder. Program listens for or sends data on open ports to LAN or Internet. csrcs.exe is able to monitor applications, hide itself, record inputs, manipulate other programs. Therefore the technical security rating is 86% dangerous.
It simply means, "It is very dangerous"

Try these steps to remove it.

Click on START-RUN,
type regedit (it will open the registry editor)
Press Ctrl+F
type "csrcs" (without quotes) and click on Search It'll show you some results, where you'll find "csrcs.exe" delete it immediately.

Again do the same search you may see "explorer.exe csrcs.exe" , right click then modify and remove the csrcs.exe part (leave the explorer.exe as it is)

Hurray !!! you have removed csrcs.exe
Restart your system and see it for yourself


Don't forget to give feedback

Sep 05, 2009 | Computers & Internet

3 Answers

To get rid csrcs.exe. file


Find and Detect csrcs.exe on your PC. to find the file click search and put the file name and thn find its location from there and delete it. Remove, Uninstall and Get Rid of csrcs.exe

Jul 07, 2009 | Microsoft Windows XP Professional

2 Answers

CSRCS.exe


Hello,

My research of that file name indicates it is most likely a trojan of some sort. If it is missing, your antivirus probably removed it.

To remove the message, open MSConfig and goto the startup tab. Uncheck the item associated with CSRCS.exe

If you have windows 2000 you will need to find a copy of MSConfig from the internet.

Good Luck.

Jun 20, 2009 | Microsoft Windows XP Professional

13 Answers

Csrcs.exe file messege I am receivng when I start or restart the system how can I solve this problem


What you do is START->Run. Then write "regedit". The registry editor will open. Press Ctrl+F (make sure you have "My Computer" highlited) and write "csrcs". The program will search for the entry and will find some entries: if you find a "csrcs" entry alone, delete it. If you find an entry "Explorer.exe csrcs.exe" modify it (right click->modify) and remove the "csrcs.exe" part. 

Oct 22, 2008 | Computers & Internet

Not finding what you are looking for?
Microsoft Windows XP Professional Logo

673 people viewed this question

Ask a Question

Usually answered in minutes!

Top Microsoft Computers & Internet Experts

micky dee

Level 3 Expert

2644 Answers

Les Dickinson
Les Dickinson

Level 3 Expert

18381 Answers

Brian Sullivan
Brian Sullivan

Level 3 Expert

27725 Answers

Are you a Microsoft Computer and Internet Expert? Answer questions, earn points and help others

Answer questions

Manuals & User Guides

Loading...