Adlice forum

General Category => General Discussion => Topic started by: AnnaJohansen on October 31, 2016, 10:44:32 PM

Title: two instances of csrss.exe
Post by: AnnaJohansen on October 31, 2016, 10:44:32 PM

Hi. i need som advice.

I have two csrss exe files in two different places on my computer. one in this folder:
C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.14393.0_none_86584f52fac852b3

and the other in system 32.
gmer detects one of them as rootkit/malware. but none of my other virusprograms finds anything. can i trust gmer and how will i know for sure if this is a problem?

Title: suspicious registrykeys
Post by: AnnaJohansen on October 31, 2016, 11:03:39 PM

HKEY_CLASSES_ROOT\cryptpko.cryptpko1
HKEY_CLASSES_ROOT\cryptsig.cryptsig1

THEY ARE IN EVERY CATEGORY OF THE REGISTRY

i read that this is dangerous registrykeys and wonder if it is so

Title: Re: two instances of csrss.exe
Post by: Curson on October 31, 2016, 11:48:49 PM

Hi Anna,

For clarifications, I've merged your two topics into this one.

Quote from: Anna

I have two csrss exe files in two different places on my computer. one in this folder:
C:\Windows\WinSxS\amd64_microsoft-windows-csrss_31bf3856ad364e35_10.0.14393.0_none_86584f52fac852b3
[...]
gmer detects one of them as rootkit/malware. but none of my other virusprograms finds anything. can i trust gmer and how will i know for sure if this is a problem?

There may be multiple running instances of the same process.
Please post GMER report in your next reply.

Quote from: Anna

HKEY_CLASSES_ROOT\cryptpko.cryptpko1
HKEY_CLASSES_ROOT\cryptsig.cryptsig1

These keys are linked to the Crypto PKO and Crypto Sign extensions (CryptExt.dll by Microsoft).
You don't have to worry about them.

Regards.

Title: Re: two instances of csrss.exe
Post by: AnnaJohansen on November 01, 2016, 02:07:57 AM

okey. thanks for the answer:) im feeling safe now:)

Title: Re: two instances of csrss.exe
Post by: Curson on November 01, 2016, 01:15:01 PM

Hi Anna,

You are welcome.

Regards.