Just wanting to know what this is: crypserv.exe (PID: 2528) [WD-HEUR]
Anytime that I run “rkill” it keeps finding this and deletes it. It classifies it as a virus? I rarely ever run “rkill,” but when I do it always finds this and deletes it.
What is it and what does it do? ???
Thanks for your time.
Just Google> crypserv.exe
You will get the info you want. 
hello
you downloaded from the official website, it is probably safe
if downloaded from another source then the possibility to be infected
http://www.bleepingcomputer.com/download/rkill/
Furthermore this is a tool that should only be used with instruction malware removal, given that very complex
send the file to analyze +40 scanners
Just wanting to know what this is: [b]crypserv.exe[/b] (PID: 2528) [WD-HEUR]Upload and test the file at one of these places www.virustotal.com / www.metascan-online.com / www.jotti.org
You may post link to scan result here
Thanks Pondus for the reply.
The name of the virus that I posted was not the copy of the actual virus. I copied the name from the log of deleted files on “rkill” logs. The file was already gone-so I cannot send the file to be checked.
But I thought that somebody might have seen this file type before and might know what it might be. Malwarebytes does not catch this file, neither does Avast or Hitman Pro. But rkill catches it. What’s odd, is that it re-occurs from time to time-maybe it’s not a virus? However, rkill thinks it is and deletes it?
I just cleaned my computer of some sort of virus which shut down Malwarebyte’s and Avast. I ran Hitman Pro, but it didn’t find the cause. When I ran Norton’s Power Eraser, it said my registry system has been changed-then reset it. This allowed me to access the Boot-up scan on Avast. Avast found four (4) corrupted files on Boot-up.
I tried to locate as to where Avast has it’s logs so that I could search the 4 corrupted files but could not find them. But anyway, the computer seemed to be fine, but decided to run rkill to make sure, and that’s when it came up with the copy of the file I posted here.
This isn’t the first time that I have seen this file. I have seen it before when rkill has deleted it in the past. I rarely ever run rkill unless I got something changing my system-which is rare also.
I do a lot of studies, therefore; I download a lot of educational information to study from using Evernote. I think that the virus came in at sometime, (piggybacking so-to-speak) on one of those downloads, by-passing the virus scanners. I’m writing a sci-fi novel, so I’m gathering a lot of information for the story.
The virus name I posted here, is a copy off of a deleted log file of names, therefore; the copy is only a copy of a log file-not being active. I don’t think the scanners will find anything from an inactive file name only? But if anyone happens to find any info on it I would appreciate it if you would let me know by posting me.
Thanks for your time my friends.
crypserv.exe (PID: 2528) [WD-HEUR]
This indicates that it is in memory and a heuristic detection… Probably a false positive
Thanks for your reply Schmidthouse and Jefferson Santiag. I appreciate your replies and thoughts.
Thanks again my friends.
Thanks for the reply essexboy.
If it’s in memory, can it be taken out completely so that it does not return?
Thanks for the reply.
No, as it is part of a programme that is running so there is nothing for you to get your teeth in. In my opinion it is a false positive and can be ignored
You’re welcome
No problem.
never made use of this tool cited
is a more aggressive strange behavior typical of malware
but could really be sure if I have them in hand.