Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: US charges Samourai cryptomixer founders for laundering $100 million

Featured Deal: A one-year Sam's Club membership is only $14 now

Latest Buyer's Guide: How to setup a VPN on your router: Detailed walkthrough

csrss.exe issue

Started by PatL , Mar 29 2021 08:35 AM

Prev

Please log in to reply

17 replies to this topic

#16 PatL

Topic Starter

Members
355 posts
OFFLINE

Local time:09:27 PM

Posted 02 April 2021 - 10:01 PM

This is the csrss.exe

https://www.virustotal.com/gui/file/39525caad5d0a379fc906e359fac9983e43459bf69dc878f934376e61dc6057b/detection

Back to top"> Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#17 cknoettg

BC Advisor
1,897 posts
OFFLINE

Gender:Male
Location:Delray Beach, FL
Local time:01:27 AM

Posted 03 April 2021 - 07:38 AM

This is just my opinion, but until software developers and management (and other stakeholders) get on board with making sure that security certificates are kept up-to-date, and implemented in a consistent fashion, we will always have this problem. (Or maybe they are on board, but do not have the time. I don't know).

Even for big companies like Microsoft and Dell (or maybe, ESPECIALLY for big companies?), sometimes the certificates are up-to-date, sometimes they're not. Sometimes applications are signed, sometimes they are not. Even within the same company. I see it every single day.

If you type 'certmgr' into the Windows 10 search bar, and open Manage Computer Certificates, what do you see listed for Untrusted Certificates?

Even a "clean" version of csrss.exe may have the same issue.

Because I am a glutton for punishment, I'm going to delete csrss.exe on my working machine, see what happens and report back.

Edit 1: Better yet: if you right-click csrss.exe, go to Properties, and select Digital Certificates, what does it list for certificate. Mine is currently dated 9-2020, with an expiration date of 1-22-2021 (i.e.: "in the past," "already expired"....smh), and yet no warnings would probably ever be generated, because, by dog it, it is signed from Microsoft, a Trusted Publisher.

Edit 2: What does Details tab say when you right-click csrss.exe? What does Version History say?

Edit 3: Let me preface this by saying that one does not simply delete a major system file like csrss.exe. It is not a right-click and delete operation.

But the result was as expected: I deleted it, rebooted the computer, and Windows automatically recreated it - exact same version/date, exact same certificate.

High-level steps for deleting it (which likely won't solve your problem):

Change ownership of file from TrustedInstaller to yourself

Reboot into the Advanced Windows Boot Options Menu (or whatever they call it nowadays) - Shift -> Restart is my favorite way of getting there from inside of Windows

Select the Command Prompt option, and delete it via command prompt ( del /f csrss.exe)

Reboot

My desktop icons were gone for a second while it was busy recreating the file, but no ill effects that I can tell.

Edited by cknoettg, 03 April 2021 - 08:17 AM.

Microsoft MCE, CASP+, Linux+, Server+, Cloud+, Certified Forensic Computer Examiner