avast has just given me this warning, and i’m really not sure if it is a false alarm or not.
i asked a friend about a virus getting into this file in c:\windows and he said if it is a virus it would slow down your computer and it would use 100% of its capacity in almost 10 hours.
avast has given this warning again, and it has been 9 hours ever since i first saw it. what should i do, i probably shouldn’t delete it but should i ignore it?
i really don’t know about these stuff, but here you go, the virustotal results:
SHA256: f112191239fc5a931d66b0c4764679b45822045a54cd5227e950117ce40e02dd
File name: csrss.exe
Detection ratio: 0 / 43
Analysis date: 2012-02-02 17:17:32 UTC ( 0 minutes ago )
this was a regular scan done by avast itself at the background, the “suspicious file” thing popped up when i turned my computer on at 10 am. i ignored it first, and just chatted online with the friend i mentioned already. anyway, i went outside after 2 hours, returned home at 6 pm, now it’s 8 pm here, the warning popped up again, still no slowdowns.
i have no problems yet, i don’t give a damn about losing my info or so but i have some important docs and family pictures etc, so i really don’t want to format the computer at all.
the reported location was c:\windows, the operating system is… windows.
10 hours from first warning, still the same cpu usage level, no different behaviors, seems better than ever.
there is no real problem yet, just the warnings. i’m almost sure right now it was a false alarm, but dave, you seem to know a lot more than me (for sure), so if there is any other possibility i’m listening to you.
Format is an option of last resort and we are no where near that. Backup should be a routine and not a last minute decision when a problem rears its head. Though I suspect that given what you have said it may be a false positive (and why I said don’t delete, but choose ignore).
Windows what, win2k, XP, Vista, win7 ?
In winXP the csrss.exe file is in c:\windows\system32\ folder and I’m not getting any alert on the anti-rootkit scan (8 minutes after boot).
I have win7 starter (32bit) on my netbook and csrss.exe is in c:\windows\system32, so I don’t know if you have win7 64bit and if that might be different.